Cannot connect to IP addresses on OpenBSD (LibreSSL)
Closed this issue · 1 comments
matteocorti commented
Describe the bug
The script fails to connect to hosts specified with an IP address on OpenBSD with LibreSSL
To Reproduce
./check_ssl_cert -H 138.201.94.172
SSL_CERT CRITICAL 138.201.94.172:443: SSL error: Unable to set TLS servername extension.
Expected behavior
/check_ssl_cert -H 138.201.94.172
SSL_CERT OK - 138.201.94.172:443, https, x509 certificate 'corti.li' from 'Let's Encrypt' valid until Feb 1 19:04:54 2024 GMT (expires in 72 days)|days_chain_elem1=72;20;15;; days_chain_elem2=664;20;15;; days_chain_elem3=314;20;15;;
System (please complete the following information):
- OS: OpenBSD
- OS version: 7.4
- check_ssl_cert version: 2.76.0
- OpenSSL version (
openssl version
): LibreSSL 3.8.2
Additional context/output
LibreSSL does not accept an IP as -servername
:
$ /usr/bin/openssl s_client -crlf -connect 138.201.94.172:443 -servername 138.201.94.172 -showcerts -verify 6
verify depth is 6
Unable to set TLS servername extension.
77968620024:error:1404E13F:SSL routines:ST_BEFORE_CONNECT:ssl3 ext invalid servername:/usr/src/lib/libssl/s3_lib.c:1838:
matteocorti commented
Fixed with 7f0a507