I pulled the proposed source:
$ pull-lp-source openssl bionic
built with tracing enabled:
$ cd openssl-1.1.1 $ sed -i -e '/^CONFARGS =/a CONFARGS += enable-ssl-trace' debian/rules $ debuild -us -uc -b 2>&1 | tee ../debuild.log $ cd ..
installed: $ sudo dpkg -i libssl1.1_1.1.1-1ubuntu2.1~18.04.16_amd64.deb openssl_1.1.1-1ubuntu2.1~18.04.16_amd64.deb
tested:
$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem $ openssl s_server -key key.pem -cert cert.pem -status_file openssl-1.1.1/test/recipes/ocsp-response.der -Verify 5 2>&1 | tee s_server.log & $ openssl s_client -status -trace -cert cert.pem -key key.pem 2>&1 | tee s_client.log (^c) $ grep -B1 -A4 CertificateRequest s_client.log Inner Content Type = Handshake (22) CertificateRequest, Length=45 request_context (len=0): extensions, length = 42 extension_type=signature_algorithms(13), length=38 ecdsa_secp256r1_sha256 (0x0403) $ tail -6 s_server.log --- No server certificate CA names sent CIPHER is TLS_AES_256_GCM_SHA384 Secure Renegotiation IS supported
ERROR
I pulled the proposed source:
$ pull-lp-source openssl bionic
built with tracing enabled:
$ cd openssl-1.1.1
$ sed -i -e '/^CONFARGS =/a CONFARGS += enable-ssl-trace' debian/rules
$ debuild -us -uc -b 2>&1 | tee ../debuild.log
$ cd ..
installed: 1_1.1.1- 1ubuntu2. 1~18.04. 16_amd64. deb openssl_ 1.1.1-1ubuntu2. 1~18.04. 16_amd64. deb
$ sudo dpkg -i libssl1.
tested:
$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem 1.1.1/test/ recipes/ ocsp-response. der -Verify 5 2>&1 | tee s_server.log & teRequest, Length=45
request_ context (len=0):
extension_ type=signature_ algorithms( 13), length=38
ecdsa_ secp256r1_ sha256 (0x0403) 256_GCM_ SHA384
$ openssl s_server -key key.pem -cert cert.pem -status_file openssl-
$ openssl s_client -status -trace -cert cert.pem -key key.pem 2>&1 | tee s_client.log (^c)
$ grep -B1 -A4 CertificateRequest s_client.log
Inner Content Type = Handshake (22)
Certifica
extensions, length = 42
$ tail -6 s_server.log
---
No server certificate CA names sent
CIPHER is TLS_AES_
Secure Renegotiation IS supported
ERROR