SSL is broken on FreeBSD

Roberto Nunnari roberto.nunnari at supsi.ch
Fri Apr 1 23:18:07 UTC 2011 

István wrote:
> work:
> 
>  without the following error => "verify error:num=20:unable to get local
> issuer certificate"

Hi.
It works for me if you correct the sed command and suppress sdterr..

$ uname -rms
FreeBSD 6.4-RELEASE-p8 i386
$ openssl s_client -connect 72.21.203.148:443 2>/dev/null < /dev/null | 
sed -ne /-BEGIN\ CERTIFICATE-/,/-END\ CERTIFICATE-/p |openssl x509 
-noout -subject -dates
subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=s3.amazonaws.com
notBefore=Oct  8 00:00:00 2010 GMT
notAfter=Oct  7 23:59:59 2013 GMT

So, it seems to be just a RexExp error..

Best regards.
Robi


> 
> 
> 
> openssl s_client -connect 72.21.203.148:443 < /dev/null
> 
> On Fri, Apr 1, 2011 at 10:26 PM, Brian Reichert <reichert at numachi.com>wrote:
> 
>> On Fri, Apr 01, 2011 at 10:01:08PM +0100, Istv??n wrote:
>>> Executing the same command:
>>>
>>> openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne
>> /-BEGIN
>>> CERTIFICATE-/,/-END CERTIFICATE-/p |openssl x509 -noout -subject -dates
>> Define 'work'.
>>
>>   % uname -v
>>   FreeBSD 4.9-RELEASE #0: Sun Dec 28 18:49:39 GMT 2003 root@
>> :/usr/src/sys/compile/SERVER
>>
>>   openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne
>>   '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout
>>   -subject -dates
>>    depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
>>   at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server
>>   CA - G2
>>   verify error:num=20:unable to get local issuer certificate
>>   verify return:0
>>   DONE
>>   subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com
>>   Inc./CN=s3.amazonaws.com
>>   notBefore=Oct  8 00:00:00 2010 GMT
>>   notAfter=Oct  7 23:59:59 2013 GMT
>>    % echo $?
>>   0
>>
>> Looks like openssl is 'working'; no segfaults, no erroneous results, exit
>> status of zero...
>>
>>> The end goal is to get this working. I am going to fix it whenever I have
>>> few hours time to waste :)
>>> _______________________________________________
>>> freebsd-security at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>>> To unsubscribe, send any mail to "
>> freebsd-security-unsubscribe at freebsd.org"
>>
>> --
>> Brian Reichert                          <reichert at numachi.com>
>> BSD admin/developer at large

More information about the freebsd-security mailing list