[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor v0.2.1.23 dose not work in my windowsXP box and Tor v0.2.1.24 can not work in my Debain

Furthermore, I run "openssl s_client -connect IP:port" for the bridge may get a CONNECTED(00000003) and permenant hang, but I do it for bridges.torproject.org:443, after CONNECTED(00000003), I can get information like below immediately:
=================================================================
depth=0 /serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*.torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.torproject.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*.torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.torproject.org
verify error:num=27:certificate not trusted
verify return:1
depth=0 /serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*.torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.torproject.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*.torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.torproject.org
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDXTCCAsagAwIBAgIDD4pqMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTAwMjI1MDEzNzI5WhcNMTEwMjI3MDYyMDMw
WjCB5zEpMCcGA1UEBRMgYVVWdDJqcFlyVVNmdXFtN2xXT0Y4MXhHOUNGaDlyMS0x
CzAJBgNVBAYTAlVTMRkwFwYDVQQKFBAqLnRvcnByb2plY3Qub3JnMRMwEQYDVQQL
EwpHVDg2NDg3NTMwMTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNvbS9yZXNv
dXJjZXMvY3BzIChjKTEwMS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBWYWxpZGF0
ZWQgLSBSYXBpZFNTTChSKTEZMBcGA1UEAxQQKi50b3Jwcm9qZWN0Lm9yZzCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu/zFwQPQQ5znAF25kxcf1OGHUhdJExQB
svfi2kov0L/tqCw53++zJ5iQjIfTx+hbixEJIv+u6XDu9WKl1FtyZkV/CcrRp0oC
p07SDK1uRd09Chvws7MGJi4I+rcIzhu3tNDLXQHMcLjz5v+2cdnA/jKKWbeUatMd
uYSaTrM+09kCAwEAAaOBrjCBqzAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0OBBYEFJCL
ANJ+x/1iMVb4KTCYWWZiZJtuMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwu
Z2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsMB8GA1UdIwQYMBaAFEjmaPkr
0rKV10fYIyAQTzOYkJ/UMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAN
BgkqhkiG9w0BAQUFAAOBgQBk5qPU6HAByBgD5XMDtA2w/NLXEVm9o/xCtPBpfl7u
8LvnL/WqBPvHhH77V8dU7l73wbdqbe3eNHrm5xu7WxKVrBeq4qz5uoi2/vHEJ9/+
vGPpVMHzHMnUFpJWxoARy5dNp2QHSngOs8fCXvtNwb1d7iLn18oWPuk1bn6uMI9x
7w==
-----END CERTIFICATE-----
subject=/serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*.torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.torproject.org
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 1429 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 6C10366E7BB529BF9F4EAE5E851A1918E1634F79E36536812B4D5D12E14F2BB1
    Session-ID-ctx:
    Master-Key: 30F830369A5662636957D5E1AB733AE590F019A9A0245BC6DDB60D32521C022FFABD7C6BA30DE6B9C16D780398433492
    Key-Arg   : None
    Start Time: 1267331357
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
===============================================================
 
Best Regards
Brent

2010/2/28 Peng Zhou <zpbrent@xxxxxxxxx>
The result of "openssl s_client -connect IP:port" is CONNECTED(00000003)
 
And I can use Gmail via https successfully, I also can access https://bridges.torproject.org/ successfully too :-)

2010/2/28 Andrew Lewman <andrew@xxxxxxxxxxxxxx>

On 02/27/2010 09:41 AM, Peng Zhou wrote:
> Previously, I use the network from HongKong Polytechnical University
> (I don't know who is the ISP for HK PolyU), when I try to connect with Tor.
> via bridge 74.207.232.33:443, I have found its TCP handshaking works fine,
> but SSL handshaking is blocked (A packet for SSL client Hello is sent to
> 74.207.232.33, but the bridge never gives me reponse):

This could also mean the bridge is offline.  If you can "openssl
s_client -connect IP:port", does this work?

Is ssl to say, gmail, or taobao also messed up?

--
Andrew Lewman
The Tor Project
pgp 0x31B0974B

Website: https://torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/