[csw-maintainers] OpenSSL connection issue

Juraj Lutter wilbury at opencsw.org
Thu Apr 25 10:30:57 CEST 2013 

On 04/19/2013 04:04 PM, Dagobert Michelsen wrote:
> Hi Yann,
> 
> I just got a bug report for wget not being able to download the patchdiag.xref via https:
>   https://www.opencsw.org/mantis/view.php?id=5068

This seems to be related to my problem with digest algorithms that I've
sent out today in another e-mail thread.

Digest algorithms not available.


> 
> I can reproduce the problem with openssl:
> 
>> root at login :/root > openssl s_client -connect getupdates.oracle.com:443
>> CONNECTED(00000006)
>> write:errno=131
>> ---
>> no peer certificate available
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 0 bytes and written 321 bytes
>> ---
>> New, (NONE), Cipher is (NONE)
>> Secure Renegotiation IS NOT supported
>> Compression: NONE
>> Expansion: NONE
>> ---
>> zsh: 13656 exit 1     openssl s_client -connect getupdates.oracle.com:443
>> root at login :/root > 
> 
> 
> It should look like this:
> 
>> root at login :/root > openssl s_client -connect www.google.com:443
>> CONNECTED(00000006)
>> depth=1 C = US, O = Google Inc, CN = Google Internet Authority
>> verify error:num=20:unable to get local issuer certificate
>> verify return:0
>> write:errno=0
>> ---
>> Certificate chain
>>  0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
>>    i:/C=US/O=Google Inc/CN=Google Internet Authority
>>  1 s:/C=US/O=Google Inc/CN=Google Internet Authority
>>    i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
>> ---
>> Server certificate
>> -----BEGIN CERTIFICATE-----
>> MIIDgDCCAumgAwIBAgIKQJSmXwABAACDizANBgkqhkiG9w0BAQUFADBGMQswCQYD
>> VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
>> dGVybmV0IEF1dGhvcml0eTAeFw0xMzA0MTExMjUxNTJaFw0xMzEyMzExNTU4NTBa
>> MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
>> b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw53d3cu
>> Z29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2mKYQJK+Uu1N
>> B60eCZjotPI4WcFEVlAg1/Wrkn6IgQtgdDdoDqLafkJpzdxpCiS9QfMVTMx0KnSE
>> q5yqbIsoIGXECo7LP8DqMIXyLhNQxImZGP0ECnBEoDU+846H/SwRqF84iy13ywZq
>> IgURrEKml5xkFQVeB5VcHz9A25TkxbMCAwEAAaOCAVEwggFNMB0GA1UdJQQWMBQG
>> CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU8/LLjLowUsTURK6fDNOyf3qd
>> YBswHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0fBFQwUjBQ
>> oE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhv
>> cml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUHAQEEWjBY
>> MFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2dsZUludGVy
>> bmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDAMBgNVHRMB
>> Af8EAjAAMBkGA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMA0GCSqGSIb3DQEBBQUA
>> A4GBAC2xiFaWgeME1eGE/pmKJYA1KUNb/YwGUaxZ/SOwzSiuA8ke/5NVMrJYHwKW
>> xAnGkmvQf2IUBaQRVb3PDwMehexQ5SDCc3c5sZcWtxzazLb25HOnFkgO6x3YIpL+
>> +jzdQ4Hb/gWhluh660JQpYXO0n8D2aME0PyBQ4+PuBRg6Dog
>> -----END CERTIFICATE-----
>> subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
>> issuer=/C=US/O=Google Inc/CN=Google Internet Authority
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 1900 bytes and written 81 bytes
>> ---
>> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
>> Server public key is 1024 bit
>> Secure Renegotiation IS supported
>> Compression: NONE
>> Expansion: NONE
>> SSL-Session:
>>     Protocol  : TLSv1.2
>>     Cipher    : ECDHE-RSA-RC4-SHA
>>     Session-ID: 
>>     Session-ID-ctx: 
>>     Master-Key: 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
>>     Key-Arg   : None
>>     PSK identity: None
>>     PSK identity hint: None
>>     SRP username: None
>>     Start Time: 1366380057
>>     Timeout   : 300 (sec)
>>     Verify return code: 20 (unable to get local issuer certificate)
>> ---
>> zsh: 13518 exit 1     openssl s_client -connect www.google.com:443
>> root at login :/root > openssl s_client -connect getupdates.oracle.com:443
>> CONNECTED(00000006)
>> write:errno=131
>> ---
>> no peer certificate available
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 0 bytes and written 321 bytes
>> ---
>> New, (NONE), Cipher is (NONE)
>> Secure Renegotiation IS NOT supported
>> Compression: NONE
>> Expansion: NONE
>> ---
>> zsh: 13656 exit 1     openssl s_client -connect getupdates.oracle.com:443
>> root at login :/root > 
> 
> Other https-sites of course work also, just not Oracle :-(
> 
> Any idea how to investigate this?
> 
> 
> Best regards
> 
>   -- Dago
> 
> _______________________________________________
> maintainers mailing list
> maintainers at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/maintainers
> .:: This mailing list's archive is public. ::.
> 


-- 
Juraj Lutter <wilbury at opencsw.org>

More information about the maintainers mailing list