From owner-freebsd-current@freebsd.org Tue Feb 2 00:46:29 2021 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3B5C24EE919 for ; Tue, 2 Feb 2021 00:46:29 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-QB1-obe.outbound.protection.outlook.com (mail-eopbgr660075.outbound.protection.outlook.com [40.107.66.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DV5jH60Fjz3kXC; Tue, 2 Feb 2021 00:46:27 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Qh0q85K8ZachAMjQ+eUUT/vtIlOyq4SIWV0CnDg9BUsQzs0shoQEDFBkDHVDQeW9sCCegKYaaRspWszCcYQuVVBwF0jbzE6GwLjnXzusEXV/exwTlOhDpBGnqGG17d9Q+aWCp1VVuZg8iWA1lvUeIVBqNDrZpD1VyzMjS66mjxNqOIpS43SB6L8+qELt0zFFp/ft1K6kj4lDvG4cc+WXnyIudslBN0iwxd/nsRcqIrh5DWxGhkqI9WZJjU2oxaa9/bzIBiZ2fXROQaolB/GHaTdPVMYmL0uVSvIkRY5NXD5pC94vMA6he7j1t50OsHRSS7j12FtjWwrli2y564hiSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UAH4Zg+sBdiW/UClbbjxKnHdqBNjzRne2MEbtk5LGo0=; b=NrAdeL73jJ1uqAULuS2SIv9VZzZJeBQOZtZOxGz1yJWwCfSjaBGLfLY0d7+LFL89ojdhIbwtph0kje06BNDd/LjpDQZcHH44T392YtKDdAMAxSKO7IMGpAUloV77aGUjM2mUzN6l3fVyO1f/Tcue9uR4/ATEpPXrv6JUy/79FFeicWKnqmYe3bjaGrhz3cMD3pxSGk78LHMSYvHoJG6GLu/9l40TyrVQUrI3NFweOYWfQvXKluZRXtGsUjxlvLUCkEviQ/2ecwt6Hnb771Ds1/Hkv+2TMihFg2mGX3qPl5hWRr+9oEG5LypARqpSWVJCe2NXQhB9mKazNkwRjQmpOg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=uoguelph.ca; dmarc=pass action=none header.from=uoguelph.ca; dkim=pass header.d=uoguelph.ca; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=uoguelph.ca; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UAH4Zg+sBdiW/UClbbjxKnHdqBNjzRne2MEbtk5LGo0=; b=nnnCxrlify0en+tpSAnC0EaXV8hAm76QISuKaUGgFIh/YyQq6KDywNR5TAtSsyYRbkZpJboaAiz7+Q1ox5FJNxYRBeF5P4ur73G16nGL9pCy/AC/uz63dEJcLdy3HxpbIJs+qBLabn6saTEcOX/MFSiwVMqvZMBP/H5C3T3wDcLhWOlII+NJJLTXDjZML5PN1H8ngfvizsyupvPJ6N+w2BWTNnEgEy30UM0W+WbU/qNeRQ5KvZ8TiyZrFwJ4W1DU8POFKasd8eEhJ0gk52TYj0WZ6fg9OzuHk1ReYn+t/VE/wKuBaNyNEwHGwBhbiynjzU5t/f4yeVx2QdHzvzI6JA== Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:19::29) by YQBPR0101MB1363.CANPRD01.PROD.OUTLOOK.COM (2603:10b6:c00:d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3805.24; Tue, 2 Feb 2021 00:46:26 +0000 Received: from YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::6073:6fc0:5ddf:dc8a]) by YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM ([fe80::6073:6fc0:5ddf:dc8a%7]) with mapi id 15.20.3805.025; Tue, 2 Feb 2021 00:46:25 +0000 From: Rick Macklem To: FreeBSD CURRENT CC: Jung-uk Kim Subject: openssl in head returning "certificate expired" when it has not expired Thread-Topic: openssl in head returning "certificate expired" when it has not expired Thread-Index: AQHW+PSDO1fy+BZTz0iDKT4NZkEY5Q== Date: Tue, 2 Feb 2021 00:46:25 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 8540cd04-43e6-4a86-ca93-08d8c713f879 x-ms-traffictypediagnostic: YQBPR0101MB1363: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: lx0UM1lflTXmSQTWKu0LYZ5kH8wlErVEIEkzLFUe8GzrYtwERlwZCoKc1PNDVugwETZFjJieuPkRy78Jzh8iB9KtudjHY9EIfAorZNjHCStHVaqVExns51xiLC/XOQ2hGHgP4y/SaXvgteRbcqtvC5V5FVy8WwjYCpTIYkTDElrFHgeqLZWu/186ZiqMCqt4LNPlfrcVQWHI5HsGOcivQ2o+dQ42hAHsnaZXSDORNIGsPzW4B0vCoG+c1Qw8rcU5dR3urxk1LQ0zw88FZNVVsUEa/sjV4viw1OnX7rX0BAoRnas1XFowHbl+GiMLXSfCXr/SYfhO9BwA4JomVwIOq/8H4AT9y/94sHsxKoVRjv/KuIHiXGF6fMgyj5kIOM86wLuy8KVnAsbDnNyBNpZtBl0Ie4bFqUdGFOiTtAg6HX+Sfcyc/HbSvo2fP2AhH+5wM/IwQSq5BPCd3cL9th3tuwQKXzfrkIXMPVThE1Fp1dwKCI633kMEdHlMTgo0kgGgPiT7DAP+coPd3aBDPSHzaw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(39860400002)(366004)(346002)(136003)(396003)(376002)(66946007)(76116006)(7696005)(66476007)(66556008)(64756008)(66446008)(83380400001)(4326008)(2906002)(91956017)(450100002)(316002)(5660300002)(86362001)(786003)(33656002)(9686003)(8936002)(71200400001)(55016002)(8676002)(52536014)(186003)(478600001)(6916009)(6506007); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?iso-8859-1?Q?US0ZTDItbFhbs9BYcE5HF6cggE9+UvcFf0I9D42n9GeUixu3L9bMagIHyC?= =?iso-8859-1?Q?SGt/TEYFfekRqTEWNl28iwlidpsZ6+L1PwGrG/YYeYWK9zdi6Aa14oZniy?= =?iso-8859-1?Q?7Ymjme+x8wG4ZXH+GeniGSEvKUvcIAUSleIBTonKDnXMalUJkHTWjJ762T?= =?iso-8859-1?Q?4v/O4cJ5lBT16I6MLMQ2Azynqx2BrTsWCUgnKW0xAE7IGQIxGDL54KB56J?= =?iso-8859-1?Q?QCplHglmpHFm89jqkzcU1U7UhadP2h0JEFUUPP8Cadw918VRUFocCAyvWP?= =?iso-8859-1?Q?by16sVDku9lwg2LE8fvowqA2T3teVWclYYZRmDJWxu0vKi2xEWG9VPGrop?= =?iso-8859-1?Q?QoO2LeTpuq/0W7sdZWs9TD8jh9EnksXXC4YFon66Y5dQ/JjANk1AAG6u8L?= =?iso-8859-1?Q?ve+ZQMbZyDY3krWuMxAum8030ze/KdQb7ue5ofnYZ3qvL17HG5ojJYQc1E?= =?iso-8859-1?Q?WXPHANR6ToPmUEvFbhQ2qyZJWAt5FRt3IpeEsFLlHNqU+jj775t8XPeTXr?= =?iso-8859-1?Q?cjIMKREwD508sKe9Y9Ua0SU7hVrNO8kNPKgNQ1UlB5KWEXZfHz3KFOGoiD?= =?iso-8859-1?Q?o8qOrNERsFq1rKAtSYZX9qtQ8KG/ymmulebNuwAIyNCFSjH3FOpo4jEQXs?= =?iso-8859-1?Q?pcU2hG5C0ZGsA8/+UWGrGxI/prY9Nj3SPRXOBADipXgm1DhFbzmdwGG17M?= =?iso-8859-1?Q?BNzxuzbNf6iN9YFMVdDHIbBPnQVT7vP5HE7zH4mwoU5lpQ6Ceu3rm/Od/2?= =?iso-8859-1?Q?i0PZ9kzeF/dZer7LsToQ50Uc2slQs9NgwSFg4zqbro2is+6msHLPHFbYym?= =?iso-8859-1?Q?+mzGVuaYNXlj80udLkbZ53dMu1uoa55ans5bv2WvrKDBqUNtV59r9IpAhn?= =?iso-8859-1?Q?7L1iPth7xC6jE99WvDv7QbUWNJUjop+m23RBUJDRLtk/17WpdtGXVpus6V?= =?iso-8859-1?Q?qV1dYDWxCt+VTUiKKmciATZjmZsI7KNtLwar15HedOjHU4S9SNu4bm5ZcA?= =?iso-8859-1?Q?C4TgEUcrwYYQzZHCg91tq+3sd2Tinr32YIzunlGSPrkH5N3I4i66NZfOrn?= =?iso-8859-1?Q?qbLlO+dE7gylr5bgLLfvgAWbd5nFCJ2Iazf0Zarntskd4mHdJvqwmdth0N?= =?iso-8859-1?Q?DwGJKsTXn0aoI9lq+QCCTfN+vhipU=3D?= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 8540cd04-43e6-4a86-ca93-08d8c713f879 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Feb 2021 00:46:25.9442 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: U0fhe9uvx4JPPCqgcp0pt5JzQYrGENXWqhZosNLR55wG9EPWT28fmBEmdLSefz7AaNBFYMjKR0SKqJ74ZDkJ3w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: YQBPR0101MB1363 X-Rspamd-Queue-Id: 4DV5jH60Fjz3kXC X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=uoguelph.ca header.s=selector1 header.b=nnnCxrli; arc=pass (microsoft.com:s=arcselector9901:i=1); dmarc=pass (policy=none) header.from=uoguelph.ca; spf=pass (mx1.freebsd.org: domain of rmacklem@uoguelph.ca designates 40.107.66.75 as permitted sender) smtp.mailfrom=rmacklem@uoguelph.ca X-Spamd-Result: default: False [-6.00 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RBL_DBL_DONT_QUERY_IPS(0.00)[40.107.66.75:from]; R_DKIM_ALLOW(-0.20)[uoguelph.ca:s=selector1]; FREEFALL_USER(0.00)[rmacklem]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/16]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000]; SPAMHAUS_ZRD(0.00)[40.107.66.75:from:127.0.2.255]; RCVD_COUNT_THREE(0.00)[3]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[uoguelph.ca:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[40.107.66.75:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; DMARC_POLICY_ALLOW(-0.50)[uoguelph.ca,none]; DWL_DNSWL_LOW(-1.00)[uoguelph.ca:dkim]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:8075, ipnet:40.104.0.0/14, country:US]; ARC_ALLOW(-1.00)[microsoft.com:s=arcselector9901:i=1]; MAILMAN_DEST(0.00)[freebsd-current]; RWL_MAILSPIKE_POSSIBLE(0.00)[40.107.66.75:from] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2021 00:46:29 -0000 I've recently been testing the daemons that do the=0A= non-application data stuff for nfs-over-tls with the=0A= openssl in head.=0A= =0A= These daemons work fine with both ports/security/openssl (openssl-1.1.1h)= =0A= and ports/security/openssl-devel (openssl3-alpha).=0A= =0A= However, when linked to the openssl in head, the basic handshake=0A= and KTLS works, but the peer certificate from the client is reported=0A= as expired by SSL_get_verify_result(), although it is still valid.=0A= I added some debug output and the "notAfter" field of the=0A= certificate looks correct, so the certificate doesn't seem to be=0A= corrupted.=0A= =0A= I tried backporting the changes in crypto/x509 in head back=0A= into ports/security/openssl and it still worked, so those changes=0A= do not seem to have caused the problem.=0A= There are several differences in the configured options, but I cannot=0A= see any other differences between ports/security/openssl and=0A= what is in head that could cause this.=0A= (The options that differ seem related to old encryption types, etc.)=0A= =0A= Any other ideas for tracking this down?=0A= =0A= Thanks, rick=