Brain,
well it seems that I've missed something somewhere, next command shows
that there is verify error
Verify return code: 21 (unable to verify the first certificate)
I wonder what is the "medicine" to fix it?
Andrew
root@install:~/prog# openssl s_client -showcerts -connect localhost:636
CONNECTED(00000003)
depth=0 C = CA, O = Andromeda Inc., OU = IT Department, L = Burnaby, ST
= BC, CN = install.myclub.com, UID = 8482, emailAddress = ad...@myclub.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = CA, O = Andromeda Inc., OU = IT Department, L = Burnaby, ST
= BC, CN = install.myclub.com, UID = 8482, emailAddress = ad...@myclub.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = CA, O = Andromeda Inc., OU = IT Department, L = Burnaby, ST
= BC, CN = install.myclub.com, UID = 8482, emailAddress = ad...@myclub.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=CA/O=Andromeda Inc./OU=IT
Department/L=Burnaby/ST=BC/CN=install.myclub.com/UID=8482/emailAddress=ad...@myclub.com
i:/C=CA/O=Andromeda Inc./OU=IT Department/ST=BC/CN=Andrey
Vlassov/UID=wizard
-----BEGIN CERTIFICATE-----
......................
-----END CERTIFICATE-----
1 s:/C=CA/O=Andromeda Inc./OU=IT Department/ST=BC/CN=Andrey
Vlassov/UID=wizard
i:/C=CA/O=Andromeda Inc./OU=IT Department/ST=BC/CN=Andrey
Vlassov/UID=wizard
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
---
Server certificate
subject=/C=CA/O=Andromeda Inc./OU=IT
Department/L=Burnaby/ST=BC/CN=install.myclub.com/UID=8482/emailAddress=ad...@myclub.com
issuer=/C=CA/O=Andromeda Inc./OU=IT Department/ST=BC/CN=Andrey
Vlassov/UID=wizard
---
No client certificate CA names sent
---
SSL handshake has read 2602 bytes and written 726 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA256
Server public key is 2432 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES256-SHA256
Session-ID:
020FE950E0F7F0A2925CFB34D57B0D6CF7557B3145476C6309A130478BBE0974
Session-ID-ctx:
Master-Key:
B68A064FBA1795AEB147AEBE0CCFD8E7C6EEAB8D583819201CACED9CA71DC58B3CD4C258CE0884F9AE217F88B18D10C1
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1397422787
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
On 4/13/2014 2:03 PM, Brian wrote:
On Sun 13 Apr 2014 at 13:27:15 -0700, Snow Leopard wrote:
So, it looks like Squeezy still has debmirror version which is
affected by this bug.
dpkg -l | grep debmirror
ii debmirror 1:2.4.5
For the moment I've added a block of code to my script to sync
mirror which resolves the issue
1:2.14 is in squeeze backports:
https://packages.debian.org/squeeze/debmirror
It is also possible a downloaded unstable version may install on squeeze
with 'dpkg -i package' and 'apt-get -f install'.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/534afe12.5080...@gmail.com