From owner-freebsd-security@FreeBSD.ORG Fri Apr 1 23:18:07 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C2818106566B; Fri, 1 Apr 2011 23:18:07 +0000 (UTC) (envelope-from roberto.nunnari@supsi.ch) Received: from jupiter.nunnisoft.ch (jupiter.nunnisoft.ch [84.55.242.12]) by mx1.freebsd.org (Postfix) with ESMTP id 2DFAC8FC14; Fri, 1 Apr 2011 23:18:06 +0000 (UTC) Received: from [127.0.0.1] (venus.nunnisoft.ch [192.168.1.10]) by jupiter.nunnisoft.ch (8.14.3/8.14.3) with ESMTP id p31Mfwun073536; Sat, 2 Apr 2011 00:41:58 +0200 (CEST) (envelope-from roberto.nunnari@supsi.ch) Message-ID: <4D9654BC.6040808@supsi.ch> Date: Sat, 02 Apr 2011 00:42:04 +0200 From: Roberto Nunnari User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: =?UTF-8?B?SXN0dsOhbg==?= References: <20110401153300.GA85392@guilt.hydra> <4D9639B0.1070302@FreeBSD.org> <4D963C23.4080100@FreeBSD.org> <20110401212648.GK86409@numachi.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Antivirus: avast! (VPS 110331-1, 31.03.2011), Outbound message X-Antivirus-Status: Clean X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on jupiter.nunnisoft.ch Cc: freebsd-security , Doug Barton Subject: Re: SSL is broken on FreeBSD X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 01 Apr 2011 23:18:07 -0000 István wrote: > work: > > without the following error => "verify error:num=20:unable to get local > issuer certificate" Hi. It works for me if you correct the sed command and suppress sdterr.. $ uname -rms FreeBSD 6.4-RELEASE-p8 i386 $ openssl s_client -connect 72.21.203.148:443 2>/dev/null < /dev/null | sed -ne /-BEGIN\ CERTIFICATE-/,/-END\ CERTIFICATE-/p |openssl x509 -noout -subject -dates subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=s3.amazonaws.com notBefore=Oct 8 00:00:00 2010 GMT notAfter=Oct 7 23:59:59 2013 GMT So, it seems to be just a RexExp error.. Best regards. Robi > > > > openssl s_client -connect 72.21.203.148:443 < /dev/null > > On Fri, Apr 1, 2011 at 10:26 PM, Brian Reichert wrote: > >> On Fri, Apr 01, 2011 at 10:01:08PM +0100, Istv??n wrote: >>> Executing the same command: >>> >>> openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne >> /-BEGIN >>> CERTIFICATE-/,/-END CERTIFICATE-/p |openssl x509 -noout -subject -dates >> Define 'work'. >> >> % uname -v >> FreeBSD 4.9-RELEASE #0: Sun Dec 28 18:49:39 GMT 2003 root@ >> :/usr/src/sys/compile/SERVER >> >> openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne >> '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout >> -subject -dates >> depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use >> at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server >> CA - G2 >> verify error:num=20:unable to get local issuer certificate >> verify return:0 >> DONE >> subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com >> Inc./CN=s3.amazonaws.com >> notBefore=Oct 8 00:00:00 2010 GMT >> notAfter=Oct 7 23:59:59 2013 GMT >> % echo $? >> 0 >> >> Looks like openssl is 'working'; no segfaults, no erroneous results, exit >> status of zero... >> >>> The end goal is to get this working. I am going to fix it whenever I have >>> few hours time to waste :) >>> _______________________________________________ >>> freebsd-security@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-security >>> To unsubscribe, send any mail to " >> freebsd-security-unsubscribe@freebsd.org" >> >> -- >> Brian Reichert >> BSD admin/developer at large