From owner-freebsd-security@FreeBSD.ORG  Tue Apr  7 21:48:00 2015
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 4BBA5E21
 for <freebsd-security@freebsd.org>; Tue,  7 Apr 2015 21:48:00 +0000 (UTC)
Received: from mail-ig0-f181.google.com (mail-ig0-f181.google.com
 [209.85.213.181])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 18745F95
 for <freebsd-security@freebsd.org>; Tue,  7 Apr 2015 21:47:59 +0000 (UTC)
Received: by igblo3 with SMTP id lo3so23864660igb.0
 for <freebsd-security@freebsd.org>; Tue, 07 Apr 2015 14:47:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:date:message-id:subject:from:to
 :content-type;
 bh=B5nJvsSetYMx52O/Kcy1n791Z+Oe0qjJ6lbtdR4FvlA=;
 b=CpiDe/UdkeAUl/ynhdNKHM2swRV9Vqt4Yf9eVTrud1VmnnT4aWK23mbb7HjGuLa0vB
 0zLvnMLNhHwNhXHF4DOgBYwv+3HQPKT5nN18xGLCV8/aCom9hz/X1hxeaua8r/qSw1hb
 k91JHsjJMnTK5Gfs9QGWjYTpb8pMSxJXtOxCg8+jHsBu0mEVzqzMPnjWAdZHo8J7NZTa
 ag8ZIn5D8T3plRwwwunpRPp8l8fIlgQYByEX2CM9Lhu/hNNXBwEqamy/aq7XaLUOE4E9
 //VIlZYNxkIgOEOHD4XvHUGvWHPJ1KbYlWHDwmXGZsJ86kzBRDWKyiLC4ZLoUzjtHNHv
 uzCg==
X-Gm-Message-State: ALoCoQkIuWzPNQB0knTqfzeNinCkdroL1cRYO6yOebaUT/jiw0BFTpGzJ4LuzlXUB7n2HUayJ/10
MIME-Version: 1.0
X-Received: by 10.50.107.36 with SMTP id gz4mr7139696igb.25.1428443273477;
 Tue, 07 Apr 2015 14:47:53 -0700 (PDT)
Received: by 10.36.42.14 with HTTP; Tue, 7 Apr 2015 14:47:53 -0700 (PDT)
Date: Tue, 7 Apr 2015 17:47:53 -0400
Message-ID: <CAMJXocmzU6be4PXpdn9pf+VdOdsXwYkSZHM-Q1iZC-Vah7+7Qw@mail.gmail.com>
Subject: openssl certificates
From: el kalin <kalin@el.net>
To: freebsd-security@freebsd.org, freebsd-users@freebsd.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2015 21:48:00 -0000

hello...

are there any issues with openssl certificates being verified with CA files
provided by third party?

anytime i try:

openssl verify -CAfile company-root-ca.crt company_signed.crt

the thing just hangs forever without anything being returned at the prompt.
i have tried this with both company_signed.crt being just the signed
certificate and also a pfx in pem format - with the key in it.

also how to add a CA cert to ca_root_nss file?

thanks=E2=80=A6