Thread: Openssl certs and the files in /etc/certs/common-ca
View Single Post
independent is offline independent
2014-12-04 , 19:25
Posts: 78 | Thanked: 84 times | Joined on Aug 2012
#1
Hello all.

Following on from the excellent thread with modest connecting with regards to / sslv3 / tlsv1..

I've been checking to see if openssl connects to various websites securely via the command line.

Code:
openssl s_client  -connect startpage.com:443 -prexit
This outputs the error:
Code:
Verify return code: 20 (unable to get local issuer certificate)
This request does not produce the error
Code:
openssl s_client -CApath /etc/certs/common-ca/ -connect startpage.com:443 -prexit
Which is understandable seeing as /etc/ssl/certs/ is empty except for a null bytes worth of a ca-certificates.crt file.

My reading of this is openssl cannot see the the directory with the ca-certificates in it.
What I have done to try and fix this (to no avail):
- I have tried editing the /etc/ssl/openssl.crt file.
- I have tried symlinking to the /etc/certs/common-ca in several different ways.
- Tried copying the files over.

The reason is I use a version of links-browser with ssl support compiled in. It seems to work but testing with the openssl commands doesn't seem to work. Any ideas?

-----

PS on a completely different note to remove sslv3 (POODLE vulnerability) support in the web browser. Change about:config and set this switch:
security.enable_ssl3 user set boolean false
Last edited by independent; 2014-12-04 at 19:38.