On 02/16/2016 11:22 AM, Tony den Haan wrote: > openssl s_client -connect gmail-smtp-in.l.google.com:25 -starttls smtp > > on jessie: (and ubuntu lts :) > Verify return code: 20 (unable to get local issuer certificate) > > on testing: > Verify return code: 0 (ok) >
This appears to be unrelated to this bug report and your command works correctly on Jessie if given a CApath. I assume this is a behavioral difference in openssl. openssl s_client -CApath /etc/ssl/certs -connect gmail-smtp-in.l.google.com:25 -starttls smtp CONNECTED(00000003) depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2 verify return:1 depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = mx.google.com verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mx.google.com i:/C=US/O=Google Inc/CN=Google Internet Authority G2 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- <...> Verify return code: 0 (ok)