From owner-freebsd-security@FreeBSD.ORG Fri Apr 1 21:41:52 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7AE791065670; Fri, 1 Apr 2011 21:41:52 +0000 (UTC) (envelope-from leccine@gmail.com) Received: from mail-bw0-f54.google.com (mail-bw0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id C93798FC0C; Fri, 1 Apr 2011 21:41:51 +0000 (UTC) Received: by bwz12 with SMTP id 12so3465473bwz.13 for ; Fri, 01 Apr 2011 14:41:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=MgV53emtu1Q6da0WsC/LRb942QZIWKLBEYCceYwTgJs=; b=YiFMNCibWfdYYBwDcqQQlh1fQsHx7RhHccMCZC1+Y43Yz+WO9m2sSOpZ3dgSaVqN6i 57pvzk62ZLuaf0bOBeMJ5UcAREuVrpyMhwmlEZnwlRVamLXqNoFsngQzEUTRQ46ypGpP OqWyWgYEXGNW6r1KiU5zabVwQIhFWemu+5xqw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=PnuLz3npl+5R4uUOW6Bp/S22RwCxrXyiENhMw6Z5BSzIa/7hDyNfPdIyEjJMAmuK+C qsyiIWNpBPZGYTCl74jhiJNCclREVwHsfYkxsWJgBe5k+7QFVVAUOSgKPMJNniEseRAB tJq73cVwqJWBxlpveTUSCQsXQ3L/X6j6VTnUU= MIME-Version: 1.0 Received: by 10.204.127.68 with SMTP id f4mr4089938bks.42.1301694110910; Fri, 01 Apr 2011 14:41:50 -0700 (PDT) Received: by 10.204.62.13 with HTTP; Fri, 1 Apr 2011 14:41:50 -0700 (PDT) In-Reply-To: <20110401212648.GK86409@numachi.com> References: <20110401153300.GA85392@guilt.hydra> <4D9639B0.1070302@FreeBSD.org> <4D963C23.4080100@FreeBSD.org> <20110401212648.GK86409@numachi.com> Date: Fri, 1 Apr 2011 22:41:50 +0100 Message-ID: From: =?UTF-8?Q?Istv=C3=A1n?= To: Brian Reichert Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security , Doug Barton Subject: Re: SSL is broken on FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Apr 2011 21:41:52 -0000 work: without the following error => "verify error:num=20:unable to get local issuer certificate" openssl s_client -connect 72.21.203.148:443 < /dev/null On Fri, Apr 1, 2011 at 10:26 PM, Brian Reichert wrote: > On Fri, Apr 01, 2011 at 10:01:08PM +0100, Istv??n wrote: > > Executing the same command: > > > > openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne > /-BEGIN > > CERTIFICATE-/,/-END CERTIFICATE-/p |openssl x509 -noout -subject -dates > > Define 'work'. > > % uname -v > FreeBSD 4.9-RELEASE #0: Sun Dec 28 18:49:39 GMT 2003 root@ > :/usr/src/sys/compile/SERVER > > openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne > '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout > -subject -dates > depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use > at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server > CA - G2 > verify error:num=20:unable to get local issuer certificate > verify return:0 > DONE > subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com > Inc./CN=s3.amazonaws.com > notBefore=Oct 8 00:00:00 2010 GMT > notAfter=Oct 7 23:59:59 2013 GMT > % echo $? > 0 > > Looks like openssl is 'working'; no segfaults, no erroneous results, exit > status of zero... > > > The end goal is to get this working. I am going to fix it whenever I have > > few hours time to waste :) > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to " > freebsd-security-unsubscribe@freebsd.org" > > -- > Brian Reichert > BSD admin/developer at large > -- the sun shines for all http://wperf.com/