Comment debuger la demande de certificat client avec openssl?
Lorsqu'une connexion SSL est établie, la demande de certificat client peut être effectuée. Mais ce n'est pas obligatoire, elle est bien souvent différée à la demande d'une URL spécifique.Dans ce cas, il faut utiliser l'option -prexit de la commande openssl s_client pour lui demander un affichage de la session SSL juste avant la fin.
Exemple avec notre site https://testcert.pitux.com/php/testcrypto.php (attention il faut un openssl 0.97 au minimum et il est recommandé avoir actualisé votre base de racine, voir Utiliser un client SSL linux / openssl ).
openssl s_client -port 443 -CApath /usr/share/ssl/certs/ -host testcert.pitux.com -prexitLa premiére négociation donne:
CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = FR, ST = Calvados, L = Caen, O = TBS INTERNET, OU = TBS INTERNET CA, CN = TBS X509 CA business 2 verify return:1 depth=0 C = FR, postalCode = 14000, ST = Calvados, L = CAEN, street = 22 RUE DE BRETAGNE, O = TBS CERTIFICATS, OU = 0002 440443810, CN = *.pitux.com verify return:1 139901678843712:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1407:SSL alert number 40 --- Certificate chain 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/ PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P 3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e 19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51 c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ 7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49 7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3 ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg= -----END CERTIFICATE----- subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 --- Acceptable client certificate CA names /O=Autorite Consulaire/CN=CSF /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles /O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1 /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 7685 bytes and written 314 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: Master-Key: D7CEDC5FCC80C9AFB902C649458F8A1F5E85DEF64C5AE95A2589ED04E97F7883267A13975A2431305069BE6DF7E22270 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1592213514 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no ---A ce moment, il faut simuler la demande d'une page requierant un certificat client, dans notre exemple:
GET /php/testcrypto.php HTTP/1.1 HOST: testcert.pitux.comCe qui nous donne la fin de négociation:
Certificate chain 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/ PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P 3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e 19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51 c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ 7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49 7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3 ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg= -----END CERTIFICATE----- subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 --- Acceptable client certificate CA names /O=Autorite Consulaire/CN=CSF /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles /O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1 /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 7685 bytes and written 314 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: Master-Key: 7A8A21E0ECEF8CA588D7858CA194749386245D1866A3C327C3164F4514CF7472BC0E74C123A6A47DC59AEE1B4F8A9EC2 PSK identity: None PSK identity hint: None SRP username: None Start Time: 1592213528 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no ---Ce qui nous intéresse est la section Acceptable client certificate CA names:
/O=Autorite Consulaire/CN=CSF /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles /O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1 /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA businessNotez aussi l'affichage de
SSL alert number 40qui indique que le serveur refuse la connexion car on n'a pas présenté de certificat client (il faut compléter la ligne de commande).
Il est possible d'utiliser openssl pour vérifier la présentation d'un certificat client auprès d'un serveur qui en requiert. Il suffit alors de spécifier le certificat client et la clef privée avec les paramètres -cert et -key.
openssl s_client -port 443 -CApath /usr/share/ssl/certs/ -host testcert.pitux.com -prexit -cert votre.certificat.client.cert -key votre.clef.privee.keyVoila ce que cela donne en présentant un certificat:
CONNECTED(00000003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = FR, ST = Calvados, L = Caen, O = TBS INTERNET, OU = TBS INTERNET CA, CN = TBS X509 CA business 2 verify return:1 depth=0 C = FR, postalCode = 14000, ST = Calvados, L = CAEN, street = 22 RUE DE BRETAGNE, O = TBS CERTIFICATS, OU = 0002 440443810, CN = *.pitux.com verify return:1 --- Certificate chain 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/ PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P 3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e 19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51 c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ 7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49 7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3 ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg= -----END CERTIFICATE----- subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 --- Acceptable client certificate CA names /O=Autorite Consulaire/CN=CSF /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles /O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1 /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 9328 bytes and written 1972 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 7BD60F042548B64EB0D9B77EBECD294D2159526DBEED47D349162B672F5ADDF9 Session-ID-ctx: Master-Key: B518D2C09141A26B1B4AF17156419B98FE6A87C2601CB01494C9B6AF0E3FC87096A12107A21747415DA4E6727998F2F4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: ... Start Time: 1592221660 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- read:errno=0 --- Certificate chain 0 s:/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com i:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 1 s:/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority 2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root --- Server certificate -----BEGIN CERTIFICATE----- MIIG3DCCBcSgAwIBAgIQURVOdMVmFiQuyGnIrd99wTANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCRlIxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDYWVu MRUwEwYDVQQKEwxUQlMgSU5URVJORVQxGDAWBgNVBAsTD1RCUyBJTlRFUk5FVCBD QTEfMB0GA1UEAxMWVEJTIFg1MDkgQ0EgYnVzaW5lc3MgMjAeFw0yMDAxMDcwMDAw MDBaFw0yMjAyMDQyMzU5NTlaMIGlMQswCQYDVQQGEwJGUjEOMAwGA1UEERMFMTQw MDAxETAPBgNVBAgTCENhbHZhZG9zMQ0wCwYDVQQHEwRDQUVOMRswGQYDVQQJExIy MiBSVUUgREUgQlJFVEFHTkUxGDAWBgNVBAoTD1RCUyBDRVJUSUZJQ0FUUzEXMBUG A1UECxMOMDAwMiA0NDA0NDM4MTAxFDASBgNVBAMMCyoucGl0dXguY29tMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu2QxZBbDn078IWyW4aZyR2NK/ra/ PxNAFa+r1+SEZLEuFruOehFs5j6f0sec/EhUM5Fb2gQGB4fl+U7ics5h3XS36m8l ZU5LmfUEw5kPdnSW4z/zfTb0BRQcsmN5+fCOpf6fzYTgN/32ulKmw+N/knhvyP0P 3y1rRUJutQefESteb/+qcV29s6KJ2e7FmsjUVk1fZPtIw4LW7be04luVJDVf78uN LlGEPyyhSKF9zoltX59P0q+tSser3/VfVcSQZpSdjW7BU9jtUssgZzpScejhRi+e 19ZD/In3Sq9CsWbdZKizpNLZNOEVuu1QSkMqiSY0eTg6J1Nj5tOJ80RDrQIDAQAB o4IDKDCCAyQwHwYDVR0jBBgwFoAUcfILqaPtywNKDDwBO75MRG3rKvgwHQYDVR0O BBYEFKRL936V0NoJHZbRtrqMnDBkL+RnMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMB Af8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBKBgNVHSAEQzBB MDUGCisGAQQB5TcCAQEwJzAlBggrBgEFBQcCARYZaHR0cHM6Ly9jcHMudXNlcnRy dXN0LmNvbTAIBgZngQwBAgIwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NybC51 c2VydHJ1c3QuY29tL1RCU1g1MDlDQWJ1c2luZXNzMi5jcmwwcgYIKwYBBQUHAQEE ZjBkMDsGCCsGAQUFBzAChi9odHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVEJTWDUw OUNBYnVzaW5lc3MyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy dXN0LmNvbTAhBgNVHREEGjAYggsqLnBpdHV4LmNvbYIJcGl0dXguY29tMIIBfgYK KwYBBAHWeQIEAgSCAW4EggFqAWgAdgBGpVXrdfqRIDC1oolp9PN9ESxBdL79SbiF q/L8cP5tRwAAAW+BJ+YIAAAEAwBHMEUCIFEbm4HlAS/fj9aoCnKolonGVZC5yIAX kNO3Smv+/ucaAiEA9tqLub1MS/WrfzfHaAjxNJhGEifgBhc4BQRfHw5kKJQAdgBv U3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAAAW+BJ+XzAAAEAwBHMEUC IQC503n1RahJsOd9nW08GXH8zlSVIvlEGlPyOsAcjc/5FgIgNw3T2xFMCVlcL6uQ 7VsYpxj1jqGoIqAwU/hkCN9c5+cAdgAiRUUHWVUkVpY/oS/x922G4CMmY63AS39d xoNcbuIPAgAAAW+BJ+X6AAAEAwBHMEUCIBivWtakqnt5/XH3sAOh8nwVSxHEwhcQ oRZBLtDyUknrAiEAmE7+3gU5noWr3cc4es6RynhimaoqdKRi2PS4xhoAMUQwDQYJ KoZIhvcNAQELBQADggEBAC33OaSdXlB7zs/vfc5KjJI7CUbh6U/qsV+3DZwXU8Kk YzGMG+Jaq1p38EilDSADvahSfmzGiV1P3Dgb5mSbvb0dLMe28GzomV783qqEMu49 7kPfJh3u/kssYnCY5fzZQvkwLp3RZ7nO2ZBlYmqUKXh8u2TWtObLyO8YTLesYRFX oSx3SaJf8JTmn400FQKiCvnCm6hT9QNnr814Pn6kWhS/Bh+I6Ou0MtR4If14CJN3 ckcAwfb5k3/FaK2A+5XbfSHmff7qftbTQGEmf4QF9ClxF+SiDO1SuL53ps4+Molh URcdU1/h4k/wFyAiJu5TvRDAcFp1rez6IHLq12+AjEg= -----END CERTIFICATE----- subject=/C=FR/postalCode=14000/ST=Calvados/L=CAEN/street=22 RUE DE BRETAGNE/O=TBS CERTIFICATS/OU=0002 440443810/CN=*.pitux.com issuer=/C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA business 2 --- Acceptable client certificate CA names /O=Autorite Consulaire/CN=CSF /C=FR/O=Dhimyotis/CN=Certigna /C=FR/O=Dhimyotis/OU=0002 48146308100036/CN=Certigna Root CA /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root /C=FR/O=ChamberSign France/OU=0002 433702479/CN=ChamberSign France - AC 2 \xC3\xA9toiles /O=Autorite Consulaire/OU=Certification Professionnelle/CN=CSF - Classe III - Sign et Crypt /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2 /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=TBS INTERNET CA/CN=TBS X509 CA persona 2.1 /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-48146308100036/CN=Certigna Identity Plus CA /C=FR/O=DHIMYOTIS/OU=0002 48146308100036/2.5.4.97=NTRFR-0002 48146308100036/CN=Certigna Identity CA /C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA Certification Authority /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO SHA-256 Client Authentication and Secure Email CA /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA persona /C=FR/ST=Calvados/L=Caen/O=TBS INTERNET/OU=Terms and Conditions: http://www.tbs-internet.com/CA/repository/OU=TBS INTERNET CA/CN=TBS X509 CA business Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1 Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 9328 bytes and written 2003 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 7BD60F042548B64EB0D9B77EBECD294D2159526DBEED47D349162B672F5ADDF9 Session-ID-ctx: Master-Key: B518D2C09141A26B1B4AF17156419B98FE6A87C2601CB01494C9B6AF0E3FC87096A12107A21747415DA4E6727998F2F4 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: ... Start Time: 1592221660 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no
Dernière modification le 15/06/2020 11:54:06 --- [Chercher]