![]() |
Openssl certs and the files in /etc/certs/common-ca
Hello all.
Following on from the excellent thread with modest connecting with regards to / sslv3 / tlsv1.. I've been checking to see if openssl connects to various websites securely via the command line. Code:
openssl s_client -connect startpage.com:443 -prexit Code:
Verify return code: 20 (unable to get local issuer certificate) Code:
openssl s_client -CApath /etc/certs/common-ca/ -connect startpage.com:443 -prexit My reading of this is openssl cannot see the the directory with the ca-certificates in it. What I have done to try and fix this (to no avail): - I have tried editing the /etc/ssl/openssl.crt file. - I have tried symlinking to the /etc/certs/common-ca in several different ways. - Tried copying the files over. The reason is I use a version of links-browser with ssl support compiled in. It seems to work but testing with the openssl commands doesn't seem to work. Any ideas? ----- PS on a completely different note to remove sslv3 (POODLE vulnerability) support in the web browser. Change about:config and set this switch: security.enable_ssl3 user set boolean false |
Re: Openssl certs and the files in /etc/certs/common-ca
I have struggled with validating certificates on N900 recently and this is how I understand it:
Code:
openssl s_client -connect startpage.com:443 -prexit Code:
Verify return code: 20 (unable to get local issuer certificate) There is nothing to be fixed. Applications like links-browser or Alpine email client know the location of certificates because it's provided during compilation as one of configure script arguments: --with-ssl=path for links and --with-ssl-certs-dir=path (for Alpine). |
Re: Openssl certs and the files in /etc/certs/common-ca
Quote:
(a) the binary .deb (b) instructions on how you compiled it (c) announcement of package availability in extras-devel Cheers. |
Re: Openssl certs and the files in /etc/certs/common-ca
Quote:
|
All times are GMT. The time now is 23:09. |
vBulletin® Version 3.8.8