Date: Fri, 1 Apr 2011 18:50:33 -0400 From: Brian Reichert <reichert@numachi.com> To: Roberto Nunnari <roberto.nunnari@supsi.ch> Cc: Istv??n <leccine@gmail.com>, Doug Barton <dougb@freebsd.org>, freebsd-security <freebsd-security@freebsd.org> Subject: Re: SSL is broken on FreeBSD Message-ID: <20110401225033.GL86409@numachi.com> In-Reply-To: <4D9654BC.6040808@supsi.ch> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> <20110401153300.GA85392@guilt.hydra> <AANLkTi=fqSAMiGtGQO1%2Bt1QbhNY1m_S%2Bx294WX3zHpOK@mail.gmail.com> <4D9639B0.1070302@FreeBSD.org> <AANLkTi=17e7qE8yAACKiYSvpvsUZhDJu4e=mmM%2BhHwr8@mail.gmail.com> <4D963C23.4080100@FreeBSD.org> <AANLkTi=BrOUJsbJxdpg3-njsj-Msug-cnjH1ycLFrdPx@mail.gmail.com> <20110401212648.GK86409@numachi.com> <AANLkTikMSE9sx1StHQ4WRN7hq3hmPG3qetLRJkn8SCr9@mail.gmail.com> <4D9654BC.6040808@supsi.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Apr 02, 2011 at 12:42:04AM +0200, Roberto Nunnari wrote: > Istv??n wrote: > >work: > > > > without the following error => "verify error:num=20:unable to get local > >issuer certificate" > > Hi. > It works for me if you correct the sed command and suppress sdterr.. Well, I cleaned that up, too. That you got this same command to work implies you have a different set of CAs than I. His point (someone please correct me, if neccessary) is that without what he considers a reasonable set of trusted CAs in place, SSL under FreeBSD is 'broken'. I interpret this thread now to be a debate of terms 'reasonable' and 'trusted', and further, who's responsibility is it to populate that list of CAs on his machine. > $ uname -rms > FreeBSD 6.4-RELEASE-p8 i386 > $ openssl s_client -connect 72.21.203.148:443 2>/dev/null < /dev/null | > sed -ne /-BEGIN\ CERTIFICATE-/,/-END\ CERTIFICATE-/p |openssl x509 > -noout -subject -dates > subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=s3.amazonaws.com > notBefore=Oct 8 00:00:00 2010 GMT > notAfter=Oct 7 23:59:59 2013 GMT > > So, it seems to be just a RexExp error.. > > Best regards. > Robi -- Brian Reichert <reichert@numachi.com> BSD admin/developer at large
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110401225033.GL86409>