Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 143959 Details for
Bug 210693
dev-libs/openssl-0.9.8g fails to verify certificate - /etc/ssl/certs not searched for CA certs
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Logs of the SSL handshake with and without -CAfile parameter
bugmail (text/plain), 7.21 KB, created by
Andreas K. Hüttel
on 2008-02-19 12:48:04 UTC
(
hide
)
Description:
Logs of the SSL handshake with and without -CAfile parameter
Filename:
MIME Type:
Creator:
Andreas K. Hüttel
Created:
2008-02-19 12:48:04 UTC
Size:
7.21 KB
patch
obsolete
>========================== 1st try ============================ > >huettel@bellini ~ $ openssl s_client -connect srv609.tudelft.net:443 >depth=1 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware >verify error:num=20:unable to get local issuer certificate >verify return:0 >CONNECTED(00000003) >--- >Certificate chain > 0 s:/C=NL/postalCode=2628 BL/ST=Zuid Holland/L=Delft/streetAddress=Julianalaan 134/O=TU Delft/OU=ICT/OU=EliteSSL/CN=srv609.tudelft.net > i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware > 1 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware > i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root >--- >Server certificate >-----BEGIN CERTIFICATE----- >MIIFNTCCBB2gAwIBAgIRAKEltIx7NxvdYmHspCKI/QowDQYJKoZIhvcNAQEFBQAw >gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl >IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY >aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0 >LUhhcmR3YXJlMB4XDTA3MTAxNTAwMDAwMFoXDTA4MTExMDIzNTk1OVowgbExCzAJ >BgNVBAYTAk5MMRAwDgYDVQQREwcyNjI4IEJMMRUwEwYDVQQIEwxadWlkIEhvbGxh >bmQxDjAMBgNVBAcTBURlbGZ0MRgwFgYDVQQJEw9KdWxpYW5hbGFhbiAxMzQxETAP >BgNVBAoTCFRVIERlbGZ0MQwwCgYDVQQLEwNJQ1QxETAPBgNVBAsTCEVsaXRlU1NM >MRswGQYDVQQDExJzcnY2MDkudHVkZWxmdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQAD >gY0AMIGJAoGBAJahIq6Xc9aZAXEcO6V0wKq8r4w+o2Tzs1dRvsvsUFbwHXxKPkWC >y87PBz5CEAcNhO8YSpPsn+TOOWGBxO6nY2HDTtM/bWjEm9ra4sQ+BF6DG9t9ddhv >jslDC5WCf+G97NA7XWqPGkFNlSa3j7ch39lpY73dSPeDHcSxumlh597pAgMBAAGj >ggHiMIIB3jAfBgNVHSMEGDAWgBShcl8mGyiYQ5VdBzfVhZadS9LDRTAdBgNVHQ4E >FgQUFNXETrICdXQO4SC3+E5mhIl8Y6IwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB >/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIB >AQQEAwIGwDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBDArMCkGCCsGAQUFBwIB >Fh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzB7BgNVHR8EdDByMDigNqA0 >hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJl >LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3Qt >SGFyZHdhcmUuY3JsMIGGBggrBgEFBQcBAQR6MHgwOwYIKwYBBQUHMAKGL2h0dHA6 >Ly9jcnQuY29tb2RvY2EuY29tL1VUTkFkZFRydXN0U2VydmVyQ0EuY3J0MDkGCCsG >AQUFBzAChi1odHRwOi8vY3J0LmNvbW9kby5uZXQvVVROQWRkVHJ1c3RTZXJ2ZXJD >QS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAJMToPQit65ydL+Q3tLgTLUWA0UdkHh1 >CW5MVM5H4URb0QDcRrIcEgLENZfu6XlMU4oIyNcgRSP4h/i7HjEoc+Q7INw/Ec83 >J3DWxAUPkz2x8YC2xommtO20roYUC+v2vxQPNOM0dzdG8J9Av+UEgn+pMAzPfeQZ >ZqxKJlq3OGKNGYOf3QvY5Fnzh31k9khLIL7hNWN21EjjXR1d1fGYQop+GQojeCaR >QjT473aL/D2WfOk/z07/Exo388kb9QaRwjoDQMiLYobtzNRCuwaC+WDmcX0B99PT >2dpOTItVfg6jl9K2ujDJO4cc620S5ajaIYsL+goRjpD+ohQq8B++CNE= >-----END CERTIFICATE----- >subject=/C=NL/postalCode=2628 BL/ST=Zuid Holland/L=Delft/streetAddress=Julianalaan 134/O=TU Delft/OU=ICT/OU=EliteSSL/CN=srv609.tudelft.net >issuer=/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware >--- >No client certificate CA names sent >--- >SSL handshake has read 2619 bytes and written 324 bytes >--- >New, TLSv1/SSLv3, Cipher is RC4-MD5 >Server public key is 1024 bit >Compression: NONE >Expansion: NONE >SSL-Session: > Protocol : TLSv1 > Cipher : RC4-MD5 > Session-ID: 521F0000C6654A45F30619B440C2810C415CFA91E2E6CF5EF34ADE1BBCE70600 > Session-ID-ctx: > Master-Key: 7D2685A0C8D09F66BB5CF7140203C86010E320FE61043B19C253BCFA7E95F0E429E1683045AA742D5099833390A3408F > Key-Arg : None > Start Time: 1203366089 > Timeout : 300 (sec) > Verify return code: 20 (unable to get local issuer certificate) >--- > > >========== 2nd try with -CAfile=... ============================ > > >huettel@bellini ~ $ openssl s_client -connect srv609.tudelft.net:443 -CAfile /etc/ssl/certs/AddTrust_External_Root.pem >depth=2 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root >verify return:1 >depth=1 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware >verify return:1 >depth=0 /C=NL/postalCode=2628 BL/ST=Zuid Holland/L=Delft/streetAddress=Julianalaan 134/O=TU Delft/OU=ICT/OU=EliteSSL/CN=srv609.tudelft.net >verify return:1 >CONNECTED(00000003) >--- >Certificate chain > 0 s:/C=NL/postalCode=2628 BL/ST=Zuid Holland/L=Delft/streetAddress=Julianalaan 134/O=TU Delft/OU=ICT/OU=EliteSSL/CN=srv609.tudelft.net > i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware > 1 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware > i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root >--- >Server certificate >-----BEGIN CERTIFICATE----- >MIIFNTCCBB2gAwIBAgIRAKEltIx7NxvdYmHspCKI/QowDQYJKoZIhvcNAQEFBQAw >gZcxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtl >IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMY >aHR0cDovL3d3dy51c2VydHJ1c3QuY29tMR8wHQYDVQQDExZVVE4tVVNFUkZpcnN0 >LUhhcmR3YXJlMB4XDTA3MTAxNTAwMDAwMFoXDTA4MTExMDIzNTk1OVowgbExCzAJ >BgNVBAYTAk5MMRAwDgYDVQQREwcyNjI4IEJMMRUwEwYDVQQIEwxadWlkIEhvbGxh >bmQxDjAMBgNVBAcTBURlbGZ0MRgwFgYDVQQJEw9KdWxpYW5hbGFhbiAxMzQxETAP >BgNVBAoTCFRVIERlbGZ0MQwwCgYDVQQLEwNJQ1QxETAPBgNVBAsTCEVsaXRlU1NM >MRswGQYDVQQDExJzcnY2MDkudHVkZWxmdC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQAD >gY0AMIGJAoGBAJahIq6Xc9aZAXEcO6V0wKq8r4w+o2Tzs1dRvsvsUFbwHXxKPkWC >y87PBz5CEAcNhO8YSpPsn+TOOWGBxO6nY2HDTtM/bWjEm9ra4sQ+BF6DG9t9ddhv >jslDC5WCf+G97NA7XWqPGkFNlSa3j7ch39lpY73dSPeDHcSxumlh597pAgMBAAGj >ggHiMIIB3jAfBgNVHSMEGDAWgBShcl8mGyiYQ5VdBzfVhZadS9LDRTAdBgNVHQ4E >FgQUFNXETrICdXQO4SC3+E5mhIl8Y6IwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB >/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBEGCWCGSAGG+EIB >AQQEAwIGwDBGBgNVHSAEPzA9MDsGDCsGAQQBsjEBAgEDBDArMCkGCCsGAQUFBwIB >Fh1odHRwczovL3NlY3VyZS5jb21vZG8ubmV0L0NQUzB7BgNVHR8EdDByMDigNqA0 >hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9VVE4tVVNFUkZpcnN0LUhhcmR3YXJl >LmNybDA2oDSgMoYwaHR0cDovL2NybC5jb21vZG8ubmV0L1VUTi1VU0VSRmlyc3Qt >SGFyZHdhcmUuY3JsMIGGBggrBgEFBQcBAQR6MHgwOwYIKwYBBQUHMAKGL2h0dHA6 >Ly9jcnQuY29tb2RvY2EuY29tL1VUTkFkZFRydXN0U2VydmVyQ0EuY3J0MDkGCCsG >AQUFBzAChi1odHRwOi8vY3J0LmNvbW9kby5uZXQvVVROQWRkVHJ1c3RTZXJ2ZXJD >QS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAJMToPQit65ydL+Q3tLgTLUWA0UdkHh1 >CW5MVM5H4URb0QDcRrIcEgLENZfu6XlMU4oIyNcgRSP4h/i7HjEoc+Q7INw/Ec83 >J3DWxAUPkz2x8YC2xommtO20roYUC+v2vxQPNOM0dzdG8J9Av+UEgn+pMAzPfeQZ >ZqxKJlq3OGKNGYOf3QvY5Fnzh31k9khLIL7hNWN21EjjXR1d1fGYQop+GQojeCaR >QjT473aL/D2WfOk/z07/Exo388kb9QaRwjoDQMiLYobtzNRCuwaC+WDmcX0B99PT >2dpOTItVfg6jl9K2ujDJO4cc620S5ajaIYsL+goRjpD+ohQq8B++CNE= >-----END CERTIFICATE----- >subject=/C=NL/postalCode=2628 BL/ST=Zuid Holland/L=Delft/streetAddress=Julianalaan 134/O=TU Delft/OU=ICT/OU=EliteSSL/CN=srv609.tudelft.net >issuer=/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware >--- >No client certificate CA names sent >--- >SSL handshake has read 2619 bytes and written 324 bytes >--- >New, TLSv1/SSLv3, Cipher is RC4-MD5 >Server public key is 1024 bit >Compression: NONE >Expansion: NONE >SSL-Session: > Protocol : TLSv1 > Cipher : RC4-MD5 > Session-ID: 771500004C4A7AACD55CDC4E3087598FA12E6372AC21275C3AA9331DF32EBDA2 > Session-ID-ctx: > Master-Key: E3BA1AC0A3A74676861CB41B4EF15A9FCAAD65CFCA40C3FD24C8AD86FC2CA36BACE208D4DA856FC6968AA781E3BE99A7 > Key-Arg : None > Start Time: 1203370049 > Timeout : 300 (sec) > Verify return code: 0 (ok) >--- > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=143959">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 210693
: 143959
