https://bugzilla.suse.com/show_bug.cgi?id=1208891 Bug ID: 1208891 Summary: openssl client cert authentication does not work when passing -quiet Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: otto.hollmann@suse.com Reporter: mrueckert@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- We found this while testing cert auth for rsync-ssl with openssl cli as backend. rsync-ssl calls openssl with -quiet. ``` /usr/bin/openssl s_client -quiet -verify_quiet -verify_return_error -verify 4 -cert ${SSL_CLIENT_CERT} -key ${SSL_CLIENT_CERT} -servername ${SSL_CLIENT_HOST} -verify_hostname ${SSL_CLIENT_HOST} -connect ${SSL_CLIENT_HOST}:1453 < /dev/null ; echo $? 4027DBD1057F0000:error:0A000418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:ssl/record/rec_layer_s3.c:1605:SSL alert number 48 1 ``` now the same without -quiet ``` /usr/bin/openssl s_client -verify_quiet -verify_return_error -verify 4 -cert ${SSL_CLIENT_CERT} -key ${SSL_CLIENT_CERT} -servername ${SSL_CLIENT_HOST} -verify_hostname ${SSL_CLIENT_HOST} -connect ${SSL_CLIENT_HOST}:1453 < /dev/null ; echo $? verify depth is 4 CONNECTED(00000003) --- Certificate chain [snip] New, TLSv1.3, Cipher is TLS_CHACHA20_POLY1305_SHA256 Server public key is 256 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- DONE 0 ``` My guess would be that it might be related to -quiet blocking a potential password prompt for the private key. but as the key in question is unprotected it should just work. -- You are receiving this mail because: You are on the CC list for the bug.