[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: problem while trying to fetch 0.2.1.8-alpha



     Thanks for your quick response.  I apologize for taking so long to get
back to this matter.  I was sidetracked at a most inopportune moment and then
had to deal with an amazing deluge of email in order to get back down near
my disk quota limit. :-}
     On Thu, 11 Dec 2008 12:57:49 -0800 coderman <coderman@xxxxxxxxx>
wrote:
>On Thu, Dec 11, 2008 at 11:35 AM, Scott Bennett <bennett@xxxxxxxxxx> wrote:
>>     I appear to be getting an SSL connection error when using wget(1) to
>> fetch 0.2.1.8-alpha using the links from the tor project's download page...
>
>is it possible you have an old openssl cacerts package without the
>newer ev signing and root ca's?

     Beats me.

>(you can tell wget to use an explicit trusted ca cert file if necessary)

     Okay.  I'll have to look that option up in the man page.
>
>does:
> openssl s_client -connect www.torproject.org:443 -showcerts
>
>indicate anything unusual during session negotiation?
>
     I've never used the openssl command before, so I guess I don't know
what is usual vs. unusual.  However, here's what I got.

Script started on Mon Dec 22 00:21:36 2008
[hellas] 95 % openssl s_client -connect www.torproject.org:443 -showcerts
CONNECTED(00000003)
depth=0 /C=US/O=*.torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps (c)08/OU=Domain Control Validated - RapidSSL(R)/CN=*.torproject.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/O=*.torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps (c)08/OU=Domain Control Validated - RapidSSL(R)/CN=*.torproject.org
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/O=*.torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps (c)08/OU=Domain Control Validated - RapidSSL(R)/CN=*.torproject.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/O=*.torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps (c)08/OU=Domain Control Validated - RapidSSL(R)/CN=*.torproject.org
   i:/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
-----BEGIN CERTIFICATE-----
MIIDTTCCAragAwIBAgIDCHFoMA0GCSqGSIb3DQEBBAUAMFoxCzAJBgNVBAYTAlVT
MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4
IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwHhcNMDgwNTE0MDIwMDI3WhcN
MDkwNTE1MDIwMDI3WjCBvDELMAkGA1UEBhMCVVMxGTAXBgNVBAoUECoudG9ycHJv
amVjdC5vcmcxEzARBgNVBAsTCkdUODY0ODc1MzAxMTAvBgNVBAsTKFNlZSB3d3cu
cmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMgKGMpMDgxLzAtBgNVBAsTJkRvbWFp
biBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlkU1NMKFIpMRkwFwYDVQQDFBAqLnRv
cnByb2plY3Qub3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3faNvvJ/u
loRBwWA4pJ9ALP6kAETWvO8tKV32Z8spi2qpYKCyVeCtjtbE0V6ITBXeErjYjG4H
6UEEoyNVWCG+ggXQFD0SDG0wtZi5WPODR3hjVbIoKpdu95jnUvrYyQIq4+iZoGqx
orlAwKG+TCcancaueC8Jv6j0QQfj+dQaiwIDAQABo4G9MIG6MA4GA1UdDwEB/wQE
AwIE8DAdBgNVHQ4EFgQUXFoXZgOamVjsEZjSG+2Z+aTWemUwOwYDVR0fBDQwMjAw
oC6gLIYqaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9nbG9iYWxjYTEuY3Js
MB8GA1UdIwQYMBaAFL6ooHRyUGtEt8kj2Puo/7NXa2hsMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBBAUAA4GB
AD9Ws2JO12+nEo9vYGx1ECqjmn+sM67FKosIUbQhO4ZpKA2EIRY/olseEO3Mb6Ge
Z4bJ77d1WabxBxf/SZhlldLG56Iuyfl0efprtm9AvCe7sadf0o9qGRl0bsfR/Fe+
wRtScgqiiFm1bQvSsc1g08NUyVAzeg3NreZd+lq/W7CG
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/O=*.torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps (c)08/OU=Domain Control Validated - RapidSSL(R)/CN=*.torproject.org
issuer=/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
---
No client certificate CA names sent
---
SSL handshake has read 1413 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 1B6EBF7D38C391520888E3BF085A0B663FEAE077443BB94EF24FB9A9CBBFE4D4
    Session-ID-ctx: 
    Master-Key: 208566510E8BAE89CE5A06AA60F79AB34484F4B9F24D9559928BFDB6C646941DEF7EF828549F8A80630FEF4CA1B94C05
    Key-Arg   : None
    Start Time: 1229926920
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
q
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www.torproject.org/";>here</a>.</p>
<hr>
<address>Apache Server at www.torproject.org Port 443</address>
</body></html>
closed
[hellas] 96 % exit
exit

Script done on Mon Dec 22 00:22:41 2008


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************