sslv3 alert certificate unknown in SSL_accept() -> fail
Henrique de Moraes Holschuh
hmh at debian.org
Sun May 21 17:15:47 EDT 2017
Hi Walter!
On Sun, 21 May 2017, Henrique de Moraes Holschuh wrote:
> On Sun, 21 May 2017, Walter H. via Info-cyrus wrote:
> > On 21.05.2017 17:01, Henrique de Moraes Holschuh wrote:
> > >On Sun, 21 May 2017, Anton via Info-cyrus wrote:
> > >>Problem looks like java app cannot validate new cert. Check ssl_store
> > >>for your java based mail gate. Are there CA and Intermediate SSL
> > >>Certificates for your new 256ssl cert in mail gate ssl store?
> > >Some java versions can take https stapling *really* seriously.
> > >
> > >You could check if the OCSP URL, and any other URLs inside the
> > >certificate itself are all https...
> > these URLs mustn't be https, as these is a never ending certificate
> > validating story ...
>
> Makes sense, but it also means that java is broken...
... it also meas that _THAT_ java (which was complaining about the http OCSP
URL) is broken ...
Sorry about that that ;-)
--
Henrique Holschuh
More information about the Info-cyrus
mailing list