SSL is broken on FreeBSD
Roberto Nunnari
roberto.nunnari at supsi.ch
Fri Apr 1 23:18:07 UTC 2011
István wrote:
> work:
>
> without the following error => "verify error:num=20:unable to get local
> issuer certificate"
Hi.
It works for me if you correct the sed command and suppress sdterr..
$ uname -rms
FreeBSD 6.4-RELEASE-p8 i386
$ openssl s_client -connect 72.21.203.148:443 2>/dev/null < /dev/null |
sed -ne /-BEGIN\ CERTIFICATE-/,/-END\ CERTIFICATE-/p |openssl x509
-noout -subject -dates
subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=s3.amazonaws.com
notBefore=Oct 8 00:00:00 2010 GMT
notAfter=Oct 7 23:59:59 2013 GMT
So, it seems to be just a RexExp error..
Best regards.
Robi
>
>
>
> openssl s_client -connect 72.21.203.148:443 < /dev/null
>
> On Fri, Apr 1, 2011 at 10:26 PM, Brian Reichert <reichert at numachi.com>wrote:
>
>> On Fri, Apr 01, 2011 at 10:01:08PM +0100, Istv??n wrote:
>>> Executing the same command:
>>>
>>> openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne
>> /-BEGIN
>>> CERTIFICATE-/,/-END CERTIFICATE-/p |openssl x509 -noout -subject -dates
>> Define 'work'.
>>
>> % uname -v
>> FreeBSD 4.9-RELEASE #0: Sun Dec 28 18:49:39 GMT 2003 root@
>> :/usr/src/sys/compile/SERVER
>>
>> openssl s_client -connect 72.21.203.148:443 < /dev/null | sed -ne
>> '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout
>> -subject -dates
>> depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
>> at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server
>> CA - G2
>> verify error:num=20:unable to get local issuer certificate
>> verify return:0
>> DONE
>> subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com
>> Inc./CN=s3.amazonaws.com
>> notBefore=Oct 8 00:00:00 2010 GMT
>> notAfter=Oct 7 23:59:59 2013 GMT
>> % echo $?
>> 0
>>
>> Looks like openssl is 'working'; no segfaults, no erroneous results, exit
>> status of zero...
>>
>>> The end goal is to get this working. I am going to fix it whenever I have
>>> few hours time to waste :)
>>> _______________________________________________
>>> freebsd-security at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-security
>>> To unsubscribe, send any mail to "
>> freebsd-security-unsubscribe at freebsd.org"
>>
>> --
>> Brian Reichert <reichert at numachi.com>
>> BSD admin/developer at large
More information about the freebsd-security
mailing list