* www.CAcert.org * CN=CAcert Class 3 Root * Public key algorithm: rsaEncryption (2048 bits) * Sign algorithm sha1WithRSAEncryption * Valid since Dec 2 06:39:46 2009 GMT to Dec 2 06:39:46 2011 GMT * * Cipher info: * Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits) * * Verify E: unable to verify the first certificate.? (21) -- Ignored * Connected. Now logging in... * *** Looking up your hostname... * *** Checking Ident * *** Found your hostname * *** No Ident response * cantor already in use. Retrying with cantor_... * *** Connected securely via SSLv3 AES256-SHA-256 * Welcome to the Oz Internet Relay Chat Network cantor_ * Your host is cdk.com[174.143.149.197/9994], running version hybrid-7.2.2+oftc1.6.3 * This server was created Mar 14 2008 at 22:37:51
lrwxrwxrwx 1 root root 52 2009-10-31 16:00 /etc/ssl/certs/cacert.org.pem -> /usr/share/ca-certificates/cacert.org/cacert.org.crt On Mon, Dec 14, 2009 at 11:20 AM, Gilbert Mendoza <gmend...@gmail.com> wrote: > Hey Guys... > > Just FYI... the certificate's common name appears to be set to > irc.cdk.com not irc.socallinux.org, so this may or may not be a > problem for your client. > > While the SSL handshake is successful, typically browsers will not > trust the certificate if the hostname specified is different than > what's contained in the CN. If you're using Pidgin for example, you'll > get a convenient dialog asking whether you trust the certificate even > with the difference in name. If you change the server path to > irc.cdk.com, pidgin will simply ask if you trust the cert, since it > doesn't seem check the system wide CA certificate path. > > I don't know if Xchat for example checks either the common name or the > certificate path, but I can never seem to get a successful connection > with it unless I explicitly state to ignore cert errors (which I just > don't like to do). If anyone has input on how to get Xchat to check > against either a directory of certs or the specific CA cert, that > would be most interesting. > > To test an SSL connection from CLI and test for validity... > openssl s_client -connect irc.socallinux.org:9994 -CAfile > /usr/share/ca-certificates/cacert.org/cacert.org.crt > > -- > Gilbert Mendoza > PGP: 0x7403B303 > Email: gmendoza at gmail.com > http://gilbertmendoza.com > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > -- "As we open our newspapers or watch our television screens, we seem to be continually assaulted by the fruits of Mankind's stupidity." -Roger Penrose _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
