I am trying to connect with some HSM cloud service using a specific url:port provided by the service vendor. The connection works fine if CAfile is omited from the syntax of the s_client -connect command. However, when included, the prompt simply shows a line jump (not even an error message).
-Certs have been tested several times by HSM cloud service provider.
-Firewalls on both ends have been tested and all necessary whitelisting has been completed.
Client Server info:
PRETTY_NAME="Debian GNU/Linux 9 (stretch)"
Debian 4.9.168-1
NAME="Debian GNU/Linux"
VERSION_ID="9"
VERSION="9 (stretch)"
Operating System: Debian GNU/Linux 9 (stretch)
Kernel: Linux 4.9.0-9-amd64
Architecture: x86-64
OpenSSL version: OpenSSL 1.1.0j 20 Nov 2018
*curl results:
curl -v us01hsm01test.hsmprovider.com:1111
Rebuilt URL to: us01hsm01test.hsmprovider.com:1111/ Trying 19*.5*.7*.7*... > TCP_NODELAY set Connected to us01hsm01test.hsmprovider.com (19*.5*.7*.7*) port > 1111 (#0) GET / HTTP/1.1 Host: us01hsm01test.hsmprovider.com:1111> User-Agent: > curl/7.52.1 Accept: /
Curl_http_done: called premature == 0 Empty reply from server Connection #0 to > host us01hsm01test.hsmprovider.com left intact curl: (52) Empty reply from server
*Command openssl s_client -connect without CAfile:
openssl s_client -connect us01hsm01test.hsmprovider.com:1111 -cert signed_cert.pem -key ssl-privatekey.pem -CApath . -tls1_1
CONNECTED(00000003) ... ... verify error:num=19:self signed certificate in certificate chain
(This error:num=19, I assume is because CAfile has been omited).
Then it changes to interactive mode and I am able to communicate with HSM's proprietary API.
*Command openssl s_client -connect WITH CAfile:
openssl s_client -connect us01hsm01test.hsmprovider.com:1111 -cert signed_cert.pem -key ssl-privatekey.pem -CApath ./ -CAfile CA_Tree.pem -tls1_1
user@debianserver:~$
It simply jumps a line and it doesn't even show an error message.
