Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
openssl s_client problem with bitbucket
Hi!
I cannot hg clone from bitbucket.
Debugging that, I found that a simple
openssl s_client -connect bitbucket.org:443
already behaves differently on NetBSD than on a Linux or Mac OS X
system to which I compared.
On NetBSD-5.99.47/amd64, it gives:
CONNECTED(00000006)
140187580655852:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:/archive/cvs/src/crypto/external/bsd/openssl/dist/ssl/s23_clnt.c:705:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 145 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
while on Linux or OS X (nearly the same output):
depth=0 /C=NL/O=bitbucket.org/OU=GT16385137/OU=See
www.geotrust.com/resources/cps (c)09/OU=Domain Control Validated -
QuickSSL(R)/CN=bitbucket.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=NL/O=bitbucket.org/OU=GT16385137/OU=See
www.geotrust.com/resources/cps (c)09/OU=Domain Control Validated -
QuickSSL(R)/CN=bitbucket.org
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=NL/O=bitbucket.org/OU=GT16385137/OU=See
www.geotrust.com/resources/cps (c)09/OU=Domain Control Validated -
QuickSSL(R)/CN=bitbucket.org
verify error:num=21:unable to verify the first certificate
verify return:1
CONNECTED(00000003)
---
Certificate chain
0 s:/C=NL/O=bitbucket.org/OU=GT16385137/OU=See www.geotrust.com/resources/cps
(c)09/OU=Domain Control Validated - QuickSSL(R)/CN=bitbucket.org
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDLDCCApWgAwIBAgIDDZCWMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDkxMDI1MTE0MTA4WhcNMTIwMTI2MjAyNDA1
WjCBtjELMAkGA1UEBhMCTkwxFjAUBgNVBAoTDWJpdGJ1Y2tldC5vcmcxEzARBgNV
BAsTCkdUMTYzODUxMzcxMTAvBgNVBAsTKFNlZSB3d3cuZ2VvdHJ1c3QuY29tL3Jl
c291cmNlcy9jcHMgKGMpMDkxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlk
YXRlZCAtIFF1aWNrU1NMKFIpMRYwFAYDVQQDEw1iaXRidWNrZXQub3JnMIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDnAS4Nvgi9BnlG56hRO5Km5kBztLQZoIRH
NzrRqxMyh7DkT3O4xP62D5MNgRf5HHExCHZtdoBWMIdPgyI3tkpZQtv32/PvhIwT
+a8MLF7o19H3jc4T/I4hxa5lYY1H7nWfo/ulh9LOujaaYid7tkHdlxp4XgJfRW+W
PAoOmRvO8QIDAQABo4GuMIGrMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQUN2Hq
zv4GppKRpHm7ZYv26HnMzfowOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5n
ZW90cnVzdC5jb20vY3Jscy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvS
spXXR9gjIBBPM5iQn9QwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0G
CSqGSIb3DQEBBQUAA4GBADqv1xIEp+haWoiWIC5JiM1NmkEB4zUsj6JS4As3KV/o
Vh+G5XP2jefYNT5epMLhckhnJHF+11tI7XHqIPzgF94sjCWW7sWKsfOIsW0Q97GN
Za0Or9iSqn1O90EB030B6M3DmR8uTisoiMZ+DUI8/bUyU9M38OLI5GiiwvpJyzLt
-----END CERTIFICATE-----
subject=/C=NL/O=bitbucket.org/OU=GT16385137/OU=See
www.geotrust.com/resources/cps (c)09/OU=Domain Control Validated -
QuickSSL(R)/CN=bitbucket.org
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 1380 bytes and written 325 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 4A6BAC3FED3A9FBF177E8C04947BE39F2471DEB58D17DC16754C189934FA011C
Session-ID-ctx:
Master-Key:
5A4DB9FC93FEFE08469AE5E5883938B1078FE8F2C72FFE8C2B04CA44A803045377E06BAD97FCEA3357D685BF5D4E3580
Key-Arg : None
Start Time: 1299255816
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
DONE
Is there a problem in our openssl?
Or with some certificates I have or haven't installed?
Thanks,
Thomas
Home |
Main Index |
Thread Index |
Old Index