certificate problem? key size problem? help!!!

Sun, 20 Jan 2002 02:21:37 -0800 

I am trying to generate a slient program will SSLeary and openssl.  I
seem to be able to connect to the server and send the authorization
(basic is required) with problems but the certificate is never  trusted,
nor can I get the index html page.  Instead I get insufficient key size
html document.  I've tried setting the cipher to all possible ssl2
ciphers to no avail.  I need to use -ssl2 or the connect never completes
successfully.  I compile OpenSSL 0.9.6c 21 dec 2001 and rans all test
successfull on a sparc 5 solaris 2.7 with gcc 3.x .  Is the certificate
verify stopping a successful connection?

Thanks, any help is appreciated.

Mark


A transcript is the following:

bash-2.05$ openssl s_client -connect autonet.va.autometric.com:443 -ssl2

CONNECTED(00000004)
depth=0 /C=US/ST=Virginia/L=Springfield/O=Autometric Inc./OU=Information
Technology Services/OU=Terms of use at www.ver
isign.com/rpa (c)00/CN=autonet.va.autometric.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=Virginia/L=Springfield/O=Autometric Inc./OU=Information
Technology Services/OU=Terms of use at www.ver
isign.com/rpa (c)00/CN=autonet.va.autometric.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=Virginia/L=Springfield/O=Autometric Inc./OU=Information
Technology Services/OU=Terms of use at www.ver
isign.com/rpa (c)00/CN=autonet.va.autometric.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFvjCCBSegAwIBAgIQHUCKzBkocA6UrDiJo19R7TANBgkqhkiG9w0BAQQFADCB
ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy
aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy
dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg
SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0w
MTA1MDQwMDAwMDBaFw0wMjA1MzEyMzU5NTlaMIHTMQswCQYDVQQGEwJVUzERMA8G
A1UECBMIVmlyZ2luaWExFDASBgNVBAcUC1NwcmluZ2ZpZWxkMRgwFgYDVQQKFA9B
dXRvbWV0cmljIEluYy4xKDAmBgNVBAsUH0luZm9ybWF0aW9uIFRlY2hub2xvZ3kg
U2VydmljZXMxMzAxBgNVBAsUKlRlcm1zIG9mIHVzZSBhdCB3d3cudmVyaXNpZ24u
Y29tL3JwYSAoYykwMDEiMCAGA1UEAxQZYXV0b25ldC52YS5hdXRvbWV0cmljLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAm9mjObk6Zgb10TycoACI0XiS
u0gXoGgfdkwh1t3ipk63sZZHmclg7LILLqsg8U/yzeWi67KR+74ytAfIWj1Zgh/S
RBxTIhrC0uv9hK82+acT6stalQKZ7plxpLAP/ahCxOOEmyfU8Iz8+n3DlATjbzQb
BGZsfir1UjnQwV3vJvcCAwEAAaOCAqgwggKkMAkGA1UdEwQCMAAwggIfBgNVHQME
ggIWMIICEjCCAg4wggIKBgtghkgBhvhFAQcBATCCAfkWggGnVGhpcyBjZXJ0aWZp
Y2F0ZSBpbmNvcnBvcmF0ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBz
dHJpY3RseSBzdWJqZWN0IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQ
cmFjdGljZSBTdGF0ZW1lbnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93
d3cudmVyaXNpZ24uY29tL0NQUzsgYnkgRS1tYWlsIGF0IENQUy1yZXF1ZXN0c0B2
ZXJpc2lnbi5jb207IG9yIGJ5IG1haWwgYXQgVmVyaVNpZ24sIEluYy4sIDI1OTMg
Q29hc3QgQXZlLiwgTW91bnRhaW4gVmlldywgQ0EgOTQwNDMgVVNBIFRlbC4gKzEg
KDQxNSkgOTYxLTg4MzAgQ29weXJpZ2h0IChjKSAxOTk2IFZlcmlTaWduLCBJbmMu
ICBBbGwgUmlnaHRzIFJlc2VydmVkLiBDRVJUQUlOIFdBUlJBTlRJRVMgRElTQ0xB
SU1FRCBhbmQgTElBQklMSVRZIExJTUlURUQuoA4GDGCGSAGG+EUBBwEBAaEOBgxg
hkgBhvhFAQcBAQIwLDAqFihodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcmVwb3Np
dG9yeS9DUFMgMBEGCWCGSAGG+EIBAQQEAwIGQDAUBgNVHSUEDTALBglghkgBhvhC
BAEwMAYKYIZIAYb4RQEGBwQiFiA2MTA4ZDEzZWQ0YWY5Mzc2ZmNmN2E4NjU5MTUy
MTk1MzAZBgpghkgBhvhFAQYPBAsWCTA4MzY1NDYxNjANBgkqhkiG9w0BAQQFAAOB
gQA95wRAkoblU4HNDEsX2yEexGOedbYARoz1YlazpjliC6T+KpZYkxJMxhBif40h
Q1/ojzNPqxS1kcd77hdUJUD1CWb6Es0N6xpeTVCVb791Dh9irxRbuB+DbAdXZIeP
qIW4TiR5ZheXD1TZ6RieNeNFC3dDxdRUJnQSSj4qVuLmwg==
-----END CERTIFICATE-----
subject=/C=US/ST=Virginia/L=Springfield/O=Autometric Inc./OU=Information
Technology Services/OU=Terms of use at www.ver
isign.com/rpa (c)00/CN=autonet.va.autometric.com
issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CP
S Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
RC4-MD5         EXP-RC4-MD5     RC2-CBC-MD5
EXP-RC2-CBC-MD5 DES-CBC-MD5     DES-CBC3-MD5
---
SSL handshake has read 1607 bytes and written 242 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : SSLv2
    Cipher    : DES-CBC3-MD5
    Session-ID: 06777312619B9ADE05EAABB9E2AA6C15
    Session-ID-ctx:
    Master-Key: F56EAFF8608CD7D6BD57F309FF7E51672D7D16CF1D8E6A2A
    Key-Arg   : BE8453F63ACB1BC9
    Start Time: 1011372100
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
GET / HTTP/1.0
Authorization: Basic  <removed for security considerations>=

HTTP/1.0 403 Forbidden
Proxy-agent: Netscape-Proxy/3.52
Date: Fri, 18 Jan 2002 16:45:44 GMT
Content-type: text/html

<title>Insufficient encryption</title><h1>Insufficient encryption</h1>
This document requires a larger secret key size for encryption than your
browser is capable of supporting.
<HTML><HEAD><TITLE>Forbidden</TITLE></HEAD>
<BODY><H1>Forbidden</H1>
The proxy's access control configuration denies access to
the requested object through this proxy.
</BODY></HTML>closed

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to