[gentoo-user-de] Cacert.org verification - gentoo-user-de

From:	Jan Kohnert <nospam001-lists@×××××××××××××.org>
To:	gentoo-user-de@l.g.o
Subject:	[gentoo-user-de] Cacert.org verification
Date:	Thu, 22 Jul 2010 02:04:00
Message-Id:	`201007220339.45420.nospam001-lists@jankoh.dyndns.org`

1

Hi,

2

3

ich habe gerade ein kleines Verständnisproblem. Cacert.org ist in den 

4

Zertifikaten von ca-certificates enthalten. Leider erhalte ich im Brwoser eine 

5

Warnung, das Cacert.org kein vertrauenwüdriges Zertifikat hätte. Kurzer Test 

6

fördert folgendes zu Tage:

7

8

kohni /etc/ssl # openssl s_client -crlf -connect www.cacert.org:443

9

CONNECTED(00000003)

10

depth=0 /C=AU/ST=NSW/L=Sydney/O=CAcert 

11

Inc./CN=www.cacert.org/emailAddress=support@××××××.org

12

verify error:num=20:unable to get local issuer certificate

13

verify return:1

14

depth=0 /C=AU/ST=NSW/L=Sydney/O=CAcert 

15

Inc./CN=www.cacert.org/emailAddress=support@××××××.org

16

verify error:num=27:certificate not trusted

17

verify return:1

18

depth=0 /C=AU/ST=NSW/L=Sydney/O=CAcert 

19

Inc./CN=www.cacert.org/emailAddress=support@××××××.org

20

verify error:num=21:unable to verify the first certificate

21

verify return:1

22

---

23

Certificate chain

24

 0 s:/C=AU/ST=NSW/L=Sydney/O=CAcert 

25

Inc./CN=www.cacert.org/emailAddress=support@××××××.org

26

   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing 

27

Authority/emailAddress=support@××××××.org

28

---

29

Server certificate

30

-----BEGIN CERTIFICATE-----

31

MIIFVzCCAz+gAwIBAgIDCKU1MA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv

32

b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ

33

Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y

34

dEBjYWNlcnQub3JnMB4XDTEwMDUxNDE0NTk0OFoXDTEyMDUxMzE0NTk0OFowfjEL

35

MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYD

36

VQQKEwtDQWNlcnQgSW5jLjEXMBUGA1UEAxMOd3d3LmNhY2VydC5vcmcxITAfBgkq

37

hkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD

38

ggEPADCCAQoCggEBAM3iqo3YIRO2BaAEEoZ/Ui8efBtl44PlQO71ubOvhc7lMU/W

39

SC/Vuw36z6O8WwvX2Lgx2gwYwJ94JvyHCAmNNQc0ohHHk7jNOeOieJKBX3kwCPnQ

40

SPQJpIZwR6gcpDsblEHADjq0Qugjdn5RTAg1v65xd8Y4yoalkETgtrncTZ1fkhpg

41

AVEYcx38JeLL3IHoDgTQH+M29XyIN2NJEnClkdoGftZlPCKEvd36T/kl6vrEm0Vy

42

ZV9orUAKG116J+Iwn+qFSgiz40gtDrpz9raEyixM72DqfY/4Gmgs1LrN19LEPu7u

43

IGvs/V8FqZ5twpfdctZq0iaq9fIGvWa1q9quvC0CAwEAAaOB4jCB3zAMBgNVHRMB

44

Af8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEFBQcDAQYJYIZIAYb4QgQB

45

BgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEFBQcBAQQnMCUwIwYIKwYB

46

BQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMFcGA1UdEQRQME6CDCouY2Fj

47

ZXJ0Lm9yZ4IKY2FjZXJ0Lm9yZ4IMKi5jYWNlcnQubmV0ggpjYWNlcnQubmV0ggwq

48

LmNhY2VydC5jb22CCmNhY2VydC5jb20wDQYJKoZIhvcNAQEFBQADggIBAErVgsd2

49

7hZsBSMG+BbCHN9PUbJYAg7JMNYiIaPIsZGFUbuYGyqlLye5muLtMxTHzBfXM25+

50

ECwYy9jLpkzW7qz1dC2Glx4h6Gh6+//Klwa7rJ7M9EFuhMogY23YbCJMC2m1gGtW

51

Wer3kgQBbRI3LxiIf7HYbIdWGEJ2d1R0QjKPgQLn3gh3b9A35nptBQu/Zk3M/JzO

52

WV4WWG8TomBfLvYuG+tntZCrRCvnFZqN/+68qK74VVFR/wpbdnu+AEX7j44xhnGl

53

Wvye0S3zKQHnf0L01nMA4HXj1Z8+TyMMUNENF3/Of4SdDUnyFYjmUQAhZ49PHw1A

54

prPKZ7fijE+twQlHTPniDndgtWRU/m4IQadost2tgpZPZHiwNWiSeEgMMwwthIpa

55

WvLJFmUipxyxkqVKmb6r8geqAiN9ScvPkKX4x157FgxFd5nQ4ZnTjZ8Zg0vQDHaF

56

rNpELfvyLHppUiwOGt5NJmoSKyeII5k+80eAL/2Tngi1vM2rCznebGYa3LC7UoIT

57

zjX4N3bAcuq3l9UaGeFSp5D8oGv29DNC7sMNRJXtlGcLtjXJgJzaBSb0bsh468ri

58

nU4UDmnslHE2LEOkaswkGpq+eaxH/Cp5eE/rh7m+vLxm1jcuUnqNiJ+MmLJXMbFr

59

G6GvDP69u3UJgK5X/P6+WgXFSGEDJWb8gxUO

60

-----END CERTIFICATE-----

61

subject=/C=AU/ST=NSW/L=Sydney/O=CAcert 

62

Inc./CN=www.cacert.org/emailAddress=support@××××××.org

63

issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing 

64

Authority/emailAddress=support@××××××.org

65

---

66

No client certificate CA names sent

67

---

68

SSL handshake has read 2031 bytes and written 343 bytes

69

---

70

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

71

Server public key is 2048 bit

72

Secure Renegotiation IS NOT supported

73

Compression: NONE

74

Expansion: NONE

75

SSL-Session:

76

    Protocol  : TLSv1

77

    Cipher    : DHE-RSA-AES256-SHA

78

    Session-ID: 

79

    Session-ID-ctx: 

80

    Master-Key: 

81

98AD9021BD3BA8AA6053BC6E7CCC88048E819F926285CF8396A40330D6EAA0A94024CC6DB8A255A9535B3AB6B8CFDB3C

82

    Key-Arg   : None

83

    Start Time: 1279762275

84

    Timeout   : 300 (sec)

85

    Verify return code: 21 (unable to verify the first certificate)

86

---

87

^C

88

kohni /etc/ssl #

89

kohni /etc/ssl # openssl s_client -crlf -CApath /etc/ssl/certs/ -connect 

90

www.cacert.org:443CONNECTED(00000003)

91

depth=1 /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing 

92

Authority/emailAddress=support@××××××.org

93

verify return:1

94

depth=0 /C=AU/ST=NSW/L=Sydney/O=CAcert 

95

Inc./CN=www.cacert.org/emailAddress=support@××××××.org

96

verify return:1

97

---

98

Certificate chain

99

 0 s:/C=AU/ST=NSW/L=Sydney/O=CAcert 

100

Inc./CN=www.cacert.org/emailAddress=support@××××××.org

101

   i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing 

102

Authority/emailAddress=support@××××××.org

103

---

104

Server certificate

105

-----BEGIN CERTIFICATE-----

106

MIIFVzCCAz+gAwIBAgIDCKU1MA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv

107

b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ

108

Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y

109

dEBjYWNlcnQub3JnMB4XDTEwMDUxNDE0NTk0OFoXDTEyMDUxMzE0NTk0OFowfjEL

110

MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYD

111

VQQKEwtDQWNlcnQgSW5jLjEXMBUGA1UEAxMOd3d3LmNhY2VydC5vcmcxITAfBgkq

112

hkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD

113

ggEPADCCAQoCggEBAM3iqo3YIRO2BaAEEoZ/Ui8efBtl44PlQO71ubOvhc7lMU/W

114

SC/Vuw36z6O8WwvX2Lgx2gwYwJ94JvyHCAmNNQc0ohHHk7jNOeOieJKBX3kwCPnQ

115

SPQJpIZwR6gcpDsblEHADjq0Qugjdn5RTAg1v65xd8Y4yoalkETgtrncTZ1fkhpg

116

AVEYcx38JeLL3IHoDgTQH+M29XyIN2NJEnClkdoGftZlPCKEvd36T/kl6vrEm0Vy

117

ZV9orUAKG116J+Iwn+qFSgiz40gtDrpz9raEyixM72DqfY/4Gmgs1LrN19LEPu7u

118

IGvs/V8FqZ5twpfdctZq0iaq9fIGvWa1q9quvC0CAwEAAaOB4jCB3zAMBgNVHRMB

119

Af8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEFBQcDAQYJYIZIAYb4QgQB

120

BgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEFBQcBAQQnMCUwIwYIKwYB

121

BQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMFcGA1UdEQRQME6CDCouY2Fj

122

ZXJ0Lm9yZ4IKY2FjZXJ0Lm9yZ4IMKi5jYWNlcnQubmV0ggpjYWNlcnQubmV0ggwq

123

LmNhY2VydC5jb22CCmNhY2VydC5jb20wDQYJKoZIhvcNAQEFBQADggIBAErVgsd2

124

7hZsBSMG+BbCHN9PUbJYAg7JMNYiIaPIsZGFUbuYGyqlLye5muLtMxTHzBfXM25+

125

ECwYy9jLpkzW7qz1dC2Glx4h6Gh6+//Klwa7rJ7M9EFuhMogY23YbCJMC2m1gGtW

126

Wer3kgQBbRI3LxiIf7HYbIdWGEJ2d1R0QjKPgQLn3gh3b9A35nptBQu/Zk3M/JzO

127

WV4WWG8TomBfLvYuG+tntZCrRCvnFZqN/+68qK74VVFR/wpbdnu+AEX7j44xhnGl

128

Wvye0S3zKQHnf0L01nMA4HXj1Z8+TyMMUNENF3/Of4SdDUnyFYjmUQAhZ49PHw1A

129

prPKZ7fijE+twQlHTPniDndgtWRU/m4IQadost2tgpZPZHiwNWiSeEgMMwwthIpa

130

WvLJFmUipxyxkqVKmb6r8geqAiN9ScvPkKX4x157FgxFd5nQ4ZnTjZ8Zg0vQDHaF

131

rNpELfvyLHppUiwOGt5NJmoSKyeII5k+80eAL/2Tngi1vM2rCznebGYa3LC7UoIT

132

zjX4N3bAcuq3l9UaGeFSp5D8oGv29DNC7sMNRJXtlGcLtjXJgJzaBSb0bsh468ri

133

nU4UDmnslHE2LEOkaswkGpq+eaxH/Cp5eE/rh7m+vLxm1jcuUnqNiJ+MmLJXMbFr

134

G6GvDP69u3UJgK5X/P6+WgXFSGEDJWb8gxUO

135

-----END CERTIFICATE-----

136

subject=/C=AU/ST=NSW/L=Sydney/O=CAcert 

137

Inc./CN=www.cacert.org/emailAddress=support@××××××.org

138

issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing 

139

Authority/emailAddress=support@××××××.org

140

---

141

No client certificate CA names sent

142

---

143

SSL handshake has read 2031 bytes and written 343 bytes

144

---

145

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

146

Server public key is 2048 bit

147

Secure Renegotiation IS NOT supported

148

Compression: NONE

149

Expansion: NONE

150

SSL-Session:

151

    Protocol  : TLSv1

152

    Cipher    : DHE-RSA-AES256-SHA

153

    Session-ID: 

154

    Session-ID-ctx: 

155

    Master-Key: 

156

AE3DBB6551AC437D845CE291F22DD1E10F7357256F9DA197749A0215F350D9E65065451D63CDC41AAE7615752A885E44

157

    Key-Arg   : None

158

    Start Time: 1279762313

159

    Timeout   : 300 (sec)

160

    Verify return code: 0 (ok)

161

---

162

^C

163

kohni /etc/ssl #

164

kohni /etc/ssl # eix ^openssl$

165

[I] dev-libs/openssl

166

     Available versions:  

167

        (0)     0.9.8o ~1.0.0a

168

        (0.9.8) ~0.9.8o-r1

169

        {bindist gmp kerberos rfc3779 sse2 test zlib}

170

     Installed versions:  0.9.8o(03:01:54 04.06.2010)(gmp sse2 zlib -bindist -

171

kerberos -test)

172

     Homepage:            http://www.openssl.org/

173

     Description:         Toolkit for SSL v2/v3 and TLS v1

174

175

kohni /etc/ssl # 

176

177

Prinzipiell geht es also, sofern openssl weiß, wo es die CA Zertifikate 

178

findet. Nur, wie sage ich ihm das automagisch? /etc/ssl/openssl.cnf ist nicht 

179

sehr hilfreich...

180

181

Welche Doku/Einstallung habe ich gerade übersehen?

182

183

--

184

MfG Jan

Gentoo Archives: gentoo-user-de

Attachments

1	Hi,
2
3	ich habe gerade ein kleines Verständnisproblem. Cacert.org ist in den
4	Zertifikaten von ca-certificates enthalten. Leider erhalte ich im Brwoser eine
5	Warnung, das Cacert.org kein vertrauenwüdriges Zertifikat hätte. Kurzer Test
6	fördert folgendes zu Tage:
7
8	kohni /etc/ssl # openssl s_client -crlf -connect www.cacert.org:443
9	CONNECTED(00000003)
10	depth=0 /C=AU/ST=NSW/L=Sydney/O=CAcert
11	Inc./CN=www.cacert.org/emailAddress=support@××××××.org
12	verify error:num=20:unable to get local issuer certificate
13	verify return:1
14	depth=0 /C=AU/ST=NSW/L=Sydney/O=CAcert
15	Inc./CN=www.cacert.org/emailAddress=support@××××××.org
16	verify error:num=27:certificate not trusted
17	verify return:1
18	depth=0 /C=AU/ST=NSW/L=Sydney/O=CAcert
19	Inc./CN=www.cacert.org/emailAddress=support@××××××.org
20	verify error:num=21:unable to verify the first certificate
21	verify return:1
22	---
23	Certificate chain
24	0 s:/C=AU/ST=NSW/L=Sydney/O=CAcert
25	Inc./CN=www.cacert.org/emailAddress=support@××××××.org
26	i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
27	Authority/emailAddress=support@××××××.org
28	---
29	Server certificate
30	-----BEGIN CERTIFICATE-----
31	MIIFVzCCAz+gAwIBAgIDCKU1MA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
32	b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
33	Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
34	dEBjYWNlcnQub3JnMB4XDTEwMDUxNDE0NTk0OFoXDTEyMDUxMzE0NTk0OFowfjEL
35	MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYD
36	VQQKEwtDQWNlcnQgSW5jLjEXMBUGA1UEAxMOd3d3LmNhY2VydC5vcmcxITAfBgkq
37	hkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD
38	ggEPADCCAQoCggEBAM3iqo3YIRO2BaAEEoZ/Ui8efBtl44PlQO71ubOvhc7lMU/W
39	SC/Vuw36z6O8WwvX2Lgx2gwYwJ94JvyHCAmNNQc0ohHHk7jNOeOieJKBX3kwCPnQ
40	SPQJpIZwR6gcpDsblEHADjq0Qugjdn5RTAg1v65xd8Y4yoalkETgtrncTZ1fkhpg
41	AVEYcx38JeLL3IHoDgTQH+M29XyIN2NJEnClkdoGftZlPCKEvd36T/kl6vrEm0Vy
42	ZV9orUAKG116J+Iwn+qFSgiz40gtDrpz9raEyixM72DqfY/4Gmgs1LrN19LEPu7u
43	IGvs/V8FqZ5twpfdctZq0iaq9fIGvWa1q9quvC0CAwEAAaOB4jCB3zAMBgNVHRMB
44	Af8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEFBQcDAQYJYIZIAYb4QgQB
45	BgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEFBQcBAQQnMCUwIwYIKwYB
46	BQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMFcGA1UdEQRQME6CDCouY2Fj
47	ZXJ0Lm9yZ4IKY2FjZXJ0Lm9yZ4IMKi5jYWNlcnQubmV0ggpjYWNlcnQubmV0ggwq
48	LmNhY2VydC5jb22CCmNhY2VydC5jb20wDQYJKoZIhvcNAQEFBQADggIBAErVgsd2
49	7hZsBSMG+BbCHN9PUbJYAg7JMNYiIaPIsZGFUbuYGyqlLye5muLtMxTHzBfXM25+
50	ECwYy9jLpkzW7qz1dC2Glx4h6Gh6+//Klwa7rJ7M9EFuhMogY23YbCJMC2m1gGtW
51	Wer3kgQBbRI3LxiIf7HYbIdWGEJ2d1R0QjKPgQLn3gh3b9A35nptBQu/Zk3M/JzO
52	WV4WWG8TomBfLvYuG+tntZCrRCvnFZqN/+68qK74VVFR/wpbdnu+AEX7j44xhnGl
53	Wvye0S3zKQHnf0L01nMA4HXj1Z8+TyMMUNENF3/Of4SdDUnyFYjmUQAhZ49PHw1A
54	prPKZ7fijE+twQlHTPniDndgtWRU/m4IQadost2tgpZPZHiwNWiSeEgMMwwthIpa
55	WvLJFmUipxyxkqVKmb6r8geqAiN9ScvPkKX4x157FgxFd5nQ4ZnTjZ8Zg0vQDHaF
56	rNpELfvyLHppUiwOGt5NJmoSKyeII5k+80eAL/2Tngi1vM2rCznebGYa3LC7UoIT
57	zjX4N3bAcuq3l9UaGeFSp5D8oGv29DNC7sMNRJXtlGcLtjXJgJzaBSb0bsh468ri
58	nU4UDmnslHE2LEOkaswkGpq+eaxH/Cp5eE/rh7m+vLxm1jcuUnqNiJ+MmLJXMbFr
59	G6GvDP69u3UJgK5X/P6+WgXFSGEDJWb8gxUO
60	-----END CERTIFICATE-----
61	subject=/C=AU/ST=NSW/L=Sydney/O=CAcert
62	Inc./CN=www.cacert.org/emailAddress=support@××××××.org
63	issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
64	Authority/emailAddress=support@××××××.org
65	---
66	No client certificate CA names sent
67	---
68	SSL handshake has read 2031 bytes and written 343 bytes
69	---
70	New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
71	Server public key is 2048 bit
72	Secure Renegotiation IS NOT supported
73	Compression: NONE
74	Expansion: NONE
75	SSL-Session:
76	Protocol : TLSv1
77	Cipher : DHE-RSA-AES256-SHA
78	Session-ID:
79	Session-ID-ctx:
80	Master-Key:
81	98AD9021BD3BA8AA6053BC6E7CCC88048E819F926285CF8396A40330D6EAA0A94024CC6DB8A255A9535B3AB6B8CFDB3C
82	Key-Arg : None
83	Start Time: 1279762275
84	Timeout : 300 (sec)
85	Verify return code: 21 (unable to verify the first certificate)
86	---
87	^C
88	kohni /etc/ssl #
89	kohni /etc/ssl # openssl s_client -crlf -CApath /etc/ssl/certs/ -connect
90	www.cacert.org:443CONNECTED(00000003)
91	depth=1 /O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
92	Authority/emailAddress=support@××××××.org
93	verify return:1
94	depth=0 /C=AU/ST=NSW/L=Sydney/O=CAcert
95	Inc./CN=www.cacert.org/emailAddress=support@××××××.org
96	verify return:1
97	---
98	Certificate chain
99	0 s:/C=AU/ST=NSW/L=Sydney/O=CAcert
100	Inc./CN=www.cacert.org/emailAddress=support@××××××.org
101	i:/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
102	Authority/emailAddress=support@××××××.org
103	---
104	Server certificate
105	-----BEGIN CERTIFICATE-----
106	MIIFVzCCAz+gAwIBAgIDCKU1MA0GCSqGSIb3DQEBBQUAMHkxEDAOBgNVBAoTB1Jv
107	b3QgQ0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZ
108	Q0EgQ2VydCBTaWduaW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9y
109	dEBjYWNlcnQub3JnMB4XDTEwMDUxNDE0NTk0OFoXDTEyMDUxMzE0NTk0OFowfjEL
110	MAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRQwEgYD
111	VQQKEwtDQWNlcnQgSW5jLjEXMBUGA1UEAxMOd3d3LmNhY2VydC5vcmcxITAfBgkq
112	hkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQAD
113	ggEPADCCAQoCggEBAM3iqo3YIRO2BaAEEoZ/Ui8efBtl44PlQO71ubOvhc7lMU/W
114	SC/Vuw36z6O8WwvX2Lgx2gwYwJ94JvyHCAmNNQc0ohHHk7jNOeOieJKBX3kwCPnQ
115	SPQJpIZwR6gcpDsblEHADjq0Qugjdn5RTAg1v65xd8Y4yoalkETgtrncTZ1fkhpg
116	AVEYcx38JeLL3IHoDgTQH+M29XyIN2NJEnClkdoGftZlPCKEvd36T/kl6vrEm0Vy
117	ZV9orUAKG116J+Iwn+qFSgiz40gtDrpz9raEyixM72DqfY/4Gmgs1LrN19LEPu7u
118	IGvs/V8FqZ5twpfdctZq0iaq9fIGvWa1q9quvC0CAwEAAaOB4jCB3zAMBgNVHRMB
119	Af8EAjAAMDQGA1UdJQQtMCsGCCsGAQUFBwMCBggrBgEFBQcDAQYJYIZIAYb4QgQB
120	BgorBgEEAYI3CgMDMAsGA1UdDwQEAwIFoDAzBggrBgEFBQcBAQQnMCUwIwYIKwYB
121	BQUHMAGGF2h0dHA6Ly9vY3NwLmNhY2VydC5vcmcvMFcGA1UdEQRQME6CDCouY2Fj
122	ZXJ0Lm9yZ4IKY2FjZXJ0Lm9yZ4IMKi5jYWNlcnQubmV0ggpjYWNlcnQubmV0ggwq
123	LmNhY2VydC5jb22CCmNhY2VydC5jb20wDQYJKoZIhvcNAQEFBQADggIBAErVgsd2
124	7hZsBSMG+BbCHN9PUbJYAg7JMNYiIaPIsZGFUbuYGyqlLye5muLtMxTHzBfXM25+
125	ECwYy9jLpkzW7qz1dC2Glx4h6Gh6+//Klwa7rJ7M9EFuhMogY23YbCJMC2m1gGtW
126	Wer3kgQBbRI3LxiIf7HYbIdWGEJ2d1R0QjKPgQLn3gh3b9A35nptBQu/Zk3M/JzO
127	WV4WWG8TomBfLvYuG+tntZCrRCvnFZqN/+68qK74VVFR/wpbdnu+AEX7j44xhnGl
128	Wvye0S3zKQHnf0L01nMA4HXj1Z8+TyMMUNENF3/Of4SdDUnyFYjmUQAhZ49PHw1A
129	prPKZ7fijE+twQlHTPniDndgtWRU/m4IQadost2tgpZPZHiwNWiSeEgMMwwthIpa
130	WvLJFmUipxyxkqVKmb6r8geqAiN9ScvPkKX4x157FgxFd5nQ4ZnTjZ8Zg0vQDHaF
131	rNpELfvyLHppUiwOGt5NJmoSKyeII5k+80eAL/2Tngi1vM2rCznebGYa3LC7UoIT
132	zjX4N3bAcuq3l9UaGeFSp5D8oGv29DNC7sMNRJXtlGcLtjXJgJzaBSb0bsh468ri
133	nU4UDmnslHE2LEOkaswkGpq+eaxH/Cp5eE/rh7m+vLxm1jcuUnqNiJ+MmLJXMbFr
134	G6GvDP69u3UJgK5X/P6+WgXFSGEDJWb8gxUO
135	-----END CERTIFICATE-----
136	subject=/C=AU/ST=NSW/L=Sydney/O=CAcert
137	Inc./CN=www.cacert.org/emailAddress=support@××××××.org
138	issuer=/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
139	Authority/emailAddress=support@××××××.org
140	---
141	No client certificate CA names sent
142	---
143	SSL handshake has read 2031 bytes and written 343 bytes
144	---
145	New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
146	Server public key is 2048 bit
147	Secure Renegotiation IS NOT supported
148	Compression: NONE
149	Expansion: NONE
150	SSL-Session:
151	Protocol : TLSv1
152	Cipher : DHE-RSA-AES256-SHA
153	Session-ID:
154	Session-ID-ctx:
155	Master-Key:
156	AE3DBB6551AC437D845CE291F22DD1E10F7357256F9DA197749A0215F350D9E65065451D63CDC41AAE7615752A885E44
157	Key-Arg : None
158	Start Time: 1279762313
159	Timeout : 300 (sec)
160	Verify return code: 0 (ok)
161	---
162	^C
163	kohni /etc/ssl #
164	kohni /etc/ssl # eix ^openssl$
165	[I] dev-libs/openssl
166	Available versions:
167	(0) 0.9.8o ~1.0.0a
168	(0.9.8) ~0.9.8o-r1
169	{bindist gmp kerberos rfc3779 sse2 test zlib}
170	Installed versions: 0.9.8o(03:01:54 04.06.2010)(gmp sse2 zlib -bindist -
171	kerberos -test)
172	Homepage: http://www.openssl.org/
173	Description: Toolkit for SSL v2/v3 and TLS v1
174
175	kohni /etc/ssl #
176
177	Prinzipiell geht es also, sofern openssl weiß, wo es die CA Zertifikate
178	findet. Nur, wie sage ich ihm das automagisch? /etc/ssl/openssl.cnf ist nicht
179	sehr hilfreich...
180
181	Welche Doku/Einstallung habe ich gerade übersehen?
182
183	--
184	MfG Jan