On 04/19/2013 04:04 PM, Dagobert Michelsen wrote: > Hi Yann, > > I just got a bug report for wget not being able to download the > patchdiag.xref via https: > https://www.opencsw.org/mantis/view.php?id=5068
This seems to be related to my problem with digest algorithms that I've sent out today in another e-mail thread. Digest algorithms not available. > > I can reproduce the problem with openssl: > >> root@login :/root > openssl s_client -connect getupdates.oracle.com:443 >> CONNECTED(00000006) >> write:errno=131 >> --- >> no peer certificate available >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 0 bytes and written 321 bytes >> --- >> New, (NONE), Cipher is (NONE) >> Secure Renegotiation IS NOT supported >> Compression: NONE >> Expansion: NONE >> --- >> zsh: 13656 exit 1 openssl s_client -connect getupdates.oracle.com:443 >> root@login :/root > > > > It should look like this: > >> root@login :/root > openssl s_client -connect www.google.com:443 >> CONNECTED(00000006) >> depth=1 C = US, O = Google Inc, CN = Google Internet Authority >> verify error:num=20:unable to get local issuer certificate >> verify return:0 >> write:errno=0 >> --- >> Certificate chain >> 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com >> i:/C=US/O=Google Inc/CN=Google Internet Authority >> 1 s:/C=US/O=Google Inc/CN=Google Internet Authority >> i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority >> --- >> Server certificate >> -----BEGIN CERTIFICATE----- >> MIIDgDCCAumgAwIBAgIKQJSmXwABAACDizANBgkqhkiG9w0BAQUFADBGMQswCQYD >> VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu >> dGVybmV0IEF1dGhvcml0eTAeFw0xMzA0MTExMjUxNTJaFw0xMzEyMzExNTU4NTBa >> MGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N >> b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRcwFQYDVQQDEw53d3cu >> Z29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2mKYQJK+Uu1N >> B60eCZjotPI4WcFEVlAg1/Wrkn6IgQtgdDdoDqLafkJpzdxpCiS9QfMVTMx0KnSE >> q5yqbIsoIGXECo7LP8DqMIXyLhNQxImZGP0ECnBEoDU+846H/SwRqF84iy13ywZq >> IgURrEKml5xkFQVeB5VcHz9A25TkxbMCAwEAAaOCAVEwggFNMB0GA1UdJQQWMBQG >> CCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQU8/LLjLowUsTURK6fDNOyf3qd >> YBswHwYDVR0jBBgwFoAUv8Aw6/VDET5nup6R+/xq2uNrEiQwWwYDVR0fBFQwUjBQ >> oE6gTIZKaHR0cDovL3d3dy5nc3RhdGljLmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhv >> cml0eS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS5jcmwwZgYIKwYBBQUHAQEEWjBY >> MFYGCCsGAQUFBzAChkpodHRwOi8vd3d3LmdzdGF0aWMuY29tL0dvb2dsZUludGVy >> bmV0QXV0aG9yaXR5L0dvb2dsZUludGVybmV0QXV0aG9yaXR5LmNydDAMBgNVHRMB >> Af8EAjAAMBkGA1UdEQQSMBCCDnd3dy5nb29nbGUuY29tMA0GCSqGSIb3DQEBBQUA >> A4GBAC2xiFaWgeME1eGE/pmKJYA1KUNb/YwGUaxZ/SOwzSiuA8ke/5NVMrJYHwKW >> xAnGkmvQf2IUBaQRVb3PDwMehexQ5SDCc3c5sZcWtxzazLb25HOnFkgO6x3YIpL+ >> +jzdQ4Hb/gWhluh660JQpYXO0n8D2aME0PyBQ4+PuBRg6Dog >> -----END CERTIFICATE----- >> subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com >> issuer=/C=US/O=Google Inc/CN=Google Internet Authority >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 1900 bytes and written 81 bytes >> --- >> New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA >> Server public key is 1024 bit >> Secure Renegotiation IS supported >> Compression: NONE >> Expansion: NONE >> SSL-Session: >> Protocol : TLSv1.2 >> Cipher : ECDHE-RSA-RC4-SHA >> Session-ID: >> Session-ID-ctx: >> Master-Key: >> 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 >> Key-Arg : None >> PSK identity: None >> PSK identity hint: None >> SRP username: None >> Start Time: 1366380057 >> Timeout : 300 (sec) >> Verify return code: 20 (unable to get local issuer certificate) >> --- >> zsh: 13518 exit 1 openssl s_client -connect www.google.com:443 >> root@login :/root > openssl s_client -connect getupdates.oracle.com:443 >> CONNECTED(00000006) >> write:errno=131 >> --- >> no peer certificate available >> --- >> No client certificate CA names sent >> --- >> SSL handshake has read 0 bytes and written 321 bytes >> --- >> New, (NONE), Cipher is (NONE) >> Secure Renegotiation IS NOT supported >> Compression: NONE >> Expansion: NONE >> --- >> zsh: 13656 exit 1 openssl s_client -connect getupdates.oracle.com:443 >> root@login :/root > > > Other https-sites of course work also, just not Oracle :-( > > Any idea how to investigate this? > > > Best regards > > -- Dago > > _______________________________________________ > maintainers mailing list > [email protected] > https://lists.opencsw.org/mailman/listinfo/maintainers > .:: This mailing list's archive is public. ::. > -- Juraj Lutter <[email protected]> _______________________________________________ maintainers mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/maintainers .:: This mailing list's archive is public. ::.
