jld*_*ger 3 ssl debugging openssl ssl-certificate
当我openssl -connect www.google.com:443从 Debian VM运行命令时,我在输出中得到以下内容:
验证返回码:20(无法获取本地颁发者证书)
这里发生了什么?我从来没有遇到过谷歌的证书问题,所以它一定是 Debian 或 openSSL 库的问题。当这样的工具不能验证我知道的系统时,调试其他 SSL 系统会更难!
sys*_*138 10
在我使用的另一个 Linux 发行版上,裸-connect动词实际上并不导入系统上安装的根 CA 包。为此,您需要添加-CApath /etc/ssl/wherever/,其中路径是根 CA 证书包的位置。
没有 CAPath:
CONNECTED(00000003)
depth=1 C = ZA, O = Thawte Consulting (Pty) Ltd., CN = Thawte SGC CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com
i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
使用 CAPath:
CONNECTED(00000003)
depth=2 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify return:1
depth=1 C = ZA, O = Thawte Consulting (Pty) Ltd., CN = Thawte SGC CA
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = mail.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com
i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
| 归档时间: |
|
| 查看次数: |
1895 次 |
| 最近记录: |