I'm trying to set up a listener to check if an application checks the server's certificate (I'm strongly assuming it is not). So I've created a self-signed certificate fake.pem
for a listener and am trying to connect to it from the application.
socat openssl-listen:443,reuseaddr,cert=./fake.pem echo
The packets I capture in Wireshark are
Client (C) -> Server(S): SYN
S->C: SYN-ACK
C->S: ACK
C->S: sClient Hello
S->C: ACK
S->C: Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done
C->S: Certificate, Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
S->C: Alert (Level: Fatal, Description: handshake Failure)
S->C: RST ACK`
I thought that socat only checks against the option cafile
(at least that's what it says in the manpage). Does it perform additional checks I could disable?
Could there be other good reasons why the server side would complain besides not a valid certificate from the client?