On Sat, Apr 02, 2011 at 12:42:04AM +0200, Roberto Nunnari wrote: > Istv??n wrote: > >work: > > > > without the following error => "verify error:num=20:unable to get local > >issuer certificate" > > Hi. > It works for me if you correct the sed command and suppress sdterr..
Well, I cleaned that up, too. That you got this same command to work implies you have a different set of CAs than I. His point (someone please correct me, if neccessary) is that without what he considers a reasonable set of trusted CAs in place, SSL under FreeBSD is 'broken'. I interpret this thread now to be a debate of terms 'reasonable' and 'trusted', and further, who's responsibility is it to populate that list of CAs on his machine. > $ uname -rms > FreeBSD 6.4-RELEASE-p8 i386 > $ openssl s_client -connect 72.21.203.148:443 2>/dev/null < /dev/null | > sed -ne /-BEGIN\ CERTIFICATE-/,/-END\ CERTIFICATE-/p |openssl x509 > -noout -subject -dates > subject= /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=s3.amazonaws.com > notBefore=Oct 8 00:00:00 2010 GMT > notAfter=Oct 7 23:59:59 2013 GMT > > So, it seems to be just a RexExp error.. > > Best regards. > Robi -- Brian Reichert <reich...@numachi.com> BSD admin/developer at large _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
