Closed Constey closed 8 months ago
I've tested with openssl 3.0.12 that looks better:
SSL_CERT CRITICAL dc.domain.de:636: Cannot find Signed Certificate Timestamps (SCT)|days_chain_elem1=1092;20;15;; days_chain_elem2=1616;20;15;;
I'll take a look. In any case you can try with
--ignore-tls-renegotiation
It works with 3.0.0 since I do not check for renegotiation (as OpenSSL checks it by default).
There is another strange behaviour: you get a timeout after 0 seconds (and also in the DBG timeline you have the error at 0s). Should be 120 ...
I'll take a look. In any case you can try with
--ignore-tls-renegotiation
With --ignore-tls-renegotiation it works. I can aswell reproduce this issue on at least 3 other ubuntu 20.04 machines with openssl from the original apt repository. Since with openssl 3 everything is fine, im good with it :-) But if there is anything I can help troubleshooting this, just let me know. (And huge thanks for this script at all❤️)
Several checks with OpenSSL 1.1.1w work (as 1.1.1f is very old and no more supported). Please reopen if this can be reproduced with the current 1.1. version.
$ --host ldaps-rz-1.ethz.ch --protocol ldaps --openssl /opt/homebrew/Cellar/openssl@1.1/1.1.1w/bin/openssl
SSL_CERT OK - ldaps-rz-1.ethz.ch:636, ldaps, x509 certificate 'ldapsrz1.ethz.ch' (ldaps-rz-1.ethz.ch) from 'DigiCert Inc' valid until Dec 14 23:59:59 2024 GMT (expires in 383 days)|days_chain_elem1=383;20;15;; days_chain_elem2=2492;20;15;; days_chain_elem3=5162;20;15;;
Describe the bug
I'll try to check an ldaps server but the script runs in an timeout.
./check_ssl_cert -H dc.domain.de -p 636 -P ldaps -vvvvv
Expected behavior
it hangs on "checking TLS renegotiation" and openssl runs in an timeout, while when running it directly it works. is that maybe a openssl 1.1.x problem?
System (please complete the following information):
openssl version
): 1.1.1.fAdditional context/output Checking via openssl directly, works in general: