On Sun, Oct 20, 2013 at 02:00:27PM +0100, Michael Zintakis wrote:
> Viktor Dukhovni wrote:
You left out the first three lines of the command which starts with:
$ (sleep 2; printf "QUIT\r\n") | 2>/dev/null \
openssl s_client -showcerts -starttls smtp -connect smtp.gmail.com:587 |
openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
> > openssl pkcs7 -print_certs -text
> > Certificate:
> > Data:
> > Version: 3 (0x2)
> > Serial Number: 4243532547640530163 (0x3ae40e5e6eec14f3)
> > Signature Algorithm: sha1WithRSAEncryption
> > Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
> > Validity
> > Not Before: Sep 10 07:54:47 2013 GMT
> > Not After : Sep 10 07:54:47 2014 GMT
> > Subject: C=US, ST=California, L=Mountain View, O=Google Inc,
> > CN=smtp.gmail.com
> > [...]
>
> Should I be worried? If this is indeed a genuine google certificate,
> why is it that there are (at least) 2 different certificates for the
> same domain (smtp.google.com)?
Only if you believe that smtp.gmail.com and smtp.google.com are the same.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
