[7.8] Erroneous IssuerMismatch?
Locked
[7.8] Erroneous IssuerMismatch?
 
|
In clean visual.im with HTTPS loaded, "trust a list of CAs provided by Mozilla" pem := (HttpClient get: 'http://curl.haxx.se/ca/cacert.pem') contents. bundle := CertificateFileReader new readFrom: pem readStream. X509Registry trustedCertificates addAll: bundle. "this shouldn't break?" HttpClient get: 'https://storage101.ord1.clouddrive.com'. Unhandled exception: Certificate Chain Invalid ! Security.X509.Certificate>>issuerMismatch: Security.X509.Certificate>>verifyIssuedBy: “using the same CA bundle with curl, things seem to work” C:\>curl -Iv --cacert cacert.bundle https://storage101.ord1.clouddrive.com * About to connect() to storage101.ord1.clouddrive.com port 443 (#0) * Trying 173.203.3.30... connected * Connected to storage101.ord1.clouddrive.com (173.203.3.30) port 443 (#0) * successfully set certificate verify locations: * CAfile: cacert.bundle CApath: none * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: O=storage101.ord1.clouddrive.com; OU=Go to https://www.thawte.com/repository/index.html; OU=Thawte SSL123 certificate; OU=Domain Validated; CN=storage101.ord1.clouddrive.com * start date: 2012-02-01 00:00:00 GMT * expire date: 2014-04-01 23:59:59 GMT * common name: storage101.ord1.clouddrive.com (matched) * issuer: C=US; O=Thawte, Inc.; OU=Domain Validated SSL; CN=Thawte DV SSL CA * SSL certificate verify ok. > HEAD / HTTP/1.1 > User-Agent: curl/7.21.7 (amd64-pc-win32) libcurl/7.21.7 OpenSSL/0.9.8r zlib/1.2.5 > Host: storage101.ord1.clouddrive.com > Accept: */* > < HTTP/1.1 404 Not Found HTTP/1.1 404 Not Found < Content-Type: text/html; charset=UTF-8 Content-Type: text/html; charset=UTF-8 < Content-Length: 0 Content-Length: 0 < X-Trans-Id: tx23b481a2d4254f44909d08e69c64f792 X-Trans-Id: tx23b481a2d4254f44909d08e69c64f792 < Date: Wed, 08 Feb 2012 02:14:42 GMT Date: Wed, 08 Feb 2012 02:14:42 GMT < * Connection #0 to host storage101.ord1.clouddrive.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): “using the same bundle with openssl, verify seems to return 1 for each element in the chain” C:\>openssl s_client -connect storage101.ord1.clouddrive.com:443 -CAfile cacert.bundle Loading 'screen' into random state - done CONNECTED(000001B0) depth=3 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=[hidden email] verify return:1 depth=2 /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA verify return:1 depth=1 /C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA verify return:1 depth=0 /O=storage101.ord1.clouddrive.com/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=storage101.ord1.clouddrive.com verify return:1 --- Certificate chain 0 s:/O=storage101.ord1.clouddrive.com/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=storage101.ord1.clouddrive.com i:/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA 1 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=[hidden email] 2 s:/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA --- Server certificate -----BEGIN CERTIFICATE----- MIIEWDCCA0CgAwIBAgIQbcMvAKu2rcdE6yj+2KljTDANBgkqhkiG9w0BAQUFADBe MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMVGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE b21haW4gVmFsaWRhdGVkIFNTTDEZMBcGA1UEAxMQVGhhd3RlIERWIFNTTCBDQTAe Fw0xMjAyMDEwMDAwMDBaFw0xNDA0MDEyMzU5NTlaMIHOMScwJQYDVQQKFB5zdG9y YWdlMTAxLm9yZDEuY2xvdWRkcml2ZS5jb20xOzA5BgNVBAsTMkdvIHRvIGh0dHBz Oi8vd3d3LnRoYXd0ZS5jb20vcmVwb3NpdG9yeS9pbmRleC5odG1sMSIwIAYDVQQL ExlUaGF3dGUgU1NMMTIzIGNlcnRpZmljYXRlMRkwFwYDVQQLExBEb21haW4gVmFs aWRhdGVkMScwJQYDVQQDFB5zdG9yYWdlMTAxLm9yZDEuY2xvdWRkcml2ZS5jb20w ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvAZWkLtaBTGLhEX2fVsaP ke1tgzrUqqzshOykWF16rOztDTUL3hPEVE04cvJxFfve9INufmbkGJaAbAD/wMKB XwDATLkdNe9b500PU66L9kaERrhv8DGvNYvpTboFHIJOfJflZYwRROmzqTpxVC8o mt2m8t/6hI8z7RtescgiCSY/WAPPdnMREGxXPJdX+uCJYFaHyJDnY6u/n9FVLQBf j9FQpc0m5MqupEj8Il7zKEOYr7NjptRL1SLjO9rlsRY0gFGynsWpv3OyIs85/Cmm Wm0CbEL9xAFZqBpY/cvWqYda0xc9XCmtOWLFhiIw4jCyLDGFV3HtgwlFtdGiR/+9 AgMBAAGjgaAwgZ0wDAYDVR0TAQH/BAIwADA6BgNVHR8EMzAxMC+gLaArhilodHRw Oi8vc3ZyLWR2LWNybC50aGF3dGUuY29tL1RoYXd0ZURWLmNybDAdBgNVHSUEFjAU BggrBgEFBQcDAQYIKwYBBQUHAwIwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAB hhZodHRwOi8vb2NzcC50aGF3dGUuY29tMA0GCSqGSIb3DQEBBQUAA4IBAQC5pkyX ppHOtUQg76frSPbvQJ06oc/D5/jmLEnu8wBf7/ZpDvHmoyCFGpN6UDEUEs3ZqB5v nv3c+TQYmUc0Sp8F+2AUEs4Nxj9gyf6cYiHzXXB3IzGlVwyFxiGy3yS2VmkTuY1o u7C2VIGhzLc4zTQep+3tds4hE0C2RpU8W1Sj9DPMfwPcU/V3EqHHiLgp6ytTzl+I JftjiLaIB7IsQVi2NJ+FHgtgzBt73sNiXjAKlrPCuz3mGatZ3dVKzy4a5O+NF4u2 VZrbztutxmjGHGi/BZWLZarZXefL7+Hm3WEVb8PQE4GxJxamRQr5VzrDULSm3pJv i048FF2LVbCqZ3/6 -----END CERTIFICATE----- subject=/O=storage101.ord1.clouddrive.com/OU=Go to https://www.thawte.com/repository/index.html/OU=Thawte SSL123 certificate/OU=Domain Validated/CN=storage101.ord1.clouddrive.com issuer=/C=US/O=Thawte, Inc./OU=Domain Validated SSL/CN=Thawte DV SSL CA --- No client certificate CA names sent --- SSL handshake has read 3547 bytes and written 435 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 77134256A326CA171CB05D08BA6EEA6B3B953A7E733678222433421C4E359C58 Session-ID-ctx: Master-Key: EEEED07F92B706C930ECAD2D2747D2C7FA210D4B7D5FC76A689F1A5EDDCE1FA1E97CB68804A72C262A89C43118F75029 Key-Arg : None Start Time: 1328667045 Timeout : 300 (sec) Verify return code: 0 (ok) --- -Boris Sr. Software Engineer DeepCove Labs 4th floor, 595 Howe Street Vancouver, BC V6C 2T5 Canada _______________________________________________ vwnc mailing list [hidden email] http://lists.cs.uiuc.edu/mailman/listinfo/vwnc |
cacert.bundle (290K) | Free forum by Nabble | Edit this page |