Mailing List CGatePro@mail.stalker.com Message #100598
From: Josh Olson <jolson@communigate.com>
Subject: Re: TLS problem with huge acceptable client certs
Date: Thu, 2 Sep 2010 08:11:54 -0700
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.1081)
Hello Tamas,

The TLS handshake record in the current CGP implementation can not exceed 16384 bytes. This is enough for normal applications, but servers configured with large lists of certificates acceptable from clients may send larger handshake records. If the record is in excess of this value, TLS connections may fail.

This limit should be removed when CommuniGate Pro 5.4 is released later this year.

-Josh

On Sep 2, 2010, at 7:31 AM, Tamas Levente wrote:

> Hi,
> we are experiencing a problem that seems to be realted to a fact that CGP (5.3.8 and possibly all before that) only reads in 16k of cert on TLS negotiation. I attached the CGP log and the console openssl connection results, you can see CGP after read in 16k of data decides that the certificate is broken and wants to proceed with cleartext, but the remote side is still pushing the remaining part of the certificate hence the weird reply to our QUIT.
>  
> It should be easy to fix it, just read the cert to EOF or certsize , without size limit, or if you are affraid that it might get hacked, choose a little bigger buffer size, 64k-128k must do it. you can test it with postmaster@hoti.hu address.
>  
> 15:43:27.110 5 SMTP-088085() started
> 15:43:27.110 5 SMTP-088085(hoti.hu) processing
> 15:43:27.113 5 SMTP-088085(hoti.hu) 1 relay(s) found:mail.hoti.hu
> 15:43:27.113 4 SMTP-088085(hoti.hu) connecting [193.23.138.91]:65535 -> [195.70.35.118]:25
> 15:43:27.563 5 SMTP-088085(hoti.hu) inp: 220 mail2.netforum.hu ESMTP mail server ready. Wed, 25 Aug 2010 15:43:27 +0200
> 15:43:27.563 4 SMTP-088085(hoti.hu) connected to mail.hoti.hu [195.70.35.118]:25, ESMTP
> 15:43:27.563 5 SMTP-088085(hoti.hu) out: EHLO mail.tamisoft.com\r\n
> 15:43:27.564 5 SMTP-088085(hoti.hu ) inp: 250-mail2.netforum.hu Hello mail.tamisoft.com [193.23.138.91]
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-SIZE 15120000
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-8BITMIME
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-PIPELINING
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-AUTH PLAIN LOGIN
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250-STARTTLS
> 15:43:27.564 5 SMTP-088085(hoti.hu) inp: 250 HELP
> 15:43:27.564 4 SMTP-088085(hoti.hu) Connected. SIZE TLS AUTH
> 15:43:27.564 5 SMTP-088085(hoti.hu) out: STARTTLS\r\n
> 15:43:27.633 5 SMTP-088085(hoti.hu) inp: 220 TLS go ahead
> 15:43:27.633 5 SMTP-088085( hoti.hu) TLS out 22: (53) 01 00 00 31 03 00 42 33 38 34 30 30 30 30 31 33 45 30 37 44 31 39 36 39 30 45 39 35 30 43 45 44 42 36 45 42 42 45 00 00 0A 00 0A 00 05 00 04 00 03 00 06 01 00
> 15:43:27.634 5 SMTP-088085(hoti.hu) TLS inp 22: (74) 02 00 00 46 03 00 4C 75 1D FF E5 3A AC 7F D3 B7 80 88 DB 4F E4 F4 F1 BB 02 77 2F 46 3B 96 BB 91 BD 27 C6 87 56 39 20 A0 DC 76 70 D3 B6 59 FA 4A A2 0C 1A 7F 9C F2 6F 12 8B BB C9 C5 DE EA 3E 24 E7 F5 B4 35 B4 0C 6E 00 0A 00
> 15:43:27.634 2 TLS-069570 session created for SMTP-088085, v.0, method=DES3_SHA
> 15:43:27.634 4 SMTP-088085(hoti.hu) TLSv0 handshake: 'server_hello' processed; method=DES3_SHA, residual=0
> 15:43:27.634 5 SMTP-088085(hoti.hu) TLS inp 22: (447) 0B 00 01 BB 00 01 B8 00 01 B5 30 82 01 B1 30 82 01 1A 02 09 00 85 1D 4E 22 27 C7 17 DF 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 30 1D 31 1B 30 19 06 03 55 04 03 13 12 6D 61 69 6C 2D 61 2E 6E 65 74 66 6F 72 75 6D 2E 68 75 30 1E 17 0D 30 39 30 37 30 31 32 32 32 32 32 34 5A 17 0D 31 39 30 36 32 39 32 32 32 32 32 34 5A 30 1D 31 1B 30 19 06 03 55 04 03 13 12 6D 61 69 6C 2D 61 2E 6E 65 74 66 6F 72 75 6D 2E 68 75 30 81 9F 30 0D 06 09 2A 86 48
> 15:43:27.634 4 SMTP-088085(hoti.hu) TLSv0 inp(443): certificate
> 15:43:27.634 4 SMTP-088085(hoti.hu) TLS 1024-bit certificate read
> 15:43:27.637 5 SMTP-088085(hoti.hu) TLS inp 22: (16384) 0D 00 4B D6 02 01 02 4B D1 00 B7 30 81 B4 31 0B 30 09 06 03 55 04 06 13 02 42 52 31 13 30 11 06 03 55 04 0A 13 0A 49 43 50 2D 42 72 61 73 69 6C 31 3D 30 3B 06 03 55 04 0B 13 34 49 6E 73 74 69 74 75 74 6F 20 4E 61 63 69 6F 6E 61 6C 20 64 65 20 54 65 63 6E 6F 6C 6F 67 69 61 20 64 61 20 49 6E 66 6F 72 6D 61 63 61 6F 20 2D 20 49 54 49 31 11 30 0F 06 03 55 04 07 13 08 42 72 61 73 69 6C 69 61 31 0B 30 09 06 03 55 04 08 13 02 44 46 31 31 30 2F 06
> 15:43:27.637 3 SMTP-088085(hoti.hu) TLSv0 handshake: input record length 19414/16384 is incorrect
> 15:43:27.837 5 SMTP-088085( hoti.hu) TLS out 21: (2) 02 32
> 15:43:27.837 2 TLS-069570 session closed by SMTP-088085, refCount=1
> 15:43:27.837 3 SMTP-088085(hoti.hu) failed to establish a secure connection with [195.70.35.118]:25. Error Code=not a TLS handshake-type record
> 15:43:27.837 4 SMTP-088085(hoti.hu) [12883883] sending
> 15:43:27.837 5 SMTP-088085(hoti.hu) out: MAIL FROM:<levi@mail.tamisoft.com> SIZE=502\r\n
> 15:43:27.837 5 SMTP-088085(hoti.hu) inp: \003U\004\006\019\002PL1\0310\029\006\003U\004
> 15:43:27.837 1 SMTP-088085(hoti.hu) [12883883] return-path rejected, got:\003U\004\006\019\002PL1\0310\029\006\003U\004
> 15:43:27.837 5 SMTP-088085(hoti.hu) out: QUIT\r\n
> 15:43:27.837 5 SMTP-088085(hoti.hu) inp: \019\022TP Internet Sp. z o.o.1$0"\006\003U\004\011\019\027Centrum Certyfikacji Signet1\0310\029\006\003U\004\003\019\022CC Signet - CA Klasa 1
> 15:43:27.837 4 SMTP-088085(hoti.hu) closing connection
> 15:43:27.837 4 SMTP-088085(hoti.hu) releasing stream
>  
> This is how it looks like from CLI:
> openssl s_client -connect 195.70.35.118:25 -starttls smtp
> CONNECTED(00000003)
> depth=0 CN = mail-a.netforum.hu
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 CN = mail-a.netforum.hu
> verify return:1
> ---
> Certificate chain
> 0 s:/CN=mail-a.netforum.hu
> i:/CN=mail-a.netforum.hu
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIBsTCCARoCCQCFHU4iJ8cX3zANBgkqhkiG9w0BAQUFADAdMRswGQYDVQQDExJt
> YWlsLWEubmV0Zm9ydW0uaHUwHhcNMDkwNzAxMjIyMjI0WhcNMTkwNjI5MjIyMjI0
> WjAdMRswGQYDVQQDExJtYWlsLWEubmV0Zm9ydW0uaHUwgZ8wDQYJKoZIhvcNAQEB
> BQADgY0AMIGJAoGBALRsu1r3jkKxNkuEiHLRLt6zK5dXkWy+mv1OrZAF8ExiMLTb
> rExi70sgRuH149DdiQ/v95V75JGxwWZo+J8uzPWCdoybNWbSSOMgItlMkX+y93EF
> gIlXnvYxL14q6O+9AFj7Qte3PJW1v6ZYFqO5FyaJnGW/nHxK59bPyq2IwrPLAgMB
> AAEwDQYJKoZIhvcNAQEFBQADgYEAHsqSt+9Qa1jyU5jL7IhOXvlLcumUvyuf5w3O
> 6o4T976hx1jiaQBM0wjIbI9yig+PB0crHOCkQHTcfOV+rJksQ9lEMOrjq2IWaZ/U
> 5UDAuUTdhmSmI0VWXv1n7lgjOU0iM0nFSChB4BBvdPA0qvI0Z+5QMcN16sJtMwQ7
> Cox1wJI=
> -----END CERTIFICATE-----
> subject=/CN=mail-a.netforum.hu
> issuer=/CN= mail-a.netforum.hu
> ---
> Acceptable client certificate CA names
> /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/L=Brasilia/ST=DF/CN=Autoridade Certificadora Raiz Brasileira
> /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing Authority/emailAddress=support@cacert.org
> /O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
> /C=DE/ST=Hessen/L=Fulda/O=Debconf/CN=Debconf CA/emailAddress=joerg@debian.org
> /C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
> /C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@sgdn.pm.gouv.fr
> /C=US/ST=DC/L=Washington/O=ABA.ECOM, INC./CN=ABA.ECOM Root CA/emailAddress=admin@digsigtrust.com
> /C=US/O=AOL Time Warner Inc./OU=America Online Inc./CN=AOL Time Warner Root Certification Authority 1
> /C=US/O=AOL Time Warner Inc./OU=America Online Inc./CN=AOL Time Warner Root Certification Authority 2
> /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
> /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
> /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root
> /C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root
> /C=US/O=America Online Inc./CN=America Online Root Certification Authority 1
> /C=US/O=America Online Inc./CN=America Online Root Certification Authority 2
> /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
> /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO Certification Authority
> /C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root
> /C=EU/O=AC Camerfirma SA CIF A82743287/OU=http://www.chambersign.org/CN=Global Chambersign Root
> /C=FR/O=Certplus/CN=Class 2 Primary CA
> /C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
> /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
> /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure Certificate Services
> /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted Certificate Services
> /C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6
> /O=Digital Signature Trust Co./CN=DST Root CA X3
> /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
> /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
> /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
> /C=US/O=Digital Signature Trust Co./OU=DSTCA E1
> /C=us/ST=Utah/L=Salt Lake City/O=Digital Signature Trust Co./OU=DSTCA X1/CN=DST RootCA X1/emailAddress=ca@digsigtrust.com
> /C=US/O=Digital Signature Trust Co./OU=DSTCA E2
> /C=us/ST=Utah/L=Salt Lake City/O=Digital Signature Trust Co./OU=DSTCA X2/CN=DST RootCA X2/emailAddress=ca@digsigtrust.com
> /O=Entrust.net/OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Client Certification Authority
> /O=Entrust.net/OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
> /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)
> /C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab./OU=(c) 1999 Entrust.net Limited/CN= Entrust.net Client Certification Authority
> /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Authority
> /C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification Authority
> /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
> /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
> /C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1
> /C=US/O=Equifax Secure/OU=Equifax Secure eBusiness CA-2
> /C=ES/L=C/ Muntaner 244 Barcelona/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068/emailAddress=ca@firmaprofesional.com
> /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
> /C=US/O=GTE Corporation/CN=GTE CyberTrust Root
> /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
> /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2
> /C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
> /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
> /C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
> /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
> /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
> /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
> /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA CLASE1 Certification Authority/CN=IPS CA CLASE1 Certification Authority/emailAddress=ips@mail.ips.es
> /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA CLASE3 Certification Authority/CN=IPS CA CLASE3 Certification Authority/emailAddress=ips@mail.ips.es
> /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA CLASEA1 Certification Authority/CN=IPS CA CLASEA1 Certification Authority/emailAddress=ips@mail.ips.es
> /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA CLASEA3 Certification Authority/CN=IPS CA CLASEA3 Certification Authority/emailAddress= ips@mail.ips.es
> /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA Chained CAs Certification Authority/CN=IPS CA Chained CAs Certification Authority/emailAddress=ips@mail.ips.es
> /C=ES/ST=BARCELONA/L=BARCELONA/O=IPS Seguridad CA/OU=Certificaciones/CN=IPS SERVIDORES/emailAddress=ips@mail.ips.es
> /C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services s.l./O=ips@mail.ips.es C.I.F. B-60929452/OU=IPS CA Timestamping Certification Authority/CN=IPS CA Timestamping Certification Authority/emailAddress= ips@mail.ips.es
> /C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Uzleti (Class B) Tanusitvanykiado
> /C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Expressz (Class C) Tanusitvanykiado
> /C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
> /C=HU/L=Budapest/O=NetLock Halozatbiztonsagi Kft./OU=Tanusitvanykiadok/CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado/emailAddress=info@netlock.hu
> /C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root Certification Authority
> /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
> /C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3
> /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 3 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
> /O=RSA Security Inc/OU=RSA Security 1024 V3
> /O=RSA Security Inc/OU=RSA Security 2048 V3
> /C=US/O=SecureTrust Corporation/CN=SecureTrust CA
> /C=US/O=SecureTrust Corporation/CN=Secure Global CA
> /C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
> /C=FI/O=Sonera/CN=Sonera Class1 CA
> /C=FI/O=Sonera/CN=Sonera Class2 CA
> /C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA
> /C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
> /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
> /C=IL/ST=Israel/L=Eilat/O=StartCom Ltd./OU=CA Authority Dep./CN=Free SSL Certification Authority/emailAddress=admin@startcom.org
> /C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
> /C=CH/O=SwissSign AG/CN=SwissSign Platinum CA - G2
> /C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
> /C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1
> /C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks GmbH/OU=TC TrustCenter Class 2 CA/emailAddress=certificate@trustcenter.de
> /C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks GmbH/OU=TC TrustCenter Class 3 CA/emailAddress=certificate@trustcenter.de
> /C=DK/O=TDC Internet/OU=TDC Internet Root CA
> /C=DK/O=TDC/CN=TDC OCES CA
> /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005 T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
> /CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
> /C=TW/O=Government Root Certification Authority
> /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Basic CA/emailAddress=personal-basic@thawte.com
> /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Freemail CA/emailAddress=personal-freemail@thawte.com
> /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Premium CA/emailAddress=personal-premium@thawte.com
> /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com
> /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Server CA/emailAddress=server-certs@thawte.com
> /C=ZA/ST=Western Cape/L=Durbanville/O=Thawte/OU=Thawte Certification/CN=Thawte Timestamping CA
> /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU= http://www.usertrust.com/CN=UTN-USERFirst-Network Applications
> /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN - DATACorp SGC
> /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication and Email
> /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
> /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 1 Policy Validation Authority/CN= http://www.valicert.com//emailAddress=info@valicert.com
> /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
> /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
> /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
> /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
> /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 1 Public Primary Certification Authority - G3
> /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
> /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
> /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 2 Public Primary Certification Authority - G3
> /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
> /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
> /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
> /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
> /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 4 Public Primary Certification Authority - G3
> /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
> /O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)00/CN=VeriSign Time Stamping Authority CA
> /C=US/O=VISA/OU=Visa International Service Association/CN=GP Root 2
> /C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root
> /C=US/O=Wells Fargo/OU=Wells Fargo Certification Authority/CN=Wells Fargo Root Certificate Authority
> /C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp Global Certification Authority
> /O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA-Baltimore Implementation
> /C=WW/O=beTRUSTed/CN=beTRUSTed Root CAs/CN=beTRUSTed Root CA
> /O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA - Entrust Implementation
> /O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA - RSA Implementation
> /C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
> /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - CA Klasa 1
> /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - CA Klasa 2
> /C=PL/O=TP Internet Sp. z o.o./CN=CC Signet - CA Klasa 3/serialNumber=Numer wpisu: 4
> /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - OCSP Klasa 2
> /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - OCSP Klasa 3
> /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - PCA Klasa 2
> /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - PCA Klasa 3
> /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - RootCA
> /C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet - TSA Klasa 1
> /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certification Authority/emailAddress=hostmaster@spi-inc.org
> /C=US/ST=Indiana/L=Indianapolis/O=Software in the Public Interest/OU=hostmaster/CN=Certificate Authority/emailAddress=hostmaster@spi-inc.org
> /C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom Root CA 2
> /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO ECC Certification Authority
> /C=NL/O=DigiNotar/CN=DigiNotar Root CA/emailAddress=info@diginotar.nl
> /C=US/O=Network Solutions L.L.C./CN=Network Solutions Certificate Authority
> /C=US/O=Wells Fargo WellsSecure/OU=Wells Fargo Bank NA/CN=WellsSecure Public Root Certificate Authority
> ---
> SSL handshake has read 21021 bytes and written 486 bytes
> ---
> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
> Server public key is 1024 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
> Protocol : TLSv1
> Cipher : DHE-RSA-AES256-SHA
> Session-ID: 038238157B5D6594A668AF9F40769393C542E30D7B62AEB5F0B2B600252C9724
> Session-ID-ctx:
> Master-Key: BD5A789FF0D8F81C552EE73DDC480AA4EEA311F707254CD605291167E10F21B6B551D9E6979C40814251767985B0461E
> Key-Arg : None
> Krb5 Principal: None
> PSK identity: None
> PSK identity hint: None
> Start Time: 1282744555
> Timeout : 300 (sec)
> Verify return code: 18 (self signed certificate)
> ---
> 250 HELP
>  


Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster