Closed matteocorti closed 8 months ago
Describe the bug
The script fails to connect to hosts specified with an IP address on OpenBSD with LibreSSL
To Reproduce
./check_ssl_cert -H 138.201.94.172 SSL_CERT CRITICAL 138.201.94.172:443: SSL error: Unable to set TLS servername extension.
Expected behavior
/check_ssl_cert -H 138.201.94.172 SSL_CERT OK - 138.201.94.172:443, https, x509 certificate 'corti.li' from 'Let's Encrypt' valid until Feb 1 19:04:54 2024 GMT (expires in 72 days)|days_chain_elem1=72;20;15;; days_chain_elem2=664;20;15;; days_chain_elem3=314;20;15;;
System (please complete the following information):
openssl version
Additional context/output
LibreSSL does not accept an IP as -servername:
-servername
$ /usr/bin/openssl s_client -crlf -connect 138.201.94.172:443 -servername 138.201.94.172 -showcerts -verify 6 verify depth is 6 Unable to set TLS servername extension. 77968620024:error:1404E13F:SSL routines:ST_BEFORE_CONNECT:ssl3 ext invalid servername:/usr/src/lib/libssl/s3_lib.c:1838:
Fixed with 7f0a507
matteocorti
commented
8 months ago matteocorti
commented
8 months ago
Describe the bug
The script fails to connect to hosts specified with an IP address on OpenBSD with LibreSSL
To Reproduce
Expected behavior
System (please complete the following information):
openssl version): LibreSSL 3.8.2Additional context/output
LibreSSL does not accept an IP as
-servername: