Description
For unknown reason client certificate that I generated doesn't work for memcached.
Seems like all the necessary usage extensions are present, but still I receive "unsupported certificate alert number 43" when using this cert.
In order to reproduce it I enable client cert in memcached:
9 "client_cert_auth": {
|
10 "state": "enable",
|
11 "prefixes": [
|
12 {
|
13 "delimiter": "@",
|
14 "path": "san.email",
|
15 "prefix": ""
|
16 }
|
17 ]
|
18 },
|
And try to connect using the following command:
|
$ openssl s_client -connect localhost:11998 -showcerts -tls1_2 -CAfile ./ca.pem -cert ./client_chain.pem -key ./client_pkey.pem
|
which returns
4467178944:error:14094413:SSL routines:ssl3_read_bytes:sslv3 alert unsupported certificate:ssl/record/rec_layer_s3.c:1544:SSL alert number 43
|
In Memcached log I see:
|
2022-03-30T19:44:39.652325-07:00 WARNING 68: Unrecoverable error encountered: ["reading","error"], ssl_error: [{error:00000001:lib(0):func(0):reason(1)},{error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed}], shutting down connection
|
The same command works well against ns_server.
I think it makes sense to investigate as customers might hit the same issue.
All the certs are attached.