Why application using openssl are failling after updating to Red Hat Enterprise Linux 6.5?
Issue
- Application working fine with openssl-1.0.0 are failing after upgrade to openssl-1.0.1e(Red Hat Enterprise Linux 6.5)
- With openssl-1.0.0
echo -e "GET / HTTP/1.1\r\nHost: www.example.com\r\n\r\n" | openssl s_client -connect www.example.com:443 -ign_eof -cert test-abc.pem
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify return:1
depth=0 C = US, ST = xxxxxxxx, L = Exton, O = Test-IT corp, CN = *.example.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:/C=US/ST=xxxxxxxx/L=Exton/O=Test-IT corp/CN=*.example.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
dAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAA
RABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAA
UgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAA
...
el57M8gY3mCWzF2xaLAqWcm+EtFvcsN9IoR6RMKNN2sXyZCuhdwdBBVxygH4TKID
YRaIOqda+Uipak7VbEWZs4WUFcuy8NXGgWJda/ADZuGwgBUBP6MZ7FPc3xsrj5HK
umtrcu4LZoDNkD62TaWu/SYWUVyTZ5ucYT+E/cfQkxTy5MCx3JFmKn2qNHna/Dva
utOiJVwvDGHtd6QJ
-----END CERTIFICATE-----
subject=/C=US/ST=xxxxxxxx/L=Exton/O=Test-IT corp/CN=*.example.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
---
No client certificate CA names sent
---
SSL handshake has read 3530 bytes and written 438 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: 782600002796D26C833003ACB349924F9AD692733963A41117436F1B021B49AE
Session-ID-ctx:
Master-Key: 77D3DFE114ACD4C11EDEB7468EA4B5F53FC356D64B6E579AB1031A02AD739E061D46291965FE3A2D8BC0496E7990830A
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1389629521
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify return:1
depth=0 C = US, ST = xxxxxxxx, L = Exton, O = Test-IT corp, CN = *.example.com
verify return:1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=iso-8859-1
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=jqofnfwcielnmv5mk3k0jled; path=/; HttpOnly
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Mon, 13 Jan 2014 16:12:00 GMT
Content-Length: 7053
- With openssl-1.0.1e
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance CA-3
verify return:1
depth=0 C = US, ST = xxxxxxxx, L = Exton, O = Testp-IT corp, CN = *.example.com
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:/C=US/ST=xxxxxxxx/L=Exton/O=est-IT corp/CN=*.example.com
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
dAB1AHQAZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAA
RABpAGcAaQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAA
UgBlAGwAeQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAA
...
el57M8gY3mCWzF2xaLAqWcm+EtFvcsN9IoR6RMKNN2sXyZCuhdwdBBVxygH4TKID
YRaIOqda+Uipak7VbEWZs4WUFcuy8NXGgWJda/ADZuGwgBUBP6MZ7FPc3xsrj5HK
umtrcu4LZoDNkD62TaWu/SYWUVyTZ5ucYT+E/cfQkxTy5MCx3JFmKn2qNHna/Dva
utOiJVwvDGHtd6QJ
-----END CERTIFICATE-----
subject=/C=US/ST=xxxxxxxx/L=Exton/O=Test-IT corp/CN=*.example.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3
---
No client certificate CA names sent
---
SSL handshake has read 3523 bytes and written 589 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: 31180000C6EE63B87127F24AD5053FF6EE4D5BDCB36D801BE6005B1FFDB9077F
Session-ID-ctx:
Master-Key: 748B7CA21970B23626F51324DD908994723B0168B72F03D0FA5888B9D5C8CAC5E2FA5579844C6C8AA9563906D6DD0A7C
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1389621198
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
read:errno=104p <----------------------------
Environment
- Red Hat Enterprise Linux 6.5
- openssl-1.0.1e
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
