On Thu, Jan 10, 2013 at 4:53 PM, ianG <[email protected]> wrote: > On 7/01/13 14:33 PM, ianG wrote: >> >> ... > > http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/ > > Pictures above seem to indicate VeriSign as the CA, but whether that means > they know about the MITMing is not clear. Might as well pin it for posterity. It looks like the server is well configured. The 3 levels is somewhat odd (I usually only see 2 here).
Jeff $ echo "GET HTTP/1.0" | openssl s_client -connect cloud1.browser.ovi.com:443 CONNECTED(00000003) depth=2 /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=Illinois/L=Itasca/O=Nokia/OU=OVI Browser/CN=cloud1.browser.ovi.com i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3 1 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIGwTCCBamgAwIBAgIQem60KzQkFEj/5/vUyxgW1DANBgkqhkiG9w0BAQUFADCB vDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDE2MDQGA1UEAxMt VmVyaVNpZ24gQ2xhc3MgMyBJbnRlcm5hdGlvbmFsIFNlcnZlciBDQSAtIEczMB4X DTEyMDIyNzAwMDAwMFoXDTEzMDMwMjIzNTk1OVoweDELMAkGA1UEBhMCVVMxETAP BgNVBAgTCElsbGlub2lzMQ8wDQYDVQQHFAZJdGFzY2ExDjAMBgNVBAoUBU5va2lh MRQwEgYDVQQLFAtPVkkgQnJvd3NlcjEfMB0GA1UEAxQWY2xvdWQxLmJyb3dzZXIu b3ZpLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK+p2V/gxN4t xriYZDJMxfvot0XoASZ75U8zxZK65N5WGYRWaQnb95hNgXtF5ECTkIfz8rCQ1Uum /BIyqZNu0wmdBfEKsft/k4wnm/ApId20lbM+wEYj6RUgFoENGjX3U4tZ9SxhANAp dL0ySN6bduOEyY/r+KZgx851BIiIXJar3M3Nfpzf/AXCh9gL6VxOkNi5Dcffcmev 26dI74QveRqHFg2+nixwOsamSbNfMcpzcpUqhe3qjyD2HzNpYZJke2a91mAaM+19 H7dQ8usC1Ydn0cO+jPe5JXFGMOnFJfJfsoirJ4ouzTi2q7j4T4IVRQaoLk9YZg3U J9lSEWieYpUCAwEAAaOCAwAwggL8MIIBSQYDVR0RBIIBQDCCATyCFmNsb3VkMi5i cm93c2VyLm92aS5jb22CFmNsb3VkMy5icm93c2VyLm92aS5jb22CFmNsb3VkNC5i cm93c2VyLm92aS5jb22CFmNsb3VkNS5icm93c2VyLm92aS5jb22CFmNsb3VkNi5i cm93c2VyLm92aS5jb22CFmNsb3VkNy5icm93c2VyLm92aS5jb22CFmNsb3VkOC5i cm93c2VyLm92aS5jb22CFmNsb3VkOS5icm93c2VyLm92aS5jb22CF2Nsb3VkMTAu YnJvd3Nlci5vdmkuY29tghdjbG91ZDExLmJyb3dzZXIub3ZpLmNvbYIXY2xvdWQx Mi5icm93c2VyLm92aS5jb22CF2Nsb3VkMTMuYnJvd3Nlci5vdmkuY29tghZjbG91 ZDEuYnJvd3Nlci5vdmkuY29tMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMEEGA1Ud HwQ6MDgwNqA0oDKGMGh0dHA6Ly9TVlJJbnRsLUczLWNybC52ZXJpc2lnbi5jb20v U1ZSSW50bEczLmNybDBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcDMCowKAYIKwYB BQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwKAYDVR0lBCEwHwYJ YIZIAYb4QgQBBggrBgEFBQcDAQYIKwYBBQUHAwIwcgYIKwYBBQUHAQEEZjBkMCQG CCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wPAYIKwYBBQUHMAKG MGh0dHA6Ly9TVlJJbnRsLUczLWFpYS52ZXJpc2lnbi5jb20vU1ZSSW50bEczLmNl cjBuBggrBgEFBQcBDARiMGChXqBcMFowWDBWFglpbWFnZS9naWYwITAfMAcGBSsO AwIaBBRLa7kolgYMu9BSOJsprEsHiyEFGDAmFiRodHRwOi8vbG9nby52ZXJpc2ln bi5jb20vdnNsb2dvMS5naWYwDQYJKoZIhvcNAQEFBQADggEBAGazj7k6uZoLl97Q tcZgcLS80j/4Nye0rCtl8MYYwxJHEbWWIBv+r29YWWENo0xUUQUWsNQmfiWU52IH 5f9w/3EmWtkRpe8TZWX8SnRlTbCeitxHWoeBsUVdCsL/ry7Cu1yPDfTUoUG+hPe/ h5BczfWfOMMVcr9L9pz9JlOL0ko3zW3R8HJeYEPqAKjECSnEeTxm4jV4DPxP9HaT vQQV+RIp6gQXaZy0VtYiBhS7PC+l0PfPx8Ts1TkwW+/G4ofZm6ZomG6IZ3/YlrLT H+Jsbjp81SiXaO6oERMzMCcayzWj0w2bvfWF8i1JcTPwUSIOQAcsJbbSML5Ynyxe o/teQMY= -----END CERTIFICATE----- subject=/C=US/ST=Illinois/L=Itasca/O=Nokia/OU=OVI Browser/CN=cloud1.browser.ovi.com issuer=/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)10/CN=VeriSign Class 3 International Server CA - G3 --- No client certificate CA names sent --- SSL handshake has read 4713 bytes and written 444 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 0A99236EC232948C3E0F12B04471B4F5DB4F5A9247A345C9C24B5C4CDDCB100C Session-ID-ctx: Master-Key: D1FA6870F40DCEE21965B33FE99E06996BAEF8F2EF7FE88C92502D12DCB8794C59BF993100B583D9A077A915C2AA36FD Key-Arg : None Start Time: 1357989238 Timeout : 300 (sec) Verify return code: 0 (ok) --- DONE _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
