Date: Fri, 1 Apr 2011 11:14:06 -0400 From: matt donovan <kitchetech@gmail.com> To: =?ISO-8859-1?B?SXN0duFu?= <leccine@gmail.com> Cc: freebsd-security <freebsd-security@freebsd.org> Subject: Re: SSL is broken on FreeBSD Message-ID: <BANLkTinW=A2R9vHPUH37YeOqciTKehnnyw@mail.gmail.com> In-Reply-To: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com> References: <AANLkTin_zZgHRg7QtEwH2V8WOd=nvBcKdYvJkshGCt-R@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sounds like your openssl is broken it works just fine for me gets gmail certificate On Apr 1, 2011 11:01 AM, "Istv=E1n" <leccine@gmail.com> wrote: > Hi folks, > > Could somebody explain to me how is it possible to ship an operating system > without testing basic functionality like SSL working? Unfortunately the > problem is still there after installing the following port: > > /usr/ports/security/ca_root_nss > > http://www.google.com/search?q=3D%2Bfreebsd+%2B%22verify+error%3Anum%3D20%3= Aunable+to+get+local+issuer+certificate%22 > > < http://www.google.com/search?q=3D%2Bfreebsd+%2B%22verify+error%3Anum%3D20%3= Aunable+to+get+local+issuer+certificate%22 >About > 1,490 results (0.14 seconds) > openssl s_client -connect 72.21.203.148:443 </dev/null | sed -ne '/-BEGIN > CERTIFICATE-/,/-END CERTIFICATE-/p' |openssl x509 -noout -subject -dates > > depth=3D1 /C=3DUS/O=3DVeriSign, Inc./OU=3DVeriSign Trust Network/OU=3DTer= ms of use at > https://www.verisign.com/rpa (c)09/CN=3DVeriSign Class 3 Secure Server CA= - G2 > verify error:num=3D20:unable to get local issuer certificate > verify return:0 > DONE > subject=3D /C=3DUS/ST=3DWashington/L=3DSeattle/O=3DAmazon.com Inc./CN=3D s3.amazonaws.com > notBefore=3DOct 8 00:00:00 2010 GMT > notAfter=3DOct 7 23:59:59 2013 GMT > > FreeBSD ships OpenSSL but it is broken because there is no CA. Right, it is > like shipping a car without wheels, I suppose. > > Is there a reason to do this? > > How much effort would be to ship a complete SSL stack, including the root > CAs, just like any other vendor/community does? > > Thanks. > > I. > > -- > the sun shines for all > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g "
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BANLkTinW=A2R9vHPUH37YeOqciTKehnnyw>