SSL is broken on FreeBSD
Frank J. Cameron
cameron at ctc.com
Wed Apr 6 13:33:34 UTC 2011
On Wed, 2011-04-06 at 01:45 -0400, jhell wrote:
> If you truss the command above before and after creating so said links
> in /usr/local/etc/ssl and in /etc/ssl youll see that there is no
> default
> CAfile or CApath searched for.
Interesting, thanks. I don't have a FreeBSD box around at present so my
guess was just from starting with s_client.c and reading through to the
Makefile.
> s_client(1)
> The s_client command implements a generic SSL/TLS client which
> connects to a remote host using SSL/TLS. It is a very useful
> diagnostic tool for SSL servers
> [...]
> Maybe there should be an emphasis on ``diagnostic''
Agreed. From openssl(1): "s_client ... It's intended for testing
purposes only..."
------------------------------------------------------------
This message and any files transmitted within are intended
solely for the addressee or its representative and may
contain company sensitive information. If you are not the
intended recipient, notify the sender immediately and delete
this message. Publication, reproduction, forwarding, or
content disclosure is prohibited without the consent of the
original sender and may be unlawful.
Concurrent Technologies Corporation and its Affiliates.
www.ctc.com 1-800-282-4392
------------------------------------------------------------
More information about the freebsd-security
mailing list