Summary: | dev-libs/openssl - s_client: Verify return code: 20 (unable to get local issuer certificate) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Fabio Coatti <fabio.coatti> |
Component: | [OLD] Core system | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Fabio Coatti
2013-06-07 14:20:38 UTC
A couple more details: in /etc/ssl/certs I added the required intermediate certificate, as the chain needs ot. The root CA certificate was already present in /etc/ssl/certs I observed the same issue still with a bit more well known site: openssl s_client -connect google.com:443 => Verify return code: 20 (unable to get local issuer certificate) It seems to be an upstream bug: http://rt.openssl.org/Ticket/Display.html?id=1623 To verify it, try to run following command: openssl s_client -connect google.com:443 -CApath garbage => Verify return code: 0 (ok) dev-libs/openssl-1.0.1e-r1 app-misc/ca-certificates-20130119 Upstream has another bug and patch related to this. http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest should be all set now in the tree; thanks for the report! Commit message: Add fix for s_client verify http://sources.gentoo.org/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch?rev=1.1 http://sources.gentoo.org/dev-libs/openssl/openssl-1.0.1e-r2.ebuild?rev=1.1 |