Il giorno ven, 12/11/2010 alle 17.49 +0100, Joachim Ott ha scritto:
> --- cert-retrieve.sh.orig 2010-11-12 17:17:28.000000000 +0100
> +++ cert-retrieve.sh 2010-11-12 17:19:12.000000000 +0100
> @@ -5,6 +5,5 @@
> REMHOST=$1
> REMPORT=${2:-443}
>
> -echo |\
> -openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |\
> +openssl s_client -connect ${REMHOST}:${REMPORT} </dev/null 2>&1 |\
> sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
>
> Apart from kidding, I couldn't get it working here. I saved the cert
> to /usr/share/ca-certificates, made a symlink to /etc/ssl/certs,
> appended it to /etc/ssl/certs/ca-certificates.crt - do I need to do
> anything else?
Well, in fact it doesn't work. It seems that both openssl and gnutls
doesn't use /etc/ssl/certs as path. Openssl look for its config file
in /usr/lib/ssl (but not for certs), while I'm still investigating where
gnutls is looking for the cert files.
If you use:
openssl s_client -connect google.com:443 -CApath /etc/ssl/certs
It works, while if you don't set the -CApath you get the error:
Verify return code: 20 (unable to get local issuer certificate)
:(
_______________________________________________
Shr-User mailing list
[email protected]
http://lists.shr-project.org/mailman/listinfo/shr-user
