Re: [Help-gnutls] Peer verification

Michael Bell Fri, 23 Nov 2007 05:50:39 -0800

Nikos Mavrogiannopoulos schrieb:

Could you use the -d 3 switch to gnutls-cli and send the output?


Yes, please see attachment.

Best regards

Michael
--
_______________________________________________________________

Michael Bell                    Humboldt-Universitaet zu Berlin

Tel.: +49 (0)30-2093 2482       ZE Computer- und Medienservice
Fax:  +49 (0)30-2093 2704       Unter den Linden 6
[EMAIL PROTECTED]   D-10099 Berlin
_______________________________________________________________

X.509 CA Certificates / Wurzelzertifikate

http://ra.pki.hu-berlin.de

src$ gnutls-cli --x509cafile /tmp/calist_000.pem kalender.cms.hu-berlin.de -d 3
Processed 3 CA certificate(s).
Resolving 'kalender.cms.hu-berlin.de'...
Connecting to '141.20.5.16:443'...
|<3>| HSK[807a5c8]: Removing ciphersuite: DHE_PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: DHE_PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: DHE_PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: DHE_PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: PSK_SHA_AES_256_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: PSK_SHA_AES_128_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: PSK_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: PSK_SHA_ARCFOUR_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: SRP_SHA_RSA_AES_256_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: SRP_SHA_RSA_AES_128_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: SRP_SHA_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: SRP_SHA_DSS_AES_256_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: SRP_SHA_DSS_AES_128_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: SRP_SHA_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: SRP_SHA_AES_256_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: SRP_SHA_AES_128_CBC_SHA1
|<3>| HSK[807a5c8]: Removing ciphersuite: SRP_SHA_3DES_EDE_CBC_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
|<3>| HSK[807a5c8]: Keeping ciphersuite: RSA_ARCFOUR_MD5
|<2>| EXT[807a5c8]: Sending extension CERT_TYPE
|<2>| EXT[807a5c8]: Sending extension SERVER_NAME
|<3>| HSK[807a5c8]: CLIENT HELLO was send [111 bytes]
|<3>| HSK[807a5c8]: SERVER HELLO was received [42 bytes]
|<3>| HSK[807a5c8]: Server's version: 3.1
|<3>| HSK[807a5c8]: SessionID length: 0
|<3>| HSK[807a5c8]: SessionID:
|<3>| HSK[807a5c8]: Selected cipher suite: DHE_RSA_AES_256_CBC_SHA1
|<2>| ASSERT: gnutls_extensions.c:153
|<3>| HSK[807a5c8]: CERTIFICATE was received [10346 bytes]
|<3>| HSK[807a5c8]: SERVER KEY EXCHANGE was received [397 bytes]
|<3>| HSK[807a5c8]: SERVER HELLO DONE was received [4 bytes]
|<2>| ASSERT: gnutls_handshake.c:1041
|<3>| HSK[807a5c8]: CLIENT KEY EXCHANGE was send [134 bytes]
|<3>| REC[807a5c8]: Sent ChangeCipherSpec
|<3>| HSK[807a5c8]: Cipher Suite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[807a5c8]: Initializing internal [write] cipher sessions
|<3>| HSK[807a5c8]: FINISHED was send [16 bytes]
|<3>| HSK[807a5c8]: Cipher Suite: DHE_RSA_AES_256_CBC_SHA1
|<3>| HSK[807a5c8]: Initializing internal [read] cipher sessions
|<3>| HSK[807a5c8]: FINISHED was received [16 bytes]
|<2>| ASSERT: ext_server_name.c:244
- Certificate type: X.509
 - Got a certificate list of 6 certificates.

 - Certificate[0] info:
 # The hostname in the certificate matches 'kalender.cms.hu-berlin.de'.
 # valid since: Tue Apr 10 09:56:31 CEST 2007
 # expires at: Thu Apr  9 09:56:31 CEST 2009
 # fingerprint: 04:6D:38:E9:AE:50:3B:FE:68:F6:A1:B7:6A:BD:35:3A
 # Subject's DN: C=DE,O=Humboldt-Universitaet zu Berlin,OU=Computer- und Medienservice,CN=(kalender|kalender1|kalender2).cms.hu-berlin.de
 # Issuer's DN: C=DE,O=Humboldt-Universitaet zu Berlin,OU=HU-CA,CN=HU-CA 4

 - Certificate[1] info:
 # valid since: Sat Dec  1 13:11:16 CET 2001
 # expires at: Sun Jan 31 13:11:16 CET 2010
 # fingerprint: 3E:1F:9E:E6:4C:6E:F0:22:08:25:DA:91:23:08:05:03
 # Subject's DN: C=DE,O=Deutsches Forschungsnetz,OU=DFN-CERT GmbH,OU=DFN-PCA,CN=DFN Toplevel Certification Authority,[EMAIL PROTECTED]
 # Issuer's DN: C=DE,O=Deutsches Forschungsnetz,OU=DFN-CERT GmbH,OU=DFN-PCA,CN=DFN Toplevel Certification Authority,[EMAIL PROTECTED]

 - Certificate[2] info:
 # valid since: Wed Dec 12 19:20:36 CET 2001
 # expires at: Mon Dec 12 19:20:36 CET 2005
 # fingerprint: 1E:42:77:7F:98:C7:BD:52:C5:EC:47:0A:36:5C:5E:10
 # Subject's DN: C=DE,O=Humboldt-Universitaet zu Berlin,CN=HU-CA [sign only],[EMAIL PROTECTED]
 # Issuer's DN: C=DE,O=Deutsches Forschungsnetz,OU=DFN-CERT GmbH,OU=DFN-PCA,CN=DFN Toplevel Certification Authority,[EMAIL PROTECTED]

 - Certificate[3] info:
 # valid since: Mon Oct 18 16:19:09 CEST 2004
 # expires at: Sat Oct 18 16:19:09 CEST 2008
 # fingerprint: 44:88:A0:5E:93:12:1D:EA:56:E4:00:F6:98:87:58:A4
 # Subject's DN: C=DE,O=Humboldt-Universitaet zu Berlin,OU=HU-CA,CN=HU-CA 1
 # Issuer's DN: C=DE,O=Deutsches Forschungsnetz,OU=DFN-CERT GmbH,OU=DFN-PCA,CN=DFN Toplevel Certification Authority,[EMAIL PROTECTED]

 - Certificate[4] info:
 # valid since: Mon Oct 24 13:53:26 CEST 2005
 # expires at: Wed Oct 24 13:53:26 CEST 2007
 # fingerprint: EA:6E:02:BC:38:91:F2:47:21:9A:0E:9D:F9:E8:3A:BD
 # Subject's DN: C=DE,O=Humboldt-Universitaet zu Berlin,OU=HU-CA,CN=HU-DCA 3
 # Issuer's DN: C=DE,O=Humboldt-Universitaet zu Berlin,OU=HU-CA,CN=HU-CA 1

 - Certificate[5] info:
 # valid since: Wed Oct 11 16:19:18 CEST 2006
 # expires at: Sun Oct 10 16:19:18 CEST 2010
 # fingerprint: 41:0C:13:A7:80:BF:FC:41:A6:68:6E:41:42:E7:CD:35
 # Subject's DN: C=DE,O=Humboldt-Universitaet zu Berlin,OU=HU-CA,CN=HU-CA 4
 # Issuer's DN: C=DE,O=DFN-Verein,OU=DFN-PKI,CN=DFN-Verein PCA Classic - G01

|<2>| ASSERT: dn.c:1122
|<2>| ASSERT: dn.c:1122
|<2>| ASSERT: mpi.c:576
|<2>| ASSERT: dn.c:1122
|<2>| ASSERT: dn.c:1122
|<2>| ASSERT: dn.c:1127
|<2>| ASSERT: verify.c:206
|<2>| ASSERT: verify.c:255

- Peer's certificate is NOT trusted
- Version: TLS 1.0
- Key Exchange: DHE RSA
- Cipher: AES 256 CBC
- MAC: SHA
- Compression: NULL
|<2>| ASSERT: dn.c:1122
|<2>| ASSERT: dn.c:1122
|<2>| ASSERT: mpi.c:576
|<2>| ASSERT: dn.c:1122
|<2>| ASSERT: dn.c:1122
|<2>| ASSERT: dn.c:1127
|<2>| ASSERT: verify.c:206
|<2>| ASSERT: verify.c:255
*** Verifying server certificate failed...

smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Help-gnutls mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnutls

Re: [Help-gnutls] Peer verification

Reply via email to