I need configure connect to server via SSL protocol. I got from server owners 2 files - CA root certificate (ca.pem) and test certificate request (test.csr file).
I am try to test connect via openssl s_connect utility and i give strange result (xxx - masked values) :
openssl s_client -connect MYURL -CAfile ca.pem
CONNECTED(00000003)
xxx verify return:1
xxx verify return:1
3074332296:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1193:SSL alert number 40
3074332296:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
But, after handshake alert and print certificate data i see :
SSL handshake has read yyy bytes and written yyy bytes
New, xxx, Cipher is xxx
Server public key is xxx bit
Compression: xxx
Expansion: xxx
SSL-Session:
Protocol : xxx
Cipher : xxx
Session-ID:
Session-ID-ctx:
Master-Key: xxx
Key-Arg : xxx
PSK identity: xxx
PSK identity hint: xxx
Compression: xxx
Start Time: xxx
Timeout : xxx (sec)
Verify return code: 0 (ok)
What's mean verify return code is 0 (ok) ? How it possible if handshake error/alert are occured ?
Answer
You are receiving a handshake failure alert from the server, which means that some other error is occurring, it is not the certificate validation that fails. You should look at the server side logs for clues about what has failed.