Hi folks, Could somebody explain to me how is it possible to ship an operating system without testing basic functionality like SSL working? Unfortunately the problem is still there after installing the following port:
/usr/ports/security/ca_root_nss http://www.google.com/search?q=%2Bfreebsd+%2B%22verify+error%3Anum%3D20%3Aunable+to+get+local+issuer+certificate%22 <http://www.google.com/search?q=%2Bfreebsd+%2B%22verify+error%3Anum%3D20%3Aunable+to+get+local+issuer+certificate%22>About 1,490 results (0.14 seconds) openssl s_client -connect 72.21.203.148:443 </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |openssl x509 -noout -subject -dates depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2 verify error:num=20:unable to get local issuer certificate verify return:0 DONE subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=s3.amazonaws.com notBefore=Oct 8 00:00:00 2010 GMT notAfter=Oct 7 23:59:59 2013 GMT FreeBSD ships OpenSSL but it is broken because there is no CA. Right, it is like shipping a car without wheels, I suppose. Is there a reason to do this? How much effort would be to ship a complete SSL stack, including the root CAs, just like any other vendor/community does? Thanks. I. -- the sun shines for all _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
