Created attachment 3544 [details] Framework of test I have a machine with an apache web server (see the framework in attachment sslconfig.txt) Accessing this server from machine 2 with the command openssl s_client -connect p01serv.p01.net:443 -servername p01serv.p01.net < /dev/null >sslmachine2error.txt 2>&1 gives the error --- SSL handshake has read 1503 bytes and written 387 bytes Verification error: certificate signature failure --- Data for machine 2 (laptop) name/address: santech 192.168.68.16 operating system: Linux santech 5.11.0-27-generic #29~20.04.1-Ubuntu SMP Wed Aug 11 15:58:17 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux openssl version: OpenSSL 1.1.1f 31 Mar 2020 Result file: sslmachine2error.txt Seems that I can add only one attachment. Here is the sslmachine2error.txt content depth=1 C = IT, ST = Italy, L = Rome, O = Busico Mirto, OU = Laboratory, CN = Busico Mirto, emailAddress = mirtobusico@gmail.com verify return:1 depth=0 C = IT, ST = Italy, L = Rome, O = Busico Mirto, OU = Laboratory, CN = p01serv verify error:num=7:certificate signature failure verify return:1 depth=0 C = IT, ST = Italy, L = Rome, O = Busico Mirto, OU = Laboratory, CN = p01serv verify return:1 CONNECTED(00000003) --- Certificate chain 0 s:C = IT, ST = Italy, L = Rome, O = Busico Mirto, OU = Laboratory, CN = p01serv i:C = IT, ST = Italy, L = Rome, O = Busico Mirto, OU = Laboratory, CN = Busico Mirto, emailAddress = mirtobusico@gmail.com --- Server certificate -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIUYXsfJE4WBeCew7IEHW59vmYyYIgwDQYJKoZIhvcNAQEL BQAwgZUxCzAJBgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UEBwwEUm9t ZTEVMBMGA1UECgwMQnVzaWNvIE1pcnRvMRMwEQYDVQQLDApMYWJvcmF0b3J5MRUw EwYDVQQDDAxCdXNpY28gTWlydG8xJDAiBgkqhkiG9w0BCQEWFW1pcnRvYnVzaWNv QGdtYWlsLmNvbTAeFw0yMTA2MjUwODQ2NDVaFw0zMTA2MjMwODQ2NDVaMGoxCzAJ BgNVBAYTAklUMQ4wDAYDVQQIDAVJdGFseTENMAsGA1UEBwwEUm9tZTEVMBMGA1UE CgwMQnVzaWNvIE1pcnRvMRMwEQYDVQQLDApMYWJvcmF0b3J5MRAwDgYDVQQDDAdw MDFzZXJ2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zsapI3992k1 zBmwEa9+w4MNagtGiWVjrl90cn1htVv1GiU6ZLZgITePm4HD8Fnzs9E4vjQ8OFTT 2enmE56a9hmqhGtFM4VnT7jpmm0zKhD2Em+6/aJ9424kkx4/hspfZ6KyaED1sGG1 QJpaFEqfZAN4QIDgmowCUtjS7amit1OpQMt6MTz50yeSJGXV0QmGZQ+TOMQqF9hD I4CqmVAYkNZ7eIHiuikmX5W7CVXbmJxnvEEDo6PpllpkBE95sKpG3/gTrtxMqsrq v+hAmzYN05/VJ8CbpjjAHsOmgectmScBqdztMi3DH6jjqeZMDgAKcRVOT1+6CJiR daWn4oIudwIDAQABoyEwHzAdBgNVHREEFjAUggdwMDFzZXJ2ggkqLnAwMS5uZXQw DQYJKoZIhvcNAQELBQADggEBAENmMADNbjcfr3K/lDWTuPrMzNdqO252wUWO54rI T8/i4Ls4pwcNzbxFL9dkDx3wefK0fuzzUcgdi/IYzRzXAxUC+jZhGrOldZQeMOtc +gZVL+0Ac4SNqplaROJzCmU/8WXYROuEeTB1h8WImzo/UhGWGdt6l6NbZpqX9E+0 2udkHaLahLOnXpheLMBMqabOm/800dF9Jp4mr2Idchajjo3Kd5sVqwQ4wHz3QGnI dej/P48PzaAjpT/Twt4q/tGh2eG291Ck8NZnyc48yizG2xPDma0N/nY0toYO8Fy5 f7fXo0Gw5B81FeW1gtgOi4Y7qLEq8poBgFFaf1A01Nub2ak= -----END CERTIFICATE----- subject=C = IT, ST = Italy, L = Rome, O = Busico Mirto, OU = Laboratory, CN = p01serv issuer=C = IT, ST = Italy, L = Rome, O = Busico Mirto, OU = Laboratory, CN = Busico Mirto, emailAddress = mirtobusico@gmail.com --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 1503 bytes and written 387 bytes Verification error: certificate signature failure --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 7 (certificate signature failure) --- DONE The same command from machine 1, machine 3 and machine 4 works correctly without any error What can I do / investigate?
(In reply to Mirto Silvio Busico from comment #0) [...] > What can I do / investigate? well for a start you could ask the OpenSSL folks over at https://www.openssl.org/community/ or https://github.com/openssl/openssl/issues. This is the bugzilla for OpenSS*H*.
Thanks
closing bugs resolved before openssh-8.9