You are not logged in.
- Topics: Active | Unanswered
#1 2019-06-09 00:02:20
- regid
- Member
- Registered: 2016-06-06
- Posts: 201
How did openssl s_client knew which certificate to use?
A machine named clientmachine had a self signed openssl server certificate at user@clientmachine:~. That certificate was used by user@clientmachine, with a specifically tailored client, for a short term connection to the server. The connection was made with a dedicated application. It is not the usual https clients, nor other familiar applications. Afterwards, user@clientmachine issued
openssl s_client -connect serverIt was evident the right self signed certificate was used by this command, even though the certificate was never stored manually by the administrator anywhere beside user@clientmachine:~.
Edit: the following is wrong, so it is overstroked. I was wrong claiming the certificate is saved anywhere beside user@clientmachine:~. Turns out that just like the usual https process, the server sent its certificate while secure connection is created. Or am I wrong that sending the server certificate at that time is the usual process?
As if the dedicated client application, or the openssl library, copied the certificate to other places in the client machine, where openssl looked for it. In that case, where, on the clientmachine, the certificate is stored?
Last edited by regid (2019-06-09 19:49:27)
powerofforreboot.efi (AUR): Utilities to be used from within a UEFI boot manager or shell.
Offline
#2 2019-06-09 11:31:44
- Lone_Wolf
- Member
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 11,920
Re: How did openssl s_client knew which certificate to use?
On Arch Linux the OPENSSLDIR is /etc/ssl.
/etc/ssl/certs seems a good starting point to look.
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
Offline