From owner-freebsd-security@FreeBSD.ORG  Fri Apr  1 21:53:31 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 009421065672
	for <freebsd-security@freebsd.org>;
	Fri,  1 Apr 2011 21:53:31 +0000 (UTC)
	(envelope-from reichert@numachi.com)
Received: from meisai.numachi.com (meisai.numachi.com [198.175.254.6])
	by mx1.freebsd.org (Postfix) with SMTP id 382B08FC13
	for <freebsd-security@freebsd.org>;
	Fri,  1 Apr 2011 21:53:29 +0000 (UTC)
Received: (qmail 45533 invoked by uid 1001); 1 Apr 2011 21:26:48 -0000
Date: Fri, 1 Apr 2011 17:26:48 -0400
From: Brian Reichert <reichert@numachi.com>
To: Istv??n <leccine@gmail.com>
Message-ID: <20110401212648.GK86409@numachi.com>
References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com>
	<20110401153300.GA85392@guilt.hydra>
	<AANLkTi=fqSAMiGtGQO1+t1QbhNY1m_S+x294WX3zHpOK@mail.gmail.com>
	<4D9639B0.1070302@FreeBSD.org>
	<AANLkTi=17e7qE8yAACKiYSvpvsUZhDJu4e=mmM+hHwr8@mail.gmail.com>
	<4D963C23.4080100@FreeBSD.org>
	<AANLkTi=BrOUJsbJxdpg3-njsj-Msug-cnjH1ycLFrdPx@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <AANLkTi=BrOUJsbJxdpg3-njsj-Msug-cnjH1ycLFrdPx@mail.gmail.com>
User-Agent: Mutt/1.5.9i
Cc: freebsd-security <freebsd-security@freebsd.org>,
	Doug Barton <dougb@freebsd.org>
Subject: Re: SSL is broken on FreeBSD
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Apr 2011 21:53:31 -0000

On Fri, Apr 01, 2011 at 10:01:08PM +0100, Istv??n wrote:
> Executing the same command:
> 
> openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne /-BEGIN
> CERTIFICATE-/,/-END CERTIFICATE-/p |openssl x509 -noout -subject -dates

Define 'work'.

   % uname -v
   FreeBSD 4.9-RELEASE #0: Sun Dec 28 18:49:39 GMT 2003 root@:/usr/src/sys/compile/SERVER

   openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne
   '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout
   -subject -dates
   depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
   at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server
   CA - G2
   verify error:num=20:unable to get local issuer certificate
   verify return:0
   DONE
   subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com
   Inc./CN=s3.amazonaws.com
   notBefore=Oct  8 00:00:00 2010 GMT
   notAfter=Oct  7 23:59:59 2013 GMT
   % echo $?
   0

Looks like openssl is 'working'; no segfaults, no erroneous results, exit
status of zero...

> The end goal is to get this working. I am going to fix it whenever I have
> few hours time to waste :)
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

-- 
Brian Reichert				<reichert@numachi.com>
BSD admin/developer at large