[ovs-discuss] openssl1 client connects to ovsdb server, but client prints error.

Zhangkun (K) zhang.zhangkun at huawei.com
Tue Feb 2 07:39:39 UTC 2016


Hello together,

I test ovsdb, and uses openssl1 client to connect to ovsdb server. however, the client prints error information.
Is something wrong? Or why the client prints error?

openssl version : openssl1-1.0.1g-0.32.2

ovsdb server:
ovs-appctl -t ovsdb-server ovsdb-server/add-remote pssl:6632:9.62.1.19
ovs-vsctl set-ssl /home/private_key.pem /home/crt.pem /home/ca_crt.pem


linux-QumlCM:~ # openssl1 s_client -connect 9.62.1.19:6632
CONNECTED(00000003)
depth=1 C = CN, ST = ZJ, O = Hw, OU = Hw, CN = *.*.*.domainname.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
140135166002856:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1262:SSL alert number 40
140135166002856:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
Certificate chain
0 s:/C=CN/ST=ZJ/L=Hz/O=Hw/OU=Hw/CN=*.*.*.domainname.com
   i:/C=CN/ST=ZJ/O=Hw/OU=Hw/CN=*.*.*.domainname.com
1 s:/C=CN/ST=ZJ/O=Hw/OU=Hw/CN=*.*.*.domainname.com
   i:/C=CN/ST=ZJ/O=Hw/OU=Hw/CN=*.*.*.domainname.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDyzCCArOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJDTjER
MA8GA1UECBMIWmhlSmlhbmcxDzANBgNVBAoTBkh1YXdlaTEPMA0GA1UECxMGSHVh
d2VpMR0wGwYDVQQDFBQqLiouKi5kb21haW5uYW1lLmNvbTAeFw0xNDA5MTcxMDA1
NTZaFw0zNDA5MTIxMDA1NTZaMHQxCzAJBgNVBAYTAkNOMREwDwYDVQQIEwhaaGVK
aWFuZzERMA8GA1UEBxMISGFuZ1pob3UxDzANBgNVBAoTBkh1YXdlaTEPMA0GA1UE
CxMGSHVhd2VpMR0wGwYDVQQDFBQqLiouKi5kb21haW5uYW1lLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAORaaqW2IXzULGqMIqvEXIt13y2K1/Z4
+rr+IDGcJlzKTBOXGzxGHdccN9nSd0SA9GKOCws3IWIEZjahOn9dWveeIdD0LG2y
ACXvbspOMVQUPGgy4z/RYhVphJ2/jSFufBPqgFM1Pmuf2UT9lMYqT2AcOfQQS9nD
r+zv2p0pN6HAwXlStfVDvy+ngA4AgF7QB2SgPCCLvpTwvczDMqAy8gZPodqOdblw
14luGAznl8M+1J6TNqbYQluuhYQRRoZrhO++yX90Hj2/v2Bftdg6I/2glqZIgK/X
KfHNsyXItk/3t+IitClHJjX6hLln9T1gZ9/NAQW/Z6bxrXdvwqetLb8CAwEAAaN7
MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFJdtYTrsDg1Nv0jZQ0MlmPjCKhCRMB8GA1Ud
IwQYMBaAFJfGA6ybcOh+9R4DH2QXc1ixF+e/MA0GCSqGSIb3DQEBCwUAA4IBAQCS
j8u6rEvvDpaAztZ6KP2Fhk3c827KCt3KAeP/i8IHtS1iJkMkAaLnrFQ3yNbwjbzi
s8nwDqCreBDs/HuxI0I9Lp3Zb9dw7gNLohKI+c8xqOyUnwlANgSOUWv6+tOfjOxJ
kr3Vp76RkRQi2gdYMDyVC0RRS7FpH7PDBXK4Vbv+ZvJUhzndkdLhT8aQARmgTfpT
YW7+cMzFWHHSy0ulKNpo2CcYY6f8PZTsW1Y+Wqm4XPcZdFs9IF07Ie9wSsyJ4VZ0
y+Ozjp2FhaiPF4ga/1yOnTQVFGxUmoc/8YBM2qJi7agsD5/SnTPhx79QyZIN8jXk
6fFDdyaHn55SKrItAOoF
-----END CERTIFICATE-----
subject=/C=CN/ST=ZJ/L=Hz/O=Hw/OU=Hw/CN=*.*.*.domainname.com
issuer=/C=CN/ST=ZJ/O=Hw/OU=Hw/CN=*.*.*.domainname.com
---
Acceptable client certificate CA names
/C=CN/ST=ZJ/O=Hw/OU=Hw/CN=*.*.*.domainname.com
---
SSL handshake has read 2171 bytes and written 330 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384
    Session-ID:
    Session-ID-ctx:
    Master-Key: 14D329B74FE56785769DE060E68CC7D692F03CB065D104E5FEC494BDE424E8BF24BBC599146382E80D37E6B76983B203
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1454425958
    Timeout   : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)

Cheers,
kunzhang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160202/87fdbe19/attachment-0002.html>


More information about the discuss mailing list