<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <br>
    -----BEGIN PGP SIGNED MESSAGE----- <br>
    Hash: SHA1 <br>
     <br>
    You need to specify -CAPath with trusted root CA's from openssl
    installation to avoid error 20. :)<br>
    <br>
    But looks like openssl connect works.<br>
    <br>
    12.01.2015 16:50, HackXBack пишет:<br>
    <span style="white-space: pre;">> openssl s_client -connect
      facebook.com:443<br>
      > CONNECTED(00000003)<br>
      > depth=1 C = US, O = DigiCert Inc, OU = <a class="moz-txt-link-abbreviated" href="http://www.digicert.com">www.digicert.com</a>, CN =
      DigiCert High<br>
      > Assurance CA-3<br>
      > verify error:num=20:unable to get local issuer certificate<br>
      > verify return:0<br>
      > ---<br>
      > Certificate chain<br>
      >  0 s:/C=US/ST=CA/L=Menlo Park/O=Facebook,
      Inc./CN=*.facebook.com<br>
      >    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
      High Assurance<br>
      > CA-3<br>
      >  1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
      High Assurance<br>
      > CA-3<br>
      >    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
      High Assurance EV<br>
      > Root CA<br>
      > ---<br>
      > Server certificate<br>
      > -----BEGIN CERTIFICATE-----<br>
      >
      MIIFOzCCBCOgAwIBAgIQAXFSvMdg7cYV3Y5PV8hsDzANBgkqhkiG9w0BAQUFADBm<br>
      >
      MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3<br>
      >
      d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j<br>
      >
      ZSBDQS0zMB4XDTE0MDgyODAwMDAwMFoXDTE1MTAyODEyMDAwMFowYTELMAkGA1UE<br>
      >
      BhMCVVMxCzAJBgNVBAgTAkNBMRMwEQYDVQQHEwpNZW5sbyBQYXJrMRcwFQYDVQQK<br>
      >
      Ew5GYWNlYm9vaywgSW5jLjEXMBUGA1UEAwwOKi5mYWNlYm9vay5jb20wWTATBgcq<br>
      >
      hkjOPQIBBggqhkjOPQMBBwNCAATY0d01veJZtvubH1QVjNu/Tli9R764EPwi6dKe<br>
      >
      mPhJKiX7lEbkQpmEUBxfAf0UJTFcTtlk/cUMs0bSobxwtIeOo4ICszCCAq8wHwYD<br>
      >
      VR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg/cwHQYDVR0OBBYEFEMJk0D6EUsw<br>
      >
      M+zyh26NcRjPiryOMIIBCgYDVR0RBIIBATCB/oIOKi5mYWNlYm9vay5jb22CDGZh<br>
      >
      Y2Vib29rLmNvbYILKi5mYnNieC5jb22CCyouZmJjZG4ubmV0gg4qLnh4LmZiY2Ru<br>
      >
      Lm5ldIIOKi54eS5mYmNkbi5uZXSCBmZiLmNvbYIIKi5mYi5jb22CGCouZmFjZWJv<br>
      >
      b2tjb3Jld3d3aS5vbmlvboIWZmFjZWJvb2tjb3Jld3d3aS5vbmlvboIWZmJjZG4y<br>
      >
      M2Rzc3IzanFucS5vbmlvboIWZmJzYngycTRtdmNsNjNwdy5vbmlvboIQKi5tLmZh<br>
      >
      Y2Vib29rLmNvbYIPKi5tZXNzZW5nZXIuY29tgg1tZXNzZW5nZXIuY29tMA4GA1Ud<br>
      >
      DwEB/wQEAwIDiDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0f<br>
      >
      BFowWDAqoCigJoYkaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL2NhMy1nMjkuY3Js<br>
      >
      MCqgKKAmhiRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vY2EzLWcyOS5jcmwwQgYD<br>
      >
      VR0gBDswOTA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cu<br>
      >
      ZGlnaWNlcnQuY29tL0NQUzB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0<br>
      >
      dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2Vy<br>
      >
      dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwG<br>
      >
      A1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBAJLCX8dGEOeYrtzO+3yobUf+<br>
      >
      2sRpf5JnDPYs/D583ZDvIR2CC1j6BEZu7s0t8F3UwmZyFtYX+oF0eXTk5CK3LPOl<br>
      >
      WBEkO0qefB5vuHir2Iwdi3ojSg9FUHNNTKb2nOCv9tIvtSz0ME2J2mGnIQhYjV6i<br>
      >
      TnyRl2XAxGHej1uxpFhlHVwom7Bh/jliZGxqsB8s5NDMPByuYFO9lzT9THFvkhab<br>
      >
      fCYW/jVGQ7GYVR0xbAXERppKvYAHtuCpoBx26tx/ecO9cG36dGzqSjUefAHqmJML<br>
      >
      eSM0nWdjg8K5LolKyUKrrtBRYUIq9DGkROr9LAftTCKs8RZ40Ge3iV/0POlr6FI=<br>
      > -----END CERTIFICATE-----<br>
      > subject=/C=US/ST=CA/L=Menlo Park/O=Facebook,
      Inc./CN=*.facebook.com<br>
      > issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert
      High Assurance<br>
      > CA-3<br>
      > ---<br>
      > No client certificate CA names sent<br>
      > ---<br>
      > SSL handshake has read 3459 bytes and written 434 bytes<br>
      > ---<br>
      > New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256<br>
      > Server public key is 256 bit<br>
      > Secure Renegotiation IS supported<br>
      > Compression: NONE<br>
      > Expansion: NONE<br>
      > SSL-Session:<br>
      >     Protocol  : TLSv1.2<br>
      >     Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256<br>
      >     Session-ID:<br>
      >
      3629803712A85282C5F5F7CB236A68B6AD8C7106A03742AFD89B8D3546ED0254<br>
      >     Session-ID-ctx:<br>
      >     Master-Key:<br>
      >
50F406618339C5DDD75160F035E874306ADD1A0B786A7B1371467F0EC6259FA78D2678B31083A4EAFC286DB0B6565FBB<br>
      >     Key-Arg   : None<br>
      >     PSK identity: None<br>
      >     PSK identity hint: None<br>
      >     SRP username: None<br>
      >     TLS session ticket lifetime hint: 86000 (seconds)<br>
      >     TLS session ticket:<br>
      >     0000 - 70 3b 0a 20 e0 1b 8a 09-6c 07 4c 69 a4 9d af 51  
      p;.<br>
      > ....l.Li...Q<br>
      >     0010 - 74 d0 0e a9 c2 9d c2 08-17 0c 78 bb 5d ea d8 1a  <br>
      > t.........x.]...<br>
      >     0020 - 25 de 4e d1 b8 d1 cd b4-20 7a 8a dc 4a 4c dc e2  
      %.N.....<br>
      > z..JL..<br>
      >     0030 - f6 94 f3 41 4b c3 9e 57-19 30 72 38 2e ea d3 58  <br>
      > ...AK..W.0r8...X<br>
      >     0040 - 16 c7 de 39 a8 f9 11 80-62 60 87 0d 08 b7 2d 56  <br>
      > ...9....b`....-V<br>
      >     0050 - 2d 9b 0b ac f7 81 8a 22-bb 42 8b 53 71 d4 26 7a  <br>
      > -......".B.Sq.&z<br>
      >     0060 - 8d ef ea 6c de bc d6 2c-15 cc ff 69 3c 34 16 41  <br>
      > ...l...,...i<4.A<br>
      >     0070 - 3c 2e f7 84 4f b8 a5 7b-35 80 e3 df ee 74 d7 58  <br>
      > <...O..{5....t.X<br>
      >     0080 - 38 d3 59 aa 84 03 4c ff-f0 22 ff 04 05 b3 3b a3  <br>
      > 8.Y...L.."....;.<br>
      >     0090 - 7e f9 ae 9f 07 0b dd 0e-86 71 c7 35 44 6f 3e 80  <br>
      > ~........q.5Do>.<br>
      >     00a0 - bf 43 2c 4f f1 42 dc 09-a8 34 35 9c 1e be 35 a2  <br>
      > .C,O.B...45...5.<br>
      ><br>
      >     Start Time: 1421085027<br>
      >     Timeout   : 300 (sec)<br>
      >     Verify return code: 20 (unable to get local issuer
      certificate)<br>
      > ---<br>
      ><br>
      ><br>
      ><br>
      ><br>
      ><br>
      > --<br>
      > View this message in context:
<a class="moz-txt-link-freetext" href="http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669023.html">http://squid-web-proxy-cache.1019090.n4.nabble.com/ssl-cert-wiki-tp4669016p4669023.html</a><br>
      > Sent from the Squid - Users mailing list archive at
      Nabble.com.<br>
      > _______________________________________________<br>
      > squid-users mailing list<br>
      > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
      > <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
    <br>
    -----BEGIN PGP SIGNATURE-----
<br>
    Version: GnuPG v2
<br>
     <br>
    iQEcBAEBAgAGBQJUs6gHAAoJENNXIZxhPexGCuMH/irKA7ONKqoZxggAiQERyct+
<br>
    XtCqaaHkrPMmbq/tCFereYElVXhKwAoZmjaI/lvBOxHE7P4cQqbiOTJoRzyKoD4Q
<br>
    ek/9vRN/SMbjGSdQNGy73aJDH8vKZg3vcXviO/bvfjbVO3/b7x6eqZdphJvfjCOG
<br>
    XoEmaWNRP/xe+335Db31ww1mbKOiJChaaJF/Wl460zPPTN+b8yGOyu95rm7Xc6LY
<br>
    KJELRJ4S/hNEta9o/i8v9sLSSlvAqlgWJgBGW6vNCQ+4pZ3nBhiR5T5dqqekONRy
<br>
    pJemiS/KRRONrMDPeZiwkinj/EQbO53Hu5lyQ2ANdYcMPNCT3N/z2LVerxCIQj4=
<br>
    =SC7Z
<br>
    -----END PGP SIGNATURE-----
<br>
    <br>
  </body>
</html>