A 2015-12-30 15:32,
fade...@openmailbox.org escrigué:
> _______________________________________________
> dev-security mailing list
>
dev-se...@lists.mozilla.org
>
https://lists.mozilla.org/listinfo/dev-security
I managed to get the certificate. Isn't everything alright? (I paste
also the session details as I haven't authenticated, and session is
already closed)
$ openssl s_client -host
openmailbox.org -port 143 -starttls imap
CONNECTED(00000003)
depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST
Network, CN = USERTrust RSA Certification Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=Gandi Standard Wildcard
SSL/CN=*.
openmailbox.org
i:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
1 s:/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
i:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST
Network/CN=USERTrust RSA Certification Authority
2 s:/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST
Network/CN=USERTrust RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIRAKUYW/IbPYJPkrlvnX6LLH0wDQYJKoZIhvcNAQELBQAw
XzELMAkGA1UEBhMCRlIxDjAMBgNVBAgTBVBhcmlzMQ4wDAYDVQQHEwVQYXJpczEO
MAwGA1UEChMFR2FuZGkxIDAeBgNVBAMTF0dhbmRpIFN0YW5kYXJkIFNTTCBDQSAy
MB4XDTE1MDgxMTAwMDAwMFoXDTE2MTExNTIzNTk1OVowZTEhMB8GA1UECxMYRG9t
YWluIENvbnRyb2wgVmFsaWRhdGVkMSQwIgYDVQQLExtHYW5kaSBTdGFuZGFyZCBX
aWxkY2FyZCBTU0wxGjAYBgNVBAMMESoub3Blbm1haWxib3gub3JnMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVHZzOaY5uUpFMPQy7XIXi7EUycuBt9W
l3IH1R/zLp54uxSdMh51GLK2B9AMozDtvlMsPl605h7cbF83w+ZwGIgZ/DD6IpEp
uLtpxjlITPRWoJTv3d3J0HBJMJcxVhbEHOcWVqq7I3A5QVnMk/DgA6snxweW+agl
4yhiJBSNvsEqN88bbpNzfUNJ9n7mvR6SpkNwFydwB32YUS+JcqStZkJHP80ky1Zz
RV0kQFkqkMicF7eKZPomZcRGEoqSLjKfqB1Qo99Wh8GCH0DcLHICxMszcCpjTJRe
LusOXP0K+th8wRFvAfkQPS1IwsJQACZllCDzWlnvMK/RLeYRf+U6BwIDAQABo4IB
tTCCAbEwHwYDVR0jBBgwFoAUs5Cn2MmvTs1hPJ98rV1/Qf1pMOowHQYDVR0OBBYE
FOz6aZvYWq5hit379t9zPsoseVzEMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8E
AjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBLBgNVHSAERDBCMDYG
CysGAQQBsjEBAgIaMCcwJQYIKwYBBQUHAgEWGWh0dHBzOi8vY3BzLnVzZXJ0cnVz
dC5jb20wCAYGZ4EMAQIBMEEGA1UdHwQ6MDgwNqA0oDKGMGh0dHA6Ly9jcmwudXNl
cnRydXN0LmNvbS9HYW5kaVN0YW5kYXJkU1NMQ0EyLmNybDBzBggrBgEFBQcBAQRn
MGUwPAYIKwYBBQUHMAKGMGh0dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9HYW5kaVN0
YW5kYXJkU1NMQ0EyLmNydDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRy
dXN0LmNvbTAtBgNVHREEJjAkghEqLm9wZW5tYWlsYm94Lm9yZ4IPb3Blbm1haWxi
b3gub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQB/3w+VH18iq+e4dhwc9y1YHx7Paqfh
IpMY+1I0RaxLGZmymjti2/e+npxOsq9MTTJ/SmiHSB+l3qGthDi+yCQVm1hYj+72
FSGX6JzJyJWUnSMhdHvb+f/WOp8m9lBY3Gb/EAIB/r798eMDo+5LHGdOjSFH9oz1
yFIFmI9Pt2B62G62G+bvfdSp4Iqimi5pssqhhIGGaCR1YwH1R+H/BVJ81LNZTX5Z
9bPXKLjKA6uDKZ2TyfBBD8oMPzEz4jZq5yIEwVGjIn0d5o+3gG3zKsBeYEbI8n2m
5WaGmXeDg+4brh9QpFccHs64smYOa15QwOEfvaVXw8w/MXzDLkOT1oqk
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=Gandi Standard Wildcard
SSL/CN=*.
openmailbox.org
issuer=/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
---
Acceptable client certificate CA names
/C=FR/ST=Paris/L=Paris/O=Gandi/CN=Gandi Standard SSL CA 2
/C=US/ST=New Jersey/L=Jersey City/O=The USERTRUST Network/CN=USERTrust
RSA Certification Authority
---
SSL handshake has read 5535 bytes and written 491 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
4A8BC83262C264F42F4305518B4A6CA5D57A2EDE834762BA262065C32809EF1F
Session-ID-ctx:
Master-Key:
37B62EC2FD4EC4BEB0B763164642335624862CBDCCD9A142955E0542D8196D1A021152CE17BD79B989D3B7B622BFF644
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - bd 84 d3 cc 8e c9 b4 3c-2a e2 44 20 21 e9 47 f6 .......<*.D
!.G.
0010 - 27 9f df e9 68 28 d0 83-3c d7 e6 2b 63 78 11 2b
'...h(..<..+cx.+
0020 - 14 f9 0a eb 44 c6 34 64-12 b6 00 0c 56 17 cb 66
....D.4d....V..f
0030 - 22 94 d1 15 3e c3 a8 c8-b4 a2 6e 40 c3 5c ab 8f
"...>.....n@.\..
0040 - fa 2b 0e 31 21 4d 22 fe-59 42 2d 42 95 eb 78 08
.+.1!M".YB-B..x.
0050 - 15 0a 1e 72 dc da 2f e1-38 15 b1 ed 41 65 b1 77
...r../.8...Ae.w
0060 - df d0 8a 46 42 f7 bc b5-ac 87 1a 56 b5 13 9a d8
...FB......V....
0070 - bd fe 06 16 7d 4b e1 e4-6d d5 32 3f a8 ec af be
....}K..m.2?....
0080 - d5 b0 1b aa 49 82 2c 9e-bf 99 98 41 1d 25 09 c8
....I.,....A.%..
0090 - 9a 85 68 6c c7 bb 5c b8-22 83 27 05 03 92 b6 81
..hl..\.".'.....
Start Time: 1451486515
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---