I'm trying to set up a listener to check if an application checks the server's certificate (I'm strongly assuming it is not). So I've created a self-signed certificate fake.pem for a listener and am trying to connect to it from the application.
socat openssl-listen:443,reuseaddr,cert=./fake.pem echo The packets I capture in Wireshark are
Client (C) -> Server(S): SYN S->C: SYN-ACK C->S: ACK C->S: sClient Hello S->C: ACK S->C: Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done C->S: Certificate, Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message S->C: Alert (Level: Fatal, Description: handshake Failure) S->C: RST ACK` I thought that socat only checks against the option cafile (at least that's what it says in the manpage). Does it perform additional checks I could disable?
Could there be other good reasons why the server side would complain besides not a valid certificate from the client?
