> > PS C:\OpenSSL-Win32\bin> .\openssl s_client -connect > www.googleapis.com:443 > CONNECTED(00000088) > depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA > verify error:num=20:unable to get local issuer certificate > --- > Certificate chain > 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.googleapis.com > i:/C=US/O=Google Inc/CN=Google Internet Authority G2 > 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2 > i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA > 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA > i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority > --- > Server certificate > -----BEGIN CERTIFICATE----- > MIIE3TCCA8WgAwIBAgIIDH5aJKS4GAgwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE > BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl > cm5ldCBBdXRob3JpdHkgRzIwHhcNMTYwNTA0MDkwNDQ5WhcNMTYwNzI3MDgzOTAw > WjBqMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN > TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEZMBcGA1UEAwwQKi5n > b29nbGVhcGlzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI8B > ycNrRlBbiRgDcbCJ9fDNbfXCbKZgU8ZVwlXQitVVd4WTPMvXBJc9Pqp8ZjdnC6wG > bQZYogxOzWjDtkmlyHmjncfWN64yOhKUrOVcueylNtMaO7RP4mId9DKRcZK+omh4 > ONvJC3wb7HSu5oKWm2jf47XUU0/XXGuX2BXQNJmXP3g56vHnRkNzfO5iygqFbMtM > 8Wu/M4agSa24HIcx55z5LhAzupoTBhNVYvyvegdIEjhXJQ1h8DyWaCnE7Ek57pba > QjlEwW7cFFA0xOMwM8SrI34kfLh43eNGFaqZn1wHieFK51WK83WLFge8fG6+qZSL > 63R+QtXlVRF5WvCvjHcCAwEAAaOCAaYwggGiMB0GA1UdJQQWMBQGCCsGAQUFBwMB > BggrBgEFBQcDAjB0BgNVHREEbTBrghAqLmdvb2dsZWFwaXMuY29tghUqLmNsaWVu > dHM2Lmdvb2dsZS5jb22CGCouY2xvdWRlbmRwb2ludHNhcGlzLmNvbYIWY2xvdWRl > bmRwb2ludHNhcGlzLmNvbYIOZ29vZ2xlYXBpcy5jb20waAYIKwYBBQUHAQEEXDBa > MCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0MCsG > CCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0GA1Ud > DgQWBBSCEj3sYkh+7kTDbxl2z1RuBnZq1zAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY > MBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHWeQIF > ATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUu > Y29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAW3uduEkfbXschjzuWe1/ > tBFY5ZOMsaLRXyIHaHYdrrqi8NDHa/l+ukPiJZQLyEV3PKHUjFSjZKr88dw5Rw/R > NGD0QaR/4iWcvR8bn0rbHtW1k/q34CsIHLHMqDRdBA3ciJSAViwJDqo7VxIGwkuX > N0veDKwkPgbUL1Z8/HBtl74Acp11LeXP0RWEZYH/FhR9Q2XBnXDHMk8UmjIEKGTv > +ubGxdvq8JN0d++y0hPJjM+RspdrOpLIGIlvIXZefTrobuFGuwiDzdG8P8q1MaVK > 8dHSjECXVd/o81gCI3ZJ9ycHMPMpRxoC3JK21SGHDs16hHuEup2EBNW1w7JKsai5 > wQ== > -----END CERTIFICATE----- > subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*. > googleapis.com > issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2 > --- > No client certificate CA names sent > Peer signing digest: SHA256 > Server Temp Key: ECDH, P-256, 256 bits > --- > SSL handshake has read 3820 bytes and written 433 bytes > --- > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256 > Server public key is 2048 bit > Secure Renegotiation IS supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher : ECDHE-RSA-AES128-GCM-SHA256 > Session-ID: > 9E26D6E32758E9BC908849E57A3DBD2A9C3905604D8E63FB044B0E195C00AF1F > Session-ID-ctx: > Master-Key: > 6458E2E8555AE8A173D525FCDE2A84C39B50451CE645F81ABB1265133C3D6CF272B41F3D0F5F1E66CBB3445FB2FBBBCB > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > TLS session ticket lifetime hint: 100800 (seconds) > TLS session ticket: > 0000 - ec 61 29 b8 43 b5 f4 1c-d7 d8 87 e1 2c b1 77 cd > .a).C.......,.w. > 0010 - 22 1d df 2e 1c e5 27 e5-7e e5 5d 0a f4 8e 67 6a > ".....'.~.]...gj > 0020 - ef 3b 54 67 20 78 bb a3-1f 74 0f 0b 01 5e e2 71 .;Tg > x...t...^.q > 0030 - 88 62 1b 4d 62 d6 8b 88-61 51 51 da 4a de 6f bc > .b.Mb...aQQ.J.o. > 0040 - eb 00 f8 02 cd 25 ed 97-a7 a6 a6 8e c2 5b cd 6b > .....%.......[.k > 0050 - 7c 91 f9 56 8b bc 16 0e-ae 25 55 c3 b1 70 1a 5d > |..V.....%U..p.] > 0060 - f2 6e 91 5a a5 84 e1 a3-d3 68 27 60 47 03 f9 03 > .n.Z.....h'`G... > 0070 - 5b 64 0c 7a f2 fd a5 07-fe 0d 4d 74 47 db 33 fb > [d.z......MtG.3. > 0080 - d9 0d fd 79 9d 21 3a c7-8f b8 5d 36 c4 f2 63 8d > ...y.!:...]6..c. > 0090 - 28 65 8e 72 20 e3 29 97-22 4f 13 3b b2 63 e1 20 (e.r > .)."O.;.c. > 00a0 - 2c a8 b8 4b ,..K > Start Time: 1462572985 > Timeout : 300 (sec) > Verify return code: 20 (unable to get local issuer certificate) > --- > > > On Fri, May 6, 2016 at 2:19 PM, Stephen Henson via RT <[email protected]> > wrote: > > > > I updated the openssl version to 1.0.2h and reran. Was able to > > reproduce. *Old > > pem works newer pem fails*. > > > Can you reproduce this using s_client? > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > -- > Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4510 > Please log in as guest with password guest if prompted > On Fri May 06 00:33:47 2016, [email protected] wrote: >
-- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4510 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
