From: Jens Lody <jenslody(a)fedoraproject.org>
To: devel(a)lists.fedoraproject.org
Sent: Sunday, April 23, 2017 9:49 AM
Subject: Re: Question on koji error: SSLError: [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed (_ssl.c:661)
Am Sun, 23 Apr 2017 13:29:30 +0000 (UTC)
schrieb Globe Trotter <itsme_410(a)yahoo.com>:
$ openssl s_client -showcerts -connect koji.fedoraproject.org:443
gives no errors but
$ /usr/lib64/nss/unsupported-tools/tstclnt -CCC -D -b -h
koji.fedoraproject.org -p 443tstclnt: error setting SSL/TLS version
range : SSL_ERROR_INVALID_VERSION_RANGE: SSL version range is not
valid.
but does.
Thanks!aarem
You need to restrict the default version-range by adding "-V
tls1.0:" (note the colon):
/usr/lib64/nss/unsupported-tools/tstclnt -CCC -D -b -h
koji.fedoraproject.org -p 443 -V tls1.0:
Thanks! Now, I get a hang at:
......==== end of certificate chain information ====
subject DN: CN=*.fedoraproject.org,O=Red Hat Inc.,L=Raleigh,ST=North Carolina,C=US
issuer DN: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert
Inc,C=US
0 cache hits; 1 cache misses, 0 cache not reusable
0 stateless resumes
Received 0 Cert Status items (OCSP stapled data)
Thanks again!