[ovs-discuss] openssl1 client connects to ovsdb server, but client prints error.
Zhangkun (K)
zhang.zhangkun at huawei.com
Tue Feb 2 07:39:39 UTC 2016
Hello together,
I test ovsdb, and uses openssl1 client to connect to ovsdb server. however, the client prints error information.
Is something wrong? Or why the client prints error?
openssl version : openssl1-1.0.1g-0.32.2
ovsdb server:
ovs-appctl -t ovsdb-server ovsdb-server/add-remote pssl:6632:9.62.1.19
ovs-vsctl set-ssl /home/private_key.pem /home/crt.pem /home/ca_crt.pem
linux-QumlCM:~ # openssl1 s_client -connect 9.62.1.19:6632
CONNECTED(00000003)
depth=1 C = CN, ST = ZJ, O = Hw, OU = Hw, CN = *.*.*.domainname.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
140135166002856:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1262:SSL alert number 40
140135166002856:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
Certificate chain
0 s:/C=CN/ST=ZJ/L=Hz/O=Hw/OU=Hw/CN=*.*.*.domainname.com
i:/C=CN/ST=ZJ/O=Hw/OU=Hw/CN=*.*.*.domainname.com
1 s:/C=CN/ST=ZJ/O=Hw/OU=Hw/CN=*.*.*.domainname.com
i:/C=CN/ST=ZJ/O=Hw/OU=Hw/CN=*.*.*.domainname.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDyzCCArOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJDTjER
MA8GA1UECBMIWmhlSmlhbmcxDzANBgNVBAoTBkh1YXdlaTEPMA0GA1UECxMGSHVh
d2VpMR0wGwYDVQQDFBQqLiouKi5kb21haW5uYW1lLmNvbTAeFw0xNDA5MTcxMDA1
NTZaFw0zNDA5MTIxMDA1NTZaMHQxCzAJBgNVBAYTAkNOMREwDwYDVQQIEwhaaGVK
aWFuZzERMA8GA1UEBxMISGFuZ1pob3UxDzANBgNVBAoTBkh1YXdlaTEPMA0GA1UE
CxMGSHVhd2VpMR0wGwYDVQQDFBQqLiouKi5kb21haW5uYW1lLmNvbTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAORaaqW2IXzULGqMIqvEXIt13y2K1/Z4
+rr+IDGcJlzKTBOXGzxGHdccN9nSd0SA9GKOCws3IWIEZjahOn9dWveeIdD0LG2y
ACXvbspOMVQUPGgy4z/RYhVphJ2/jSFufBPqgFM1Pmuf2UT9lMYqT2AcOfQQS9nD
r+zv2p0pN6HAwXlStfVDvy+ngA4AgF7QB2SgPCCLvpTwvczDMqAy8gZPodqOdblw
14luGAznl8M+1J6TNqbYQluuhYQRRoZrhO++yX90Hj2/v2Bftdg6I/2glqZIgK/X
KfHNsyXItk/3t+IitClHJjX6hLln9T1gZ9/NAQW/Z6bxrXdvwqetLb8CAwEAAaN7
MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
Q2VydGlmaWNhdGUwHQYDVR0OBBYEFJdtYTrsDg1Nv0jZQ0MlmPjCKhCRMB8GA1Ud
IwQYMBaAFJfGA6ybcOh+9R4DH2QXc1ixF+e/MA0GCSqGSIb3DQEBCwUAA4IBAQCS
j8u6rEvvDpaAztZ6KP2Fhk3c827KCt3KAeP/i8IHtS1iJkMkAaLnrFQ3yNbwjbzi
s8nwDqCreBDs/HuxI0I9Lp3Zb9dw7gNLohKI+c8xqOyUnwlANgSOUWv6+tOfjOxJ
kr3Vp76RkRQi2gdYMDyVC0RRS7FpH7PDBXK4Vbv+ZvJUhzndkdLhT8aQARmgTfpT
YW7+cMzFWHHSy0ulKNpo2CcYY6f8PZTsW1Y+Wqm4XPcZdFs9IF07Ie9wSsyJ4VZ0
y+Ozjp2FhaiPF4ga/1yOnTQVFGxUmoc/8YBM2qJi7agsD5/SnTPhx79QyZIN8jXk
6fFDdyaHn55SKrItAOoF
-----END CERTIFICATE-----
subject=/C=CN/ST=ZJ/L=Hz/O=Hw/OU=Hw/CN=*.*.*.domainname.com
issuer=/C=CN/ST=ZJ/O=Hw/OU=Hw/CN=*.*.*.domainname.com
---
Acceptable client certificate CA names
/C=CN/ST=ZJ/O=Hw/OU=Hw/CN=*.*.*.domainname.com
---
SSL handshake has read 2171 bytes and written 330 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
Master-Key: 14D329B74FE56785769DE060E68CC7D692F03CB065D104E5FEC494BDE424E8BF24BBC599146382E80D37E6B76983B203
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1454425958
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
Cheers,
kunzhang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160202/87fdbe19/attachment-0002.html>
More information about the discuss
mailing list