Sounds like your openssl is broken it works just fine for me gets gmail
certificate
On Apr 1, 2011 11:01 AM, "István" <lecc...@gmail.com> wrote:
> Hi folks,
>
> Could somebody explain to me how is it possible to ship an operating
system
> without testing basic functionality like SSL working? Unfortunately the
> problem is still there after installing the following port:
>
> /usr/ports/security/ca_root_nss
>
>
http://www.google.com/search?q=%2Bfreebsd+%2B%22verify+error%3Anum%3D20%3Aunable+to+get+local+issuer+certificate%22
>
> <
http://www.google.com/search?q=%2Bfreebsd+%2B%22verify+error%3Anum%3D20%3Aunable+to+get+local+issuer+certificate%22
>About
> 1,490 results (0.14 seconds)
> openssl s_client -connect 72.21.203.148:443 </dev/null | sed -ne '/-BEGIN
> CERTIFICATE-/,/-END CERTIFICATE-/p' |openssl x509 -noout -subject -dates
>
> depth=1 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use
at
> https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA -
G2
> verify error:num=20:unable to get local issuer certificate
> verify return:0
> DONE
> subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=
s3.amazonaws.com
> notBefore=Oct 8 00:00:00 2010 GMT
> notAfter=Oct 7 23:59:59 2013 GMT
>
> FreeBSD ships OpenSSL but it is broken because there is no CA. Right, it
is
> like shipping a car without wheels, I suppose.
>
> Is there a reason to do this?
>
> How much effort would be to ship a complete SSL stack, including the root
> CAs, just like any other vendor/community does?
>
> Thanks.
>
> I.
>
> --
> the sun shines for all
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org
"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
