<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA1 <br>
<br>
You need to specify -CAPath with trusted root CA's from openssl
installation to avoid error 20. :)<br>
<br>
But looks like openssl connect works.<br>
<br>
12.01.2015 16:50, HackXBack пишет:<br>
<span style="white-space: pre;">> openssl s_client -connect
facebook.com:443<br>
> CONNECTED(00000003)<br>
> depth=1 C = US, O = DigiCert Inc, OU = <a class="moz-txt-link-abbreviated" href="http://www.digicert.com">www.digicert.com</a>, CN =
DigiCert High<br>
> Assurance CA-3<br>
> verify error:num=20:unable to get local issuer certificate<br>
> verify return:0<br>
> ---<br>
> Certificate chain<br>
> 0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook,
Inc./CN=*.facebook.com<br>
> i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
High Assurance<br>
> CA-3<br>
> 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
High Assurance<br>
> CA-3<br>
> i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
High Assurance EV<br>
> Root CA<br>
> ---<br>
> Server certificate<br>
> -----BEGIN CERTIFICATE-----<br>
>
MIIFOzCCBCOgAwIBAgIQAXFSvMdg7cYV3Y5PV8hsDzANBgkqhkiG9w0BAQUFADBm<br>
>
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3<br>
>
d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j<br>
>
ZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UE<br>
>
BhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQK<br>
>
Ew5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcq<br>
>
hkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu/Tli9R764EPwi6dKe<br>
>
mPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk/cUMs0bSobxwtIeOo4ICszCCAq8wHwYD<br>
>
VR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg/cwHQYDVR0OBBYEFEMJk0D6EUsw<br>
>
M+zyh26NcRjPiryOMIIBCgYDVR0RBIIBATCB/oIOKi5mYWNlYm9vay5jb22CDGZh<br>
>
Y2Vib29rLmNvbYILKi5mYnNieC5jb22CCyouZmJjZG4ubmV0gg4qLnh4LmZiY2Ru<br>
>
Lm5ldIIOKi54eS5mYmNkbi5uZXSCBmZiLmNvbYIIKi5mYi5jb22CGCouZmFjZWJv<br>
>
b2tjb3Jld3d3aS5vbmlvboIWZmFjZWJvb2tjb3Jld3d3aS5vbmlvboIWZmJjZG4y<br>
>
M2Rzc3IzanFucS5vbmlvboIWZmJzYngycTRtdmNsNjNwdy5vbmlvboIQKi5tLmZh<br>
>
Y2Vib29rLmNvbYIPKi5tZXNzZW5nZXIuY29tgg1tZXNzZW5nZXIuY29tMA4GA1Ud<br>
>
DwEB/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0f<br>
>
BFowWDAqoCigJoYkaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2NhMy1nMjkuY3Js<br>
>
MCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwQgYD<br>
>
VR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu<br>
>
ZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0<br>
>
dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2Vy<br>
>
dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwG<br>
>
A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAJLCX8dGEOeYrtzO+3yobUf+<br>
>
2sRpf5JnDPYs/D583ZDvIR2CC1j6BEZu7s0t8F3UwmZyFtYX+oF0eXTk5CK3LPOl<br>
>
WBEkO0qefB5vuHir2Iwdi3ojSg9FUHNNTKb2nOCv9tIvtSz0ME2J2mGnIQhYjV6i<br>
>
TnyRl2XAxGHej1uxpFhlHVwom7Bh/jliZGxqsB8s5NDMPByuYFO9lzT9THFvkhab<br>
>
fCYW/jVGQ7GYVR0xbAXERppKvYAHtuCpoBx26tx/ecO9cG36dGzqSjUefAHqmJML<br>
>
eSM0nWdjg8K5LolKyUKrrtBRYUIq9DGkROr9LAftTCKs8RZ40Ge3iV/0POlr6FI=<br>
> -----END CERTIFICATE-----<br>
> subject=/C=US/ST=CA/L=Menlo Park/O=Facebook,
Inc./CN=*.facebook.com<br>
> issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
High Assurance<br>
> CA-3<br>
> ---<br>
> No client certificate CA names sent<br>
> ---<br>
> SSL handshake has read 3459 bytes and written 434 bytes<br>
> ---<br>
> New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256<br>
> Server public key is 256 bit<br>
> Secure Renegotiation IS supported<br>
> Compression: NONE<br>
> Expansion: NONE<br>
> SSL-Session:<br>
> Protocol : TLSv1.2<br>
> Cipher : ECDHE-ECDSA-AES128-GCM-SHA256<br>
> Session-ID:<br>
>
3629803712A85282C5F5F7CB236A68B6AD8C7106A03742AFD89B8D3546ED0254<br>
> Session-ID-ctx:<br>
> Master-Key:<br>
>
50F406618339C5DDD75160F035E874306ADD1A0B786A7B1371467F0EC6259FA78D2678B31083A4EAFC286DB0B6565FBB<br>
> Key-Arg : None<br>
> PSK identity: None<br>
> PSK identity hint: None<br>
> SRP username: None<br>
> TLS session ticket lifetime hint: 86000 (seconds)<br>
> TLS session ticket:<br>
> 0000 - 70 3b 0a 20 e0 1b 8a 09-6c 07 4c 69 a4 9d af 51
p;.<br>
> ....l.Li...Q<br>
> 0010 - 74 d0 0e a9 c2 9d c2 08-17 0c 78 bb 5d ea d8 1a <br>
> t.........x.]...<br>
> 0020 - 25 de 4e d1 b8 d1 cd b4-20 7a 8a dc 4a 4c dc e2
%.N.....<br>
> z..JL..<br>
> 0030 - f6 94 f3 41 4b c3 9e 57-19 30 72 38 2e ea d3 58 <br>
> ...AK..W.0r8...X<br>
> 0040 - 16 c7 de 39 a8 f9 11 80-62 60 87 0d 08 b7 2d 56 <br>
> ...9....b`....-V<br>
> 0050 - 2d 9b 0b ac f7 81 8a 22-bb 42 8b 53 71 d4 26 7a <br>
> -......".B.Sq.&z<br>
> 0060 - 8d ef ea 6c de bc d6 2c-15 cc ff 69 3c 34 16 41 <br>
> ...l...,...i<4.A<br>
> 0070 - 3c 2e f7 84 4f b8 a5 7b-35 80 e3 df ee 74 d7 58 <br>
> <...O..{5....t.X<br>
> 0080 - 38 d3 59 aa 84 03 4c ff-f0 22 ff 04 05 b3 3b a3 <br>
> 8.Y...L.."....;.<br>
> 0090 - 7e f9 ae 9f 07 0b dd 0e-86 71 c7 35 44 6f 3e 80 <br>
> ~........q.5Do>.<br>
> 00a0 - bf 43 2c 4f f1 42 dc 09-a8 34 35 9c 1e be 35 a2 <br>
> .C,O.B...45...5.<br>
><br>
> Start Time: 1421085027<br>
> Timeout : 300 (sec)<br>
> Verify return code: 20 (unable to get local issuer
certificate)<br>
> ---<br>
><br>
><br>
><br>
><br>
><br>
> --<br>
> View this message in context:
<a class="moz-txt-link-freetext" href="http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669023.html">http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669023.html</a><br>
> Sent from the Squid - Users mailing list archive at
Nabble.com.<br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBAgAGBQJUs6gHAAoJENNXIZxhPexGCuMH/irKA7ONKqoZxggAiQERyct+
<br>
XtCqaaHkrPMmbq/tCFereYElVXhKwAoZmjaI/lvBOxHE7P4cQqbiOTJoRzyKoD4Q
<br>
ek/9vRN/SMbjGSdQNGy73aJDH8vKZg3vcXviO/bvfjbVO3/b7x6eqZdphJvfjCOG
<br>
XoEmaWNRP/xe+335Db31ww1mbKOiJChaaJF/Wl460zPPTN+b8yGOyu95rm7Xc6LY
<br>
KJELRJ4S/hNEta9o/i8v9sLSSlvAqlgWJgBGW6vNCQ+4pZ3nBhiR5T5dqqekONRy
<br>
pJemiS/KRRONrMDPeZiwkinj/EQbO53Hu5lyQ2ANdYcMPNCT3N/z2LVerxCIQj4=
<br>
=SC7Z
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>