I've just moved to a different laptop which caused me to look at some things I have not looked at for a while. One of them was the perl script Tom Saxton gave me to query the openvehicles server to gather the log entries for my car. That script references: https://www.openvehicles.com:6869 This is now failing to log in. Testing manually with curl gives: auge14> curl -X GET -c ovms-cookie "https:/www.openvehicles.com:6869/api/cookie?username=xxxx&password=xxxx" curl: (60) SSL certificate problem: certificate has expired More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above. This looks like it could be related to the AddTrust CA cert expiration that occurred back in May. I check the macOS keychain and I see that the new USERTrust RSA CA certificate is already there and matches the one that Mark included with his email to this list about the problem. Looking on the web for guidance I found the following suggested command which appear to indicate that the server is still using a certificate referencing the old CA cert? auge15> openssl s_client -showcerts -servername www.openvehicles.com -connect www.openvehicles.com:443 > cacert.pem depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify error:num=10:certificate has expired notAfter=May 30 10:48:38 2020 GMT Is this something that needs to be fixed on the server, or is there something I need to change in my query? -- Steve
Steve, looks like a local problem on your Mac. From my Linux box: balzer@leela:~/tmp> curl -X GET -c ovms-cookie "https:/www.openvehicles.com:6869/api/cookie?username=xxxx&password=xxxx" Authentication failed balzer@leela:~/tmp> openssl s_client -showcerts -servername www.openvehicles.com -connect www.openvehicles.com:443 > cacert.pem depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = LV, L = Riga, O = GoGetSSL, CN = GoGetSSL RSA DV CA verify return:1 depth=0 OU = Domain Control Validated, OU = GoGetSSL Domain SSL, CN = openvehicles.com verify return:1 balzer@leela:~/tmp> cat cacert.pem CONNECTED(00000003) --- Certificate chain 0 s:OU = Domain Control Validated, OU = GoGetSSL Domain SSL, CN = openvehicles.com i:C = LV, L = Riga, O = GoGetSSL, CN = GoGetSSL RSA DV CA -----BEGIN CERTIFICATE----- MIIGaTCCBVGgAwIBAgIRAJ9XDxgDvW/3zSku1TW3UCswDQYJKoZIhvcNAQELBQAw TDELMAkGA1UEBhMCTFYxDTALBgNVBAcTBFJpZ2ExETAPBgNVBAoTCEdvR2V0U1NM MRswGQYDVQQDExJHb0dldFNTTCBSU0EgRFYgQ0EwHhcNMTkwNjEyMDAwMDAwWhcN MjEwNjExMjM1OTU5WjBcMSEwHwYDVQQLExhEb21haW4gQ29udHJvbCBWYWxpZGF0 ZWQxHDAaBgNVBAsTE0dvR2V0U1NMIERvbWFpbiBTU0wxGTAXBgNVBAMTEG9wZW52 ZWhpY2xlcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5tC+O wNdhOOwWVZO9wPjyVMn4m3Voz0ATUUyvEJxXJiL8wDDySqeuFWpeeCPdxFkwt24I QYdc6EOAidMFoQfSHANSekSJesIlChlj1ynM6gxmdmNJ8YDyVUNZ3/A6rHjs/v6z 5isiXdNw9nyCaEkhSH2nu8rQ6gxXCIl9vAaflP+mjG0TfB6m1VZHglXvV2xXsose 6fAX262J3/+9297/cIeaek9jXhTU1v38LM0+uBaBsVkLqvu3jiI8S1vSCf2ZelZd waQcdJKAXu9b8aQ0oRH0nQKyxYdK8DrU0BqOiXuX9cTIHBToqUbek5vPVeaIH8N8 WVmpoMHKOBw503HrAgMBAAGjggM0MIIDMDAfBgNVHSMEGDAWgBT5+1DEi2e7Z2T+ gyGmqc4/VYSTmTAdBgNVHQ4EFgQUBhugX/CcFVRych3wn6somIeZ7hEwDgYDVR0P AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMEsGA1UdIAREMEIwNgYLKwYBBAGyMQECAkAwJzAlBggrBgEFBQcCARYZ aHR0cHM6Ly9jcHMudXNlcnRydXN0LmNvbTAIBgZngQwBAgEwPQYDVR0fBDYwNDAy oDCgLoYsaHR0cDovL2NybC51c2VydHJ1c3QuY29tL0dvR2V0U1NMUlNBRFZDQS5j cmwwbwYIKwYBBQUHAQEEYzBhMDgGCCsGAQUFBzAChixodHRwOi8vY3J0LnVzZXJ0 cnVzdC5jb20vR29HZXRTU0xSU0FEVkNBLmNydDAlBggrBgEFBQcwAYYZaHR0cDov L29jc3AudXNlcnRydXN0LmNvbTAxBgNVHREEKjAoghBvcGVudmVoaWNsZXMuY29t ghR3d3cub3BlbnZlaGljbGVzLmNvbTCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFp AHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFrST6o+wAABAMA RzBFAiAlWoXbSUIKoPqHtqbnPsOpNKRMS6HGJrmhKcVHXhK/AAIhAPIH/GprDaV1 ZqPCwbz8eAqgZpkTMRC6tl12VLOfDNoRAHcARJRlLrDuzq/EQAfYqP4owNrmgr7Y yzG1P9MzlrW2gagAAAFrST6pLQAABAMASDBGAiEAuH+O3F0uiO9Yl1EsvVHNf3uq Fqlwey1HIbIN7M0NtcYCIQDcmSwBHpsXHedHEUB+qIcx2XaLx//uOL9Zw7YIMP1D DgB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABa0k+qRsAAAQD AEcwRQIgLW/baujFP+UmNlveDGP6G1UsVLL0t7wSRrRMwvfI/2UCIQCwTuxBRChu jRMQSI6Vzqnaj40RScv+wtOi0oyEewy3MzANBgkqhkiG9w0BAQsFAAOCAQEAPFEz PTdqrHmGan2liRCRa3bGMENGn2LSy1Yz/ks2Il020D/upYi1sO/2Zh5HiMWVLUek b6dBFkjERURmIZlu8iVZIrA3tZh4rfVbOARyiGLjpgu0zjBl130RoWOyOtpWncym W0vXuXZXbdU7eeccQB/mg26456h0Pr3dZSBiUOfvsQ2VSSQtBDd/4tSLcr0L+LXg d5A1UMShVT6sbzZdm/SKEi3aewX/1VsqV67IbZjfmOdCO5BlXSW/yL0y/YAgE5Ut qVU3X+6K6TzRWgL6gcs8Ax/O6g/zyT4hqqnG4Oj4+sN1VgqLPbRShjKgtNpS/QYW YJC5MFzlu3kBRis7FA== -----END CERTIFICATE----- 1 s:C = LV, L = Riga, O = GoGetSSL, CN = GoGetSSL RSA DV CA i:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority -----BEGIN CERTIFICATE----- MIIF1zCCA7+gAwIBAgIRAJOLsI5imHtPdfmMtqUEXJYwDQYJKoZIhvcNAQEMBQAw gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE4 MDkwNjAwMDAwMFoXDTI4MDkwNTIzNTk1OVowTDELMAkGA1UEBhMCTFYxDTALBgNV BAcTBFJpZ2ExETAPBgNVBAoTCEdvR2V0U1NMMRswGQYDVQQDExJHb0dldFNTTCBS U0EgRFYgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfwF4hD6E1 kLglXs1n2fH5vMQukCGyyD4LqLsc3pSzeh8we7njU4TB85BH5YXqcfwiH1Sf78aB hk1FgXoAZ3EQrF49We8mnTtTPFRnMwEHLJRpY9I/+peKeAZNL0MJG5zM+9gmcSpI OTI6p7MPela72g0pBQjwcExYLqFFVsnroEPTRRlmfTBTRi9r7rYcXwIct2VUCRmj jR1GX13op370YjYwgGv/TeYqUWkNiEjWNskFDEfxSc0YfoBwwKdPNfp6t/5+RsFn lgQKstmFLQbbENsdUEpzWEvZUpDC4qPvRrxEKcF0uLoZhEnxhskwXSTC64BNtc+l VEk7/g/be8svAgMBAAGjggF1MIIBcTAfBgNVHSMEGDAWgBRTeb9aqitKz1SA4dib wJ3ysgNmyzAdBgNVHQ4EFgQU+ftQxItnu2dk/oMhpqnOP1WEk5kwDgYDVR0PAQH/ BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMCIGA1UdIAQbMBkwDQYLKwYBBAGyMQECAkAwCAYGZ4EMAQIBMFAG A1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1 c3RSU0FDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgw PwYIKwYBBQUHMAKGM2h0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RS U0FBZGRUcnVzdENBLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy dXN0LmNvbTANBgkqhkiG9w0BAQwFAAOCAgEAXXRDKHiA5DOhNKsztwayc8qtlK4q Vt2XNdlzXn4RyZIsC9+SBi0Xd4vGDhFx6XX4N/fnxlUjdzNN/BYY1gS1xK66Uy3p rw9qI8X12J4er9lNNhrsvOcjB8CT8FyvFu94j3Bs427uxcSukhYbERBAIN7MpWKl VWxT3q8GIqiEYVKa/tfWAvnOMDDSKgRwMUtggr/IE77hekQm20p7e1BuJODf1Q7c FPt7T74m3chg+qu0xheLI6HsUFuOxc7R5SQlkFvaVY5tmswfWpY+rwhyJW+FWNbT uNXkxR4v5KOQPWrY100/QN68/j17paKuSXNcsr56snuB/Dx+MACLBdsF35HxPadx 78vkfQ37WcVmKZtHrHJQ/QUyjxdG8fezMsh0f+puUln/O+NlsFtipve8qYa9h/K5 yD0oZN93ChWve78XrV4vCpjO75Nk5B8O9CWQqGTHbhkgvjyb9v/B+sYJqB22/NLl R4RPvbmqDJGeEI+4u6NJ5YiLIVVsX+dyfFP8zUbSsj6J34RyCYKBbQ4L+r7k8Srs LY51WUFP292wkFDPSDmV7XsUNTDOZoQcBh2Fycf7xFfxeA+6ERx2d8MpPPND7yS2 1dkf+SY5SdpSbAKtYmbqb9q8cZUDEImNWJFUVHBLDOrnYhGwJudE3OBXRTxNhMDm IXnjEeWrFvAZQhk= -----END CERTIFICATE----- 2 s:C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority i:C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root -----BEGIN CERTIFICATE----- MIIFdzCCBF+gAwIBAgIQE+oocFv07O0MNmMJgGFDNjANBgkqhkiG9w0BAQwFADBv MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow gYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtK ZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYD VQQDEyVVU0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00yt UINh4qogTQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NC tnbyqTsrkfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQf jtTkUcYRZ0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM 8Ny8nkz+rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hm AUTnAU5GU5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiV Z4vuPVb+DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9 N6frXTpsNVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sF qV4Wg8y4Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9 HE0XvMnsQybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ +gQek9QmRkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyX HAc/DVL17e8vgg8CAwEAAaOB9DCB8TAfBgNVHSMEGDAWgBStvZh6NLQm9/rEJlTv A73gJMtUGjAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/ BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEQGA1Ud HwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9BZGRUcnVzdEV4 dGVybmFsQ0FSb290LmNybDA1BggrBgEFBQcBAQQpMCcwJQYIKwYBBQUHMAGGGWh0 dHA6Ly9vY3NwLnVzZXJ0cnVzdC5jb20wDQYJKoZIhvcNAQEMBQADggEBAJNl9jeD lQ9ew4IcH9Z35zyKwKoJ8OkLJvHgwmp1ocd5yblSYMgpEg7wrQPWCcR23+WmgZWn RtqCV6mVksW2jwMibDN3wXsyF24HzloUQToFJBv2FAY7qCUkDrvMKnXduXBBP3zQ YzYhBx9G/2CkkeFnvN4ffhkUyWNnkepnB2u0j4vAbkN9w6GAbLIevFOFfdyQoaS8 Le9Gclc1Bb+7RrtubTeZtv8jkpHGbkD4jylW6l/VXxRTrPBPYer3IsynVgviuDQf Jtl7GQVoP7o81DgGotPmjw7jtHFtQELFhLRAlSv0ZaBIefYdgWOWnU914Ph85I6p 0fKtirOMxyHNwu8= -----END CERTIFICATE----- --- Server certificate subject=OU = Domain Control Validated, OU = GoGetSSL Domain SSL, CN = openvehicles.com issuer=C = LV, L = Riga, O = GoGetSSL, CN = GoGetSSL RSA DV CA --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 5117 bytes and written 402 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: D73DFC1EE4F2C0B3E62AB6B51C56D5DDA1313B2CA1571690FC50443C3D2B6A16 Session-ID-ctx: Resumption PSK: C269007053F8FF7DB404890C1AA2EE1D7CCBC110F53B1E9092DE8A23E62600E02332F669785002D1572E89DD8342EC7D PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 88 e9 05 86 f7 7a de f2-c4 70 68 23 ac b1 99 4e .....z...ph#...N 0010 - be 04 95 a5 9e 7a 01 b9-91 13 9b 5c 7b d1 05 88 .....z.....\{... 0020 - 89 62 26 2d 23 d6 e3 84-26 d3 df 86 d6 27 f3 99 .b&-#...&....'.. 0030 - 4d 46 19 76 5d 20 44 ed-3a fa a0 1a 9a fd 79 4e MF.v] D.:.....yN 0040 - 48 e0 b5 5f 93 dc be 48-c6 6c 9e ce 87 87 28 10 H.._...H.l....(. 0050 - be 41 fe 4a 2f 15 ca 1c-b2 be df 53 32 34 e8 fa .A.J/......S24.. 0060 - fb 4e 1b b9 c4 87 57 29-d5 7f 8c 9d 95 27 02 3d .N....W).....'.= 0070 - 15 7a ad 94 68 24 a3 a7-e9 3b 5d 0e eb 16 d1 15 .z..h$...;]..... 0080 - c2 76 f5 25 0d 71 bf 5a-79 28 32 31 5a 7c 55 6b .v.%.q.Zy(21Z|Uk 0090 - 9d 36 03 46 4f d9 9d ad-98 1f f5 d5 1f c0 3b fd .6.FO.........;. 00a0 - db 88 8c 19 1f c5 37 d7-b5 cc 7c 60 fb 16 16 3d ......7...|`...= 00b0 - 0e e0 f1 47 31 e0 e6 6e-d2 ed c3 e7 f6 ca dc 40 ...G1..n.......@ 00c0 - 63 20 9b 9d 28 76 b6 12-67 1f df e4 d1 55 c9 b8 c ..(v..g....U.. 00d0 - 22 e3 93 e8 6d 7d 24 97-16 bb 04 a9 36 60 4b 96 "...m}$.....6`K. 00e0 - b2 c6 56 e0 84 69 86 9a-05 aa 0c df 46 bb e7 57 ..V..i......F..W 00f0 - bf 6b 99 1b 45 00 b1 f1-f5 f1 08 ac 4f da c7 d7 .k..E.......O... Start Time: 1607678615 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK --- Post-Handshake New Session Ticket arrived: SSL-Session: Protocol : TLSv1.3 Cipher : TLS_AES_256_GCM_SHA384 Session-ID: 80552EC1E56C294A361BEB90409EA7DC3EC6411BF36BDCE1EE53FDF379EC5255 Session-ID-ctx: Resumption PSK: 7174062908AF7FABD50C7E4794CA4A5BEBD9A267AE0300604016D9B5BC8153289CEF5E6EC2D302B3808B0B5DE8D8CBEB PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 300 (seconds) TLS session ticket: 0000 - 88 e9 05 86 f7 7a de f2-c4 70 68 23 ac b1 99 4e .....z...ph#...N 0010 - 85 73 3b 94 0f 8b 0c 1e-44 80 d1 2b 3b 6d ce 1f .s;.....D..+;m.. 0020 - 6f 8d e8 dc fb 84 7e 50-ec 77 36 77 28 8d 61 9b o.....~P.w6w(.a. 0030 - 69 db ec 2b f1 64 55 d5-3d e7 c6 fa 84 7c 1c df i..+.dU.=....|.. 0040 - 03 07 a4 04 c9 f1 41 05-0b 50 32 1b 33 7e f5 09 ......A..P2.3~.. 0050 - fb ea 90 c9 82 70 7d 26-e8 cf 22 69 67 ee ce dd .....p}&.."ig... 0060 - b1 2b 8f d6 8b 91 f7 d9-4e 48 72 95 e1 f7 74 d8 .+......NHr...t. 0070 - 07 9c ac ad 6a 75 75 fc-04 df 89 09 05 df fc e9 ....juu......... 0080 - 8f 09 27 84 17 28 ec 3d-c5 19 35 a1 c5 83 55 70 ..'..(.=..5...Up 0090 - 84 c1 e8 8d 0f 07 0e 59-6b 32 54 4e 1d 3b 34 cc .......Yk2TN.;4. 00a0 - 60 f5 18 b2 f4 fe 87 9a-45 3f ae 9b d2 b7 5f 4c `.......E?...._L 00b0 - 5b 92 f1 38 5e a6 15 a1-de 8f 3e 9e a2 28 b7 69 [..8^.....>..(.i 00c0 - b8 21 80 b4 5f 36 9d 9a-79 de 5a 85 c6 86 2b b0 .!.._6..y.Z...+. 00d0 - 7a 01 9c a4 17 5f dc 25-04 58 7f c9 f0 15 4e 27 z...._.%.X....N' 00e0 - c4 c6 06 73 df bb 2e 27-fc 51 dd 2f b2 ae bd 78 ...s...'.Q./...x 00f0 - 14 96 d8 71 f8 b9 e0 8e-4c 4a 1c 02 ba 92 c4 d3 ...q....LJ...... Start Time: 1607678615 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no Max Early Data: 0 --- read R BLOCK closed Regards, Michael Am 11.12.20 um 02:47 schrieb Stephen Casner:
I've just moved to a different laptop which caused me to look at some things I have not looked at for a while. One of them was the perl script Tom Saxton gave me to query the openvehicles server to gather the log entries for my car. That script references:
https://www.openvehicles.com:6869
This is now failing to log in. Testing manually with curl gives:
auge14> curl -X GET -c ovms-cookie "https:/www.openvehicles.com:6869/api/cookie?username=xxxx&password=xxxx" curl: (60) SSL certificate problem: certificate has expired More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
This looks like it could be related to the AddTrust CA cert expiration that occurred back in May. I check the macOS keychain and I see that the new USERTrust RSA CA certificate is already there and matches the one that Mark included with his email to this list about the problem.
Looking on the web for guidance I found the following suggested command which appear to indicate that the server is still using a certificate referencing the old CA cert?
auge15> openssl s_client -showcerts -servername www.openvehicles.com -connect www.openvehicles.com:443 > cacert.pem depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root verify error:num=10:certificate has expired notAfter=May 30 10:48:38 2020 GMT
Is this something that needs to be fixed on the server, or is there something I need to change in my query?
-- Steve _______________________________________________ OvmsDev mailing list OvmsDev@lists.openvehicles.com http://lists.openvehicles.com/mailman/listinfo/ovmsdev
-- Michael Balzer * Helkenberger Weg 9 * D-58256 Ennepetal Fon 02333 / 833 5735 * Handy 0176 / 206 989 26
Michael, Thanks for including the cacert.pem output. I've attached mine here for comparison. I have not figured out the problem yet; maybe just openssl version. -- Steve
On Fri, 11 Dec 2020, Stephen Casner wrote:
Thanks for including the cacert.pem output. I've attached mine here for comparison. I have not figured out the problem yet; maybe just openssl version.
Indeed, updating openssl fixed the problem. I think the effective change was from TLS 1.2 to 1.3. But I don't understand why using 1.2 should cause an old certificate to be returned. -- Steve
participants (2)
-
Michael Balzer -
Stephen Casner