Re: SSL is broken on FreeBSD
Sounds like your openssl is broken it works just fine for me gets gmail
certificate
On Apr 1, 2011 11:01 AM, "Istv=E1n" <leccine@gmail.com> wrote:
> Hi folks,
>
> Could somebody explain to me how is it possible to ship an operating
system
> without testing basic functionality like SSL working? Unfortunately the
> problem is still there after installing the following port:
>
> /usr/ports/security/ca_root_nss
>
>
http://www.google.com/search?q=3D%2Bfreebsd+%2B%22verify+error%3Anum%3D20%3=
Aunable+to+get+local+issuer+certificate%22
>
> <
http://www.google.com/search?q=3D%2Bfreebsd+%2B%22verify+error%3Anum%3D20%3=
Aunable+to+get+local+issuer+certificate%22
>About
> 1,490 results (0.14 seconds)
> openssl s_client -connect 72.21.203.148:443 </dev/null | sed -ne '/-BEGIN
> CERTIFICATE-/,/-END CERTIFICATE-/p' |openssl x509 -noout -subject -dates
>
> depth=3D1 /C=3DUS/O=3DVeriSign, Inc./OU=3DVeriSign Trust Network/OU=3DTer=
ms of use
at
> https://www.verisign.com/rpa (c)09/CN=3DVeriSign Class 3 Secure Server CA=
-
G2
> verify error:num=3D20:unable to get local issuer certificate
> verify return:0
> DONE
> subject=3D /C=3DUS/ST=3DWashington/L=3DSeattle/O=3DAmazon.com Inc./CN=3D
s3.amazonaws.com
> notBefore=3DOct 8 00:00:00 2010 GMT
> notAfter=3DOct 7 23:59:59 2013 GMT
>
> FreeBSD ships OpenSSL but it is broken because there is no CA. Right, it
is
> like shipping a car without wheels, I suppose.
>
> Is there a reason to do this?
>
> How much effort would be to ship a complete SSL stack, including the root
> CAs, just like any other vendor/community does?
>
> Thanks.
>
> I.
>
> --
> the sun shines for all
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or=
g
"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 6 之 42 篇):