Date: Sat, 02 Apr 2011 00:42:04 +0200 From: Roberto Nunnari <roberto.nunnari@supsi.ch> To: =?UTF-8?B?SXN0dsOhbg==?= <leccine@gmail.com> Cc: freebsd-security <freebsd-security@freebsd.org>, Doug Barton <dougb@freebsd.org> Subject: Re: SSL is broken on FreeBSD Message-ID: <4D9654BC.6040808@supsi.ch> In-Reply-To: <AANLkTikMSE9sx1StHQ4WRN7hq3hmPG3qetLRJkn8SCr9@mail.gmail.com> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> <20110401153300.GA85392@guilt.hydra> <AANLkTi=fqSAMiGtGQO1%2Bt1QbhNY1m_S%2Bx294WX3zHpOK@mail.gmail.com> <4D9639B0.1070302@FreeBSD.org> <AANLkTi=17e7qE8yAACKiYSvpvsUZhDJu4e=mmM%2BhHwr8@mail.gmail.com> <4D963C23.4080100@FreeBSD.org> <AANLkTi=BrOUJsbJxdpg3-njsj-Msug-cnjH1ycLFrdPx@mail.gmail.com> <20110401212648.GK86409@numachi.com> <AANLkTikMSE9sx1StHQ4WRN7hq3hmPG3qetLRJkn8SCr9@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
István wrote: > work: > > without the following error => "verify error:num=20:unable to get local > issuer certificate" Hi. It works for me if you correct the sed command and suppress sdterr.. $ uname -rms FreeBSD 6.4-RELEASE-p8 i386 $ openssl s_client -connect 72.21.203.148:443 2>/dev/null < /dev/null | sed -ne /-BEGIN\ CERTIFICATE-/,/-END\ CERTIFICATE-/p |openssl x509 -noout -subject -dates subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=s3.amazonaws.com notBefore=Oct 8 00:00:00 2010 GMT notAfter=Oct 7 23:59:59 2013 GMT So, it seems to be just a RexExp error.. Best regards. Robi > > > > openssl s_client -connect 72.21.203.148:443 < /dev/null > > On Fri, Apr 1, 2011 at 10:26 PM, Brian Reichert <reichert@numachi.com>wrote: > >> On Fri, Apr 01, 2011 at 10:01:08PM +0100, Istv??n wrote: >>> Executing the same command: >>> >>> openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne >> /-BEGIN >>> CERTIFICATE-/,/-END CERTIFICATE-/p |openssl x509 -noout -subject -dates >> Define 'work'. >> >> % uname -v >> FreeBSD 4.9-RELEASE #0: Sun Dec 28 18:49:39 GMT 2003 root@ >> :/usr/src/sys/compile/SERVER >> >> openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne >> '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout >> -subject -dates >> depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use >> at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server >> CA - G2 >> verify error:num=20:unable to get local issuer certificate >> verify return:0 >> DONE >> subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com >> Inc./CN=s3.amazonaws.com >> notBefore=Oct 8 00:00:00 2010 GMT >> notAfter=Oct 7 23:59:59 2013 GMT >> % echo $? >> 0 >> >> Looks like openssl is 'working'; no segfaults, no erroneous results, exit >> status of zero... >> >>> The end goal is to get this working. I am going to fix it whenever I have >>> few hours time to waste :) >>> _______________________________________________ >>> freebsd-security@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-security >>> To unsubscribe, send any mail to " >> freebsd-security-unsubscribe@freebsd.org" >> >> -- >> Brian Reichert <reichert@numachi.com> >> BSD admin/developer at large
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D9654BC.6040808>