
<html>

  <head>

    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <br>

    -----BEGIN PGP SIGNED MESSAGE----- <br>

    Hash: SHA1 <br>

     <br>

    You need to specify -CAPath with trusted root CA's from openssl

    installation to avoid error 20. :)<br>

    <br>

    But looks like openssl connect works.<br>

    <br>

    12.01.2015 16:50, HackXBack пишет:<br>

    <span style="white-space: pre;">> openssl s_client -connect

      facebook.com:443<br>

      > CONNECTED(00000003)<br>

      > depth=1 C = US, O = DigiCert Inc, OU = <a class="moz-txt-link-abbreviated" href="http://www.digicert.com">www.digicert.com</a>, CN =

      DigiCert High<br>

      > Assurance CA-3<br>

      > verify error:num=20:unable to get local issuer certificate<br>

      > verify return:0<br>

      > ---<br>

      > Certificate chain<br>

      >  0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook,

      Inc./CN=*.facebook.com<br>

      >    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert

      High Assurance<br>

      > CA-3<br>

      >  1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert

      High Assurance<br>

      > CA-3<br>

      >    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert

      High Assurance EV<br>

      > Root CA<br>

      > ---<br>

      > Server certificate<br>

      > -----BEGIN CERTIFICATE-----<br>

      >

      MIIFOzCCBCOgAwIBAgIQAXFSvMdg7cYV3Y5PV8hsDzANBgkqhkiG9w0BAQUFADBm<br>

      >

      MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3<br>

      >

      d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j<br>

      >

      ZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UE<br>

      >

      BhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQK<br>

      >

      Ew5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcq<br>

      >

      hkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu/Tli9R764EPwi6dKe<br>

      >

      mPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk/cUMs0bSobxwtIeOo4ICszCCAq8wHwYD<br>

      >

      VR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg/cwHQYDVR0OBBYEFEMJk0D6EUsw<br>

      >

      M+zyh26NcRjPiryOMIIBCgYDVR0RBIIBATCB/oIOKi5mYWNlYm9vay5jb22CDGZh<br>

      >

      Y2Vib29rLmNvbYILKi5mYnNieC5jb22CCyouZmJjZG4ubmV0gg4qLnh4LmZiY2Ru<br>

      >

      Lm5ldIIOKi54eS5mYmNkbi5uZXSCBmZiLmNvbYIIKi5mYi5jb22CGCouZmFjZWJv<br>

      >

      b2tjb3Jld3d3aS5vbmlvboIWZmFjZWJvb2tjb3Jld3d3aS5vbmlvboIWZmJjZG4y<br>

      >

      M2Rzc3IzanFucS5vbmlvboIWZmJzYngycTRtdmNsNjNwdy5vbmlvboIQKi5tLmZh<br>

      >

      Y2Vib29rLmNvbYIPKi5tZXNzZW5nZXIuY29tgg1tZXNzZW5nZXIuY29tMA4GA1Ud<br>

      >

      DwEB/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0f<br>

      >

      BFowWDAqoCigJoYkaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2NhMy1nMjkuY3Js<br>

      >

      MCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwQgYD<br>

      >

      VR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu<br>

      >

      ZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0<br>

      >

      dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2Vy<br>

      >

      dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwG<br>

      >

      A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAJLCX8dGEOeYrtzO+3yobUf+<br>

      >

      2sRpf5JnDPYs/D583ZDvIR2CC1j6BEZu7s0t8F3UwmZyFtYX+oF0eXTk5CK3LPOl<br>

      >

      WBEkO0qefB5vuHir2Iwdi3ojSg9FUHNNTKb2nOCv9tIvtSz0ME2J2mGnIQhYjV6i<br>

      >

      TnyRl2XAxGHej1uxpFhlHVwom7Bh/jliZGxqsB8s5NDMPByuYFO9lzT9THFvkhab<br>

      >

      fCYW/jVGQ7GYVR0xbAXERppKvYAHtuCpoBx26tx/ecO9cG36dGzqSjUefAHqmJML<br>

      >

      eSM0nWdjg8K5LolKyUKrrtBRYUIq9DGkROr9LAftTCKs8RZ40Ge3iV/0POlr6FI=<br>

      > -----END CERTIFICATE-----<br>

      > subject=/C=US/ST=CA/L=Menlo Park/O=Facebook,

      Inc./CN=*.facebook.com<br>

      > issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert

      High Assurance<br>

      > CA-3<br>

      > ---<br>

      > No client certificate CA names sent<br>

      > ---<br>

      > SSL handshake has read 3459 bytes and written 434 bytes<br>

      > ---<br>

      > New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256<br>

      > Server public key is 256 bit<br>

      > Secure Renegotiation IS supported<br>

      > Compression: NONE<br>

      > Expansion: NONE<br>

      > SSL-Session:<br>

      >     Protocol  : TLSv1.2<br>

      >     Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256<br>

      >     Session-ID:<br>

      >

      3629803712A85282C5F5F7CB236A68B6AD8C7106A03742AFD89B8D3546ED0254<br>

      >     Session-ID-ctx:<br>

      >     Master-Key:<br>

      >

50F406618339C5DDD75160F035E874306ADD1A0B786A7B1371467F0EC6259FA78D2678B31083A4EAFC286DB0B6565FBB<br>

      >     Key-Arg   : None<br>

      >     PSK identity: None<br>

      >     PSK identity hint: None<br>

      >     SRP username: None<br>

      >     TLS session ticket lifetime hint: 86000 (seconds)<br>

      >     TLS session ticket:<br>

      >     0000 - 70 3b 0a 20 e0 1b 8a 09-6c 07 4c 69 a4 9d af 51  

      p;.<br>

      > ....l.Li...Q<br>

      >     0010 - 74 d0 0e a9 c2 9d c2 08-17 0c 78 bb 5d ea d8 1a  <br>

      > t.........x.]...<br>

      >     0020 - 25 de 4e d1 b8 d1 cd b4-20 7a 8a dc 4a 4c dc e2  

      %.N.....<br>

      > z..JL..<br>

      >     0030 - f6 94 f3 41 4b c3 9e 57-19 30 72 38 2e ea d3 58  <br>

      > ...AK..W.0r8...X<br>

      >     0040 - 16 c7 de 39 a8 f9 11 80-62 60 87 0d 08 b7 2d 56  <br>

      > ...9....b`....-V<br>

      >     0050 - 2d 9b 0b ac f7 81 8a 22-bb 42 8b 53 71 d4 26 7a  <br>

      > -......".B.Sq.&z<br>

      >     0060 - 8d ef ea 6c de bc d6 2c-15 cc ff 69 3c 34 16 41  <br>

      > ...l...,...i<4.A<br>

      >     0070 - 3c 2e f7 84 4f b8 a5 7b-35 80 e3 df ee 74 d7 58  <br>

      > <...O..{5....t.X<br>

      >     0080 - 38 d3 59 aa 84 03 4c ff-f0 22 ff 04 05 b3 3b a3  <br>

      > 8.Y...L.."....;.<br>

      >     0090 - 7e f9 ae 9f 07 0b dd 0e-86 71 c7 35 44 6f 3e 80  <br>

      > ~........q.5Do>.<br>

      >     00a0 - bf 43 2c 4f f1 42 dc 09-a8 34 35 9c 1e be 35 a2  <br>

      > .C,O.B...45...5.<br>

      ><br>

      >     Start Time: 1421085027<br>

      >     Timeout   : 300 (sec)<br>

      >     Verify return code: 20 (unable to get local issuer

      certificate)<br>

      > ---<br>

      ><br>

      ><br>

      ><br>

      ><br>

      ><br>

      > --<br>

      > View this message in context:

<a class="moz-txt-link-freetext" href="http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669023.html">http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669023.html</a><br>

      > Sent from the Squid - Users mailing list archive at

      Nabble.com.<br>

      > _______________________________________________<br>

      > squid-users mailing list<br>

      > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>

      > <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>

    <br>

    -----BEGIN PGP SIGNATURE-----

<br>

    Version: GnuPG v2

<br>

     <br>

    iQEcBAEBAgAGBQJUs6gHAAoJENNXIZxhPexGCuMH/irKA7ONKqoZxggAiQERyct+

<br>

    XtCqaaHkrPMmbq/tCFereYElVXhKwAoZmjaI/lvBOxHE7P4cQqbiOTJoRzyKoD4Q

<br>

    ek/9vRN/SMbjGSdQNGy73aJDH8vKZg3vcXviO/bvfjbVO3/b7x6eqZdphJvfjCOG

<br>

    XoEmaWNRP/xe+335Db31ww1mbKOiJChaaJF/Wl460zPPTN+b8yGOyu95rm7Xc6LY

<br>

    KJELRJ4S/hNEta9o/i8v9sLSSlvAqlgWJgBGW6vNCQ+4pZ3nBhiR5T5dqqekONRy

<br>

    pJemiS/KRRONrMDPeZiwkinj/EQbO53Hu5lyQ2ANdYcMPNCT3N/z2LVerxCIQj4=

<br>

    =SC7Z

<br>

    -----END PGP SIGNATURE-----

<br>

    <br>

  </body>

</html>