Results using prexit are attached.
Openssl v1.0.1 beta 2 compiled on powerppc/linux
Vs
Win2008 R2 64bit IIS7 set to require client auth
Command issued:
openssl s_client -connect stk-tms.a51.lab:443 -cert /config/lighttpd/ssl.pem
-CAfile /user/http_calist.pem -prexit -state
Output attached
-Steve
-----Original Message-----
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Tuesday, February 07, 2012 5:59 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
> [stkap...@cisco.com - Tue Feb 07 21:13:11 2012]:
>
> FYI - I have now tested with 1.0.1 beta 2 of openssl (again complied
> on powerppc/linux) as well and found the same behavior. I also
> tested against IIS on Windows 7 64bit as the server with the same
> behavior. Maybe that will help with the search for a suitable test
> server.
>
> Test used
> $ openssl s_client -connect stk-
> pc.a51.lab:443 -cert /config/lighttpd/ssl.pem -CAfile
> /user/http_calist.pem -no_tls1_2 -no_tls1_1
> Works
>
> But
> [C90-
> A:~] $ openssl s_client -connect stk-pc.a51.lab:443 -cert
> /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem
> Does not
> and fails with a error 104 - which is IIS doing a hard reset on the
> connection and reports bad_mac_record in window's schannel
> provider.
>
One more thing to try first. Please use the -prexit option to s_client
(without any -no_* options) and include the result.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
[C90-A:~] $ openssl s_client -connect stk-tms.a51.lab:443 -cert
/config/lighttpd/
/ssl.pem -CAfile /user/http_calist.pem -prexit -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 C = US, ST = Virgina, O = CiscoLab, CN = rooter.a51.lab
verify return:1
depth=0 C = US, ST = Virgina, L = Reston, O = CiscoLab, CN = stk-tms.a51.lab
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=US/ST=Virgina/L=Reston/O=CiscoLab/CN=stk-tms.a51.lab
i:/C=US/ST=Virgina/O=CiscoLab/CN=rooter.a51.lab
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICoTCCAgqgAwIBAgIJAOpHomoOHHApMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdWaXJnaW5hMREwDwYDVQQKDAhDaXNjb0xhYjEXMBUG
A1UEAwwOcm9vdGVyLmE1MS5sYWIwHhcNMTIwMTIwMTk0OTM0WhcNMjIwMTE3MTk0
OTM0WjBdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHVmlyZ2luYTEPMA0GA1UEBwwG
UmVzdG9uMREwDwYDVQQKDAhDaXNjb0xhYjEYMBYGA1UEAwwPc3RrLXRtcy5hNTEu
bGFiMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfENS3awfDKZ0X9SE+9Zo5
+LQG1PBXKoi+DokW6uGrvOuPalJlEDrw23k3KR9I3mu2lmyAWYYe8R8aqygKqDE8
awaHKhd4MHeHL6PJpnXwia1yB2J4jyDZ6dbmq+6iLk9FfILadB/iv17pqcrHFMXI
FIUG3tQx0lQQO+qIm1xLqQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYFJv
bGODLRfBWkXfYE9qA6FReTUwHwYDVR0jBBgwFoAUZpAjSf4is/zhZRn9Vis5+6qQ
7ykwDQYJKoZIhvcNAQEFBQADgYEAoRhavg3lr+KsPY693xMN7fY02uJuctW9penQ
ny3DSgmUkR7o4vuAmwqLrLOWdFjmFOZAd92M+dJKL0Ju0uWvL/lc7bqQOQauuVxq
tsTB8yEo71BifYKihckUAmvzCoB0GkdWyNZmU+b1uI9L8QrJTqRUhvKxL0MsJ8E5
1DfVDBY=
-----END CERTIFICATE-----
subject=/C=US/ST=Virgina/L=Reston/O=CiscoLab/CN=stk-tms.a51.lab
issuer=/C=US/ST=Virgina/O=CiscoLab/CN=rooter.a51.lab
---
No client certificate CA names sent
---
SSL handshake has read 836 bytes and written 519 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: CB1E0000FD29D748AF244F4F40F5870915387C11B69B3FD6412D6DA10B3F1E3A
Session-ID-ctx:
Master-Key:
C24B8AD4B3E83EAE206613239CD3F5CC0B81CA166AE08B18DF48CFCA16881BE8A4479D27A89B5680A68B07178929F298
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1328656180
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
GET /default.aspx
SSL_connect:SSL renegotiate ciphers
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 C = US, ST = Virgina, O = CiscoLab, CN = rooter.a51.lab
verify return:1
depth=0 C = US, ST = Virgina, L = Reston, O = CiscoLab, CN = stk-tms.a51.lab
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:error in SSLv3 read finished A
read:errno=104
---
Certificate chain
0 s:/C=US/ST=Virgina/L=Reston/O=CiscoLab/CN=stk-tms.a51.lab
i:/C=US/ST=Virgina/O=CiscoLab/CN=rooter.a51.lab
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICoTCCAgqgAwIBAgIJAOpHomoOHHApMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV
BAYTAlVTMRAwDgYDVQQIDAdWaXJnaW5hMREwDwYDVQQKDAhDaXNjb0xhYjEXMBUG
A1UEAwwOcm9vdGVyLmE1MS5sYWIwHhcNMTIwMTIwMTk0OTM0WhcNMjIwMTE3MTk0
OTM0WjBdMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHVmlyZ2luYTEPMA0GA1UEBwwG
UmVzdG9uMREwDwYDVQQKDAhDaXNjb0xhYjEYMBYGA1UEAwwPc3RrLXRtcy5hNTEu
bGFiMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfENS3awfDKZ0X9SE+9Zo5
+LQG1PBXKoi+DokW6uGrvOuPalJlEDrw23k3KR9I3mu2lmyAWYYe8R8aqygKqDE8
awaHKhd4MHeHL6PJpnXwia1yB2J4jyDZ6dbmq+6iLk9FfILadB/iv17pqcrHFMXI
FIUG3tQx0lQQO+qIm1xLqQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUYFJv
bGODLRfBWkXfYE9qA6FReTUwHwYDVR0jBBgwFoAUZpAjSf4is/zhZRn9Vis5+6qQ
7ykwDQYJKoZIhvcNAQEFBQADgYEAoRhavg3lr+KsPY693xMN7fY02uJuctW9penQ
ny3DSgmUkR7o4vuAmwqLrLOWdFjmFOZAd92M+dJKL0Ju0uWvL/lc7bqQOQauuVxq
tsTB8yEo71BifYKihckUAmvzCoB0GkdWyNZmU+b1uI9L8QrJTqRUhvKxL0MsJ8E5
1DfVDBY=
-----END CERTIFICATE-----
subject=/C=US/ST=Virgina/L=Reston/O=CiscoLab/CN=stk-tms.a51.lab
issuer=/C=US/ST=Virgina/O=CiscoLab/CN=rooter.a51.lab
---
Acceptable client certificate CA names
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi
Kft./OU=Tanusitvanykiadok/CN=NetLock Minositett Kozjegyzoi (Class QA)
Tanusitvanykiado/emailAddress=i...@netlock.hu
/C=KR/O=KISA/OU=Korea Certification Authority Central/CN=KISA RootCA 1
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA
Root
/C=US/O=GeoTrust Inc./OU=(c) 2008 GeoTrust Inc. - For authorized use
only/CN=GeoTrust Primary Certification Authority - G3
/C=SI/O=Halcom/CN=Halcom CA FO
/C=BG/O=InfoNotary PLC/DC=root-ca/CN=InfoNotary CSP Root/OU=InfoNotary CSP
Root/emailAddress=c...@infonotary.com
/C=SI/O=ACNLB
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust
Network
/C=BE/O=Certipost s.a./n.v./CN=Certipost E-Trust TOP Root CA
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
/C=HU/L=Budapest/O=NetLock
Kft./OU=Tan\xC3\xBAs\xC3\xADtv\xC3\xA1nykiad\xC3\xB3k (Certification
Services)/CN=NetLock Arany (Class Gold)
F\xC5\x91tan\xC3\xBAs\xC3\xADtv\xC3\xA1ny
/C=FI/O=Sonera/CN=Sonera Class1 CA
/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum
Trusted Network CA
/C=LV/O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790/OU=Sertifikacijas
pakalpojumi/CN=VAS Latvijas Pasts SSI(RCA)
/C=CH/O=SwissSign AG/CN=SwissSign Gold Root CA - G3
/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust
Network
/C=CN/O=UniTrust/CN=UCA Global Root
/C=ES/O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF
B83395988/CN=ANCERT Corporaciones de Derecho Publico
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA
/C=ES/O=Agencia Notarial de Certificacion S.L. Unipersonal - CIF
B83395988/CN=ANCERT Certificados CGN
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. -
For authorized use only/CN=VeriSign Class 3 Public Primary Certification
Authority - G3
/C=DE/O=DATEV eG/CN=CA DATEV STD 01
/C=SE/O=Carelink/CN=SITHS CA v3
/C=TR/L=Gebze - Kocaeli/O=T\xC3\xBCrkiye Bilimsel ve Teknolojik
Ara\xC5\x9Ft\xC4\xB1rma Kurumu - T\xC3\x9CB\xC4\xB0TAK/OU=Ulusal Elektronik ve
Kriptoloji Ara\xC5\x9Ft\xC4\xB1rma Enstit\xC3\xBCs\xC3\xBC - UEKAE/OU=Kamu
Sertifikasyon Merkezi/CN=T\xC3\x9CB\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika
Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1 - S\xC3\xBCr\xC3\xBCm 3
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. -
For authorized use only/CN=VeriSign Class 1 Public Primary Certification
Authority - G3
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services
Division/CN=Thawte Personal Freemail
CA/emailAddress=personal-freem...@thawte.com
/C=KR/O=Government of Korea/OU=GPKI/CN=GPKIRootCA
/C=ES/O=Colegio de Registradores de la Propiedad y Mercantiles de
Espa\xC3\xB1a/OU=Certificado Propio/CN=Registradores de Espa\xC3\xB1a - CA
Ra\xC3\xADz
/C=DK/O=TDC Internet/OU=TDC Internet Root CA
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2007 VeriSign, Inc. -
For authorized use only/CN=VeriSign Class 3 Public Primary Certification
Authority - G4
/C=HU/L=Budapest/O=Microsec Ltd./OU=e-Szigno CA/CN=Microsec e-Szigno Root CA
/C=LT/O=Skaitmeninio sertifikavimo centras/OU=Certification Authority/CN=SSC
Root CA C
/O=RSA Security Inc/OU=RSA Security 2048 V3
/C=ch/O=admin/OU=Services/OU=Certification Authorities/CN=Admin-Root-CA
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=ES/O=Agencia Catalana de Certificacio (NIF Q-0801176-I)/OU=Serveis Publics
de Certificacio/OU=Vegeu https://www.catcert.net/verarrel (c)03/OU=Jerarquia
Entitats de Certificacio Catalanes/CN=EC-ACC
/C=US/O=AffirmTrust/CN=AffirmTrust Networking
/C=AT/ST=Austria/L=Vienna/O=ARGE DATEN - Austrian Society for Data
Protection/OU=A-CERT Certification Service/CN=A-CERT
ADVANCED/emailAddress=i...@a-cert.at
/C=SK/L=Bratislava/O=Disig a.s./CN=CA Disig
/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust RSA
Certification Authority
/CN=Atos TrustedRoot 2011/O=Atos/C=DE
/C=FR/O=Certinomis/OU=0002 433998903/CN=Certinomis - Autorit\xC3\xA9 Racine
/C=TN/O=ANCE/OU=ANCE WEB/CN=Agence Nationale de Certification
Electronique/emailAddress=a...@certification.tn
/C=ES/O=IZENPE S.A./CN=Izenpe.com
/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Global
Chambersign Root
/C=AT/L=Vienna/ST=Austria/O=ARGE DATEN - Austrian Society for Data
Protection/OU=GLOBALTRUST Certification
Service/CN=GLOBALTRUST/emailAddress=i...@globaltrust.info
/L=Alvaro Obregon/ST=Distrito Federal/C=MX/postalCode=01030/street=Insurgentes
Sur 1940/CN=Autoridad Certificadora Raiz de la Secretaria de
Economia/OU=Direccion General de Normatividad Mercantil/O=Secretaria de
Economia/emailAddress=ac...@economia.gob.mx
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2008 VeriSign, Inc. -
For authorized use only/CN=VeriSign Universal Root Certification Authority
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services
Division/CN=Thawte Personal Premium CA/emailAddress=personal-prem...@thawte.com
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=FI/O=Sonera/CN=Sonera Class2 CA
/C=PT/O=SCEE/CN=ECRaizEstado
/C=US/O=America Online Inc./CN=America Online Root Certification Authority 1
/CN=Autoridad de Certificacion Raiz del Estado
Venezolano/C=VE/L=Caracas/ST=Distrito Capital/O=Sistema Nacional de
Certificacion Electronica/OU=Superintendencia de Servicios de Certificacion
Electronica/emailAddress=acr...@suscerte.gob.ve
/C=US/O=SecureTrust Corporation/CN=Secure Global CA
/C=GB/O=Trustis Limited/OU=Trustis FPS Root CA
/C=JP/O=Japan Certification Services, Inc./CN=SecureSign RootCA11
/C=ES/ST=Madrid/L=Madrid/O=IPS Certification Authority s.l.
ipsCA/OU=ipsCA/CN=ipsCA Global CA Root/emailAddress=globa...@ipsca.com
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Certification Authority
/C=si/O=state-institutions/OU=sigen-ca
/C=LT/O=Skaitmeninio sertifikavimo centras/OU=Certification Authority/CN=SSC
Root CA B
/emailAddress=p...@sk.ee/C=EE/O=AS Sertifitseerimiskeskus/CN=Juur-SK
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services
Division/CN=Thawte Personal Basic CA/emailAddress=personal-ba...@thawte.com
/C=AT/O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr
GmbH/OU=A-Trust-Qual-03/CN=A-Trust-Qual-03
/O=TeliaSonera/CN=TeliaSonera Root CA v1
/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate
Authority - G2
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 2 Root CA
/C=DE/O=D-Trust GmbH/CN=D-TRUST Root Class 2 CA 2007
/C=ES/O=IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8/L=Avda
del Mediterraneo Etorbidea 3 - 01010
Vitoria-Gasteiz/CN=Izenpe.com/emailAddress=i...@izenpe.com
/C=EU/L=Madrid (see current address at
www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma
S.A./CN=Global Chambersign Root - 2008
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. -
For authorized use only/CN=VeriSign Class 3 Public Primary Certification
Authority - G5
/L=Bogota AV Calle 26 N 68D-35/C=CO/O=Entidad de Certificacion Digital Abierta
Certicamara S.A./CN=CERTICAMARA S.A.
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=CN/O=China Internet Network Information Center/CN=China Internet Network
Information Center EV Certificates Root
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority
(2048)
/C=AT/O=A-Trust/OU=A-Trust-nQual-01/CN=A-Trust-nQual-01
/C=DE/O=DATEV eG/CN=CA DATEV INT 01
/C=DE/O=T-Systems Enterprise Services GmbH/OU=T-Systems Trust
Center/CN=T-TeleSec GlobalRoot Class 3
/C=SG/O=Netrust Certificate Authority 1/OU=Netrust CA1
/C=CH/O=SwissSign AG/CN=SwissSign Platinum CA - G2
/C=CH/O=WISeKey/OU=Copyright (c) 2005/OU=OISTE Foundation Endorsed/CN=OISTE
WISeKey Global Root GA CA
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA - G2
/C=US/O=VISA/OU=Visa International Service Association/CN=Visa Information
Delivery Root CA
/C=LT/O=Skaitmeninio sertifikavimo centras/OU=Certification Authority/CN=SSC
Root CA A
/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies,
Inc./OU=http://certificates.starfieldtech.com/repository//CN=Starfield Services
Root Certificate Authority
/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1
/C=JP/O=SECOM Trust Systems CO.,LTD./OU=Security Communication RootCA2
/O=Cybertrust, Inc/CN=Cybertrust Global Root
/C=KR/O=KISA/OU=Korea Certification Authority Central/CN=KISA RootCA 3
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=i...@sgdn.pm.gouv.fr
/C=NO/O=Buypass AS-983163327/CN=Buypass Class 3 CA 1
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. -
For authorized use only/CN=VeriSign Class 2 Public Primary Certification
Authority - G3
/C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
/C=KR/O=Government of Korea/OU=GPKI/CN=Root CA
/C=CZ/CN=I.CA - Qualified root certificate/O=Prvn\xC3\xAD
certifika\xC4\x8Dn\xC3\xAD autorita, a.s.
/C=FR/O=NATIXIS/OU=0002 542044524/CN=CESAM
/C=TW/O=Chunghwa Telecom Co., Ltd./OU=ePKI Root Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
/C=AT/O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr
GmbH/OU=A-Trust-Qual-02/CN=A-Trust-Qual-02
/O=eSign Australia/OU=Public Secure Services/CN=Primary Utility Root CA
/CN=AC1 RAIZ MTIN/serialNumber=S2819001E/OU=PRESTADOR DE SERVICIOS DE
CERTIFICACION MTIN/OU=SUBDIRECCION GENERAL DE PROCESO DE DATOS/O=MINISTERIO DE
TRABAJO E INMIGRACION/L=MADRID/C=ES
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Universal CA/CN=TC TrustCenter
Universal CA I
/C=CH/O=admin/OU=Services/OU=Certification Authorities/CN=AdminCA-CD-T01
/C=EU/O=AC Camerfirma SA CIF
A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root
/C=ES/O=Agencia Notarial de Certificacion S.L.U. - CIF B83395988/CN=ANCERT
Certificados Notariales V2
/C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root
/O=eSign Australia/OU=Public Secure Services/CN=eSign Imperito Primary Root CA
/C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao -
ITI/CN=Autoridade Certificadora Raiz Brasileira v1
/C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority
/C=FR/O=Certplus/CN=Class 2 Primary CA
/C=BE/O=Certipost s.a./n.v./CN=Certipost E-Trust Primary Qualified CA
/CN=T\xC3\x9CRKTRUST Elektronik \xC4\xB0\xC5\x9Flem
Hizmetleri/C=TR/L=ANKARA/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi
\xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri
A.\xC5\x9E.
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
/C=us/O=U.S. Government/OU=FBCA/CN=Common Policy
/C=EU/L=Madrid (see current address at
www.camerfirma.com/address)/serialNumber=A82743287/O=AC Camerfirma
S.A./CN=Chambers of Commerce Root - 2008
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet
Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005
T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim
G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
/x500UniqueIdentifier=SEC-830101-9V9/L=Alvaro Obregon/ST=Distrito
Federal/C=MX/postalCode=01030/street=Insurgentes Sur 1940/CN=Autoridad
Certificadora Raiz de la Secretaria de Economia/OU=Direccion General de
Normatividad Mercantil/O=Secretaria de
Economia/emailAddress=ac...@economia.gob.mx
/C=ES/O=Agencia Notarial de Certificacion S.L.U. - CIF B83395988/CN=ANCERT
Certificados CGN V2
/C=ES/O=Consejo General de la Abogacia NIF:Q-2863006I/CN=Autoridad de
Certificacion de la Abogacia
/C=JP/O=Japanese Government/OU=ApplicationCA
/C=si/O=state-institutions/OU=sigov-ca
/C=SI/O=Halcom/CN=Halcom CA PO 2
/C=DE/O=TC TrustCenter GmbH/OU=TC TrustCenter Class 3 CA/CN=TC TrustCenter
Class 3 CA II
/CN=ComSign Advanced Security CA
/C=CN/O=UniTrust/CN=UCA Root
---
SSL handshake has read 18008 bytes and written 1753 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: 613F00004EE33D80B3033B4785423FAB4D03C24A851E48B28FA44D45FA383E0C
Session-ID-ctx:
Master-Key:
A0224403F86DC6D7AB5FC3FD7796F2D78524ACDF327EFC768803107C2D868ADA9E59D194F5099B8899F113EF561080B7
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1328656186
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
[C90-A:~] $
