Comment 22 for bug 1940141

I pulled the proposed source:

  $ pull-lp-source openssl bionic

built with tracing enabled:

  $ cd openssl-1.1.1
  $ sed -i -e '/^CONFARGS =/a CONFARGS += enable-ssl-trace' debian/rules
  $ debuild -us -uc -b 2>&1 | tee ../debuild.log
  $ cd ..

installed:
  $ sudo dpkg -i libssl1.1_1.1.1-1ubuntu2.1~18.04.16_amd64.deb openssl_1.1.1-1ubuntu2.1~18.04.16_amd64.deb

tested:

  $ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
  $ openssl s_server -key key.pem -cert cert.pem -status_file openssl-1.1.1/test/recipes/ocsp-response.der -Verify 5 2>&1 | tee s_server.log &
  $ openssl s_client -status -trace -cert cert.pem -key key.pem 2>&1 | tee s_client.log (^c)
  $ grep -B1 -A4 CertificateRequest s_client.log
    Inner Content Type = Handshake (22)
      CertificateRequest, Length=45
        request_context (len=0):
        extensions, length = 42
          extension_type=signature_algorithms(13), length=38
            ecdsa_secp256r1_sha256 (0x0403)
  $ tail -6 s_server.log
  ---
  No server certificate CA names sent
  CIPHER is TLS_AES_256_GCM_SHA384
  Secure Renegotiation IS supported

  ERROR