[openssl-users] [openssl-dev] [openssl.org #4166] Bug: OpenSSL 1.0.1l fails to verify SOME root CAs: error:num=20:unable to get local issuer certificate

Viktor Dukhovni openssl-users at dukhovni.org
Fri Dec 4 17:16:23 UTC 2015


[ Redirecting to openssl-users ]

On Fri, Dec 04, 2015 at 03:25:35PM +0000, Oliver Schonrock via RT wrote:

> To Reproduce:
> $ openssl s_client -connect api.textmarketer.co.uk:443
> depth=2 C = US, O = "thawte, Inc.", OU = Certification Services
> Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN =
> thawte Primary Root CA
> verify error:num=20:unable to get local issuer certificate
> ...

Despite the CN string, the certificate presented by that server on
the wire is not a root certificate.  See the attached chain.

        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server at thawte.com
        Validity
            Not Before: Nov 17 00:00:00 2006 GMT
            Not After : Dec 30 23:59:59 2020 GMT
        Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA

> The same command on FreeBSD 10.2 (OpenSSL 1.0.1p) results in:
> $ openssl s_client -connect api.textmarketer.co.uk:443
> depth=2 C = US, O = "thawte, Inc.", OU = Certification Services
> Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN =
> thawte Primary Root CA
> verify return:1

In 1.0.1p OpenSSL looks in the trust store before consulting the
provided chain.  You likely have a better Thawte certificate there
than the one sent by the server.

-- 
	Viktor.
-------------- next part --------------
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:b8:6b:cc:47:2f:b7:b0:d1:0e:15:eb:af:30:61:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL CA - G2
        Validity
            Not Before: May 25 00:00:00 2015 GMT
            Not After : Jul 23 23:59:59 2017 GMT
        Subject: CN=api.textmarketer.co.uk
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a6:ca:50:c1:29:ad:4d:da:26:ca:de:ac:8e:05:
                    ba:ff:00:ae:18:3f:02:ad:39:66:ec:f6:16:23:f0:
                    80:94:cc:8c:d5:96:9c:63:bc:50:63:07:8b:ad:d5:
                    86:09:cf:2a:ff:9a:ca:ae:0e:88:07:9b:32:7b:4e:
                    b0:12:a1:df:a9:02:b5:96:9c:61:55:17:30:79:14:
                    2c:38:ea:18:07:b4:a1:2d:40:a2:5d:62:0b:bd:67:
                    41:0e:c9:4e:a3:bd:bf:ce:03:ac:0f:ac:fc:a2:7c:
                    23:6b:05:ea:88:78:7e:c6:2c:ac:6f:8c:67:2b:6f:
                    15:c7:cb:a7:ad:2e:8c:27:2f:4f:02:92:1d:6d:72:
                    15:f7:5d:bf:55:be:53:57:c5:0c:38:29:33:a7:f0:
                    97:02:c9:00:88:0e:bc:7e:2e:23:37:3b:54:ce:98:
                    24:fd:6c:cd:5b:d4:5e:fe:c4:8b:60:0e:c6:54:63:
                    7c:d6:ad:91:eb:53:ce:d6:b6:77:9d:9e:fa:20:a7:
                    20:7f:2f:00:59:4b:af:50:09:f4:8a:61:58:3d:b3:
                    b8:ba:ce:79:a7:66:00:c3:a3:a5:a2:71:ab:b3:6e:
                    40:66:32:c4:b4:2b:b1:37:f5:0c:93:66:68:54:5c:
                    ba:35:ef:75:62:70:9a:2b:d3:8f:b4:de:3c:79:a4:
                    ea:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:api.textmarketer.co.uk
            X509v3 Basic Constraints: 
                CA:FALSE
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://tn.symcb.com/tn.crl

            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                  CPS: https://www.thawte.com/cps
                  User Notice:
                    Explicit Text: https://www.thawte.com/repository

            X509v3 Authority Key Identifier: 
                keyid:9F:B8:C1:A9:6C:F2:F5:C0:22:2A:94:ED:5C:99:AC:D4:EC:D7:C6:07

            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            Authority Information Access: 
                OCSP - URI:http://tn.symcd.com
                CA Issuers - URI:http://tn.symcb.com/tn.crt

    Signature Algorithm: sha256WithRSAEncryption
         84:85:37:ae:9c:6f:e8:3f:3b:3d:da:a4:a9:ff:ba:56:3d:ad:
         f9:bf:ea:8f:d8:9d:4b:35:ac:73:76:c4:f6:67:1b:c0:1f:fe:
         7e:3d:56:3b:70:e0:74:71:bd:0d:e0:cd:a7:03:61:8c:25:72:
         4c:6a:c2:db:d7:fd:14:7b:92:0a:8d:2b:0f:f7:c0:c2:0e:46:
         65:29:21:cf:b1:aa:ed:92:b0:db:e7:fe:54:de:fb:1a:a7:b0:
         61:14:fa:a6:14:ab:99:a3:26:8e:75:97:cf:de:fb:33:25:10:
         ef:23:da:91:14:d8:2a:d4:cf:0d:dc:e7:14:4b:9a:ed:31:34:
         e0:a1:7c:1e:2d:0f:e1:52:0d:83:3c:c8:eb:df:43:85:4b:96:
         03:e8:75:a6:46:9b:99:6e:02:e4:38:0b:9c:93:c2:8e:97:db:
         27:77:75:a6:e6:46:c1:02:bd:d4:14:a0:af:3e:f8:56:4f:94:
         0c:e6:d3:49:5e:67:c8:4c:be:75:a3:a5:8f:b6:6a:4c:3d:52:
         ab:24:ac:e5:69:5f:d7:fe:01:08:ce:24:7a:ad:0f:3c:6f:46:
         fe:b9:5a:2d:c5:37:00:5e:6b:40:ab:1b:61:7e:8c:13:df:8f:
         5c:e1:76:7e:73:e3:28:33:07:3b:31:81:03:fe:91:a2:ec:f5:
         99:95:56:ed
-----BEGIN CERTIFICATE-----
MIIEiDCCA3CgAwIBAgIQIbhrzEcvt7DRDhXrrzBhjzANBgkqhkiG9w0BAQsFADBj
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMuMR0wGwYDVQQLExRE
b21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3RlIERWIFNTTCBDQSAt
IEcyMB4XDTE1MDUyNTAwMDAwMFoXDTE3MDcyMzIzNTk1OVowITEfMB0GA1UEAxQW
YXBpLnRleHRtYXJrZXRlci5jby51azCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAKbKUMEprU3aJsrerI4Fuv8Arhg/Aq05Zuz2FiPwgJTMjNWWnGO8UGMH
i63VhgnPKv+ayq4OiAebMntOsBKh36kCtZacYVUXMHkULDjqGAe0oS1Aol1iC71n
QQ7JTqO9v84DrA+s/KJ8I2sF6oh4fsYsrG+MZytvFcfLp60ujCcvTwKSHW1yFfdd
v1W+U1fFDDgpM6fwlwLJAIgOvH4uIzc7VM6YJP1szVvUXv7Ei2AOxlRjfNatketT
zta2d52e+iCnIH8vAFlLr1AJ9IphWD2zuLrOeadmAMOjpaJxq7NuQGYyxLQrsTf1
DJNmaFRcujXvdWJwmivTj7TePHmk6sMCAwEAAaOCAXgwggF0MCEGA1UdEQQaMBiC
FmFwaS50ZXh0bWFya2V0ZXIuY28udWswCQYDVR0TBAIwADArBgNVHR8EJDAiMCCg
HqAchhpodHRwOi8vdG4uc3ltY2IuY29tL3RuLmNybDBuBgNVHSAEZzBlMGMGBmeB
DAECATBZMCYGCCsGAQUFBwIBFhpodHRwczovL3d3dy50aGF3dGUuY29tL2NwczAv
BggrBgEFBQcCAjAjDCFodHRwczovL3d3dy50aGF3dGUuY29tL3JlcG9zaXRvcnkw
HwYDVR0jBBgwFoAUn7jBqWzy9cAiKpTtXJms1OzXxgcwDgYDVR0PAQH/BAQDAgWg
MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBXBggrBgEFBQcBAQRLMEkw
HwYIKwYBBQUHMAGGE2h0dHA6Ly90bi5zeW1jZC5jb20wJgYIKwYBBQUHMAKGGmh0
dHA6Ly90bi5zeW1jYi5jb20vdG4uY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQCEhTeu
nG/oPzs92qSp/7pWPa35v+qP2J1LNaxzdsT2ZxvAH/5+PVY7cOB0cb0N4M2nA2GM
JXJMasLb1/0Ue5IKjSsP98DCDkZlKSHPsartkrDb5/5U3vsap7BhFPqmFKuZoyaO
dZfP3vszJRDvI9qRFNgq1M8N3OcUS5rtMTTgoXweLQ/hUg2DPMjr30OFS5YD6HWm
RpuZbgLkOAuck8KOl9snd3Wm5kbBAr3UFKCvPvhWT5QM5tNJXmfITL51o6WPtmpM
PVKrJKzlaV/X/gEIziR6rQ88b0b+uVotxTcAXmtAqxthfowT349c4XZ+c+MoMwc7
MYED/pGi7PWZlVbt
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:69:e1:2f:6a:67:0b:d9:9d:d2:0f:91:9e:f0:9e:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
        Validity
            Not Before: Jun 10 00:00:00 2014 GMT
            Not After : Jun  9 23:59:59 2024 GMT
        Subject: C=US, O=thawte, Inc., OU=Domain Validated SSL, CN=thawte DV SSL CA - G2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ea:94:07:85:c8:41:2c:f6:83:12:6c:92:5f:ab:
                    1f:00:d4:96:6f:74:cd:2e:11:e9:6c:0f:39:01:b9:
                    48:90:40:39:4d:c4:a2:c8:79:6a:a5:9a:bd:91:44:
                    65:77:54:ad:ff:25:5f:ee:42:fb:b3:02:0f:ea:5d:
                    7a:dd:1a:54:9e:d7:73:42:9b:cc:79:5f:c5:4d:f4:
                    b7:0b:18:39:20:7a:dd:50:01:5d:34:45:5f:4c:11:
                    0e:f5:87:26:26:b4:b0:f3:7e:71:a0:31:71:50:89:
                    68:5a:63:8a:14:62:e5:8c:3a:16:55:0d:3e:eb:aa:
                    80:1d:71:7a:e3:87:07:ab:bd:a2:74:cd:da:08:01:
                    9d:1b:cc:27:88:8c:47:d4:69:25:42:d6:bb:50:6d:
                    85:50:d0:48:82:0d:08:9f:e9:23:e3:42:c6:3c:98:
                    b8:bb:6e:c5:70:13:df:19:1d:01:fd:d2:b5:4e:e6:
                    62:f4:07:fa:6b:7d:11:77:c4:62:4f:40:4e:a5:78:
                    97:ab:2c:4d:0c:a7:7c:c3:c4:50:32:9f:d0:70:9b:
                    0f:ff:ff:75:59:34:85:ad:49:d5:35:ee:4f:5b:d4:
                    d4:36:95:a0:7e:e8:c5:a1:1c:bd:13:4e:7d:ee:63:
                    6a:96:19:99:c8:a7:2a:00:e6:51:8d:46:eb:30:58:
                    e8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Certificate Policies: 
                Policy: 2.16.840.1.113733.1.7.54
                  CPS: https://www.thawte.com/cps

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access: 
                OCSP - URI:http://t.symcd.com

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://t.symcb.com/ThawtePCA.crl

            X509v3 Subject Alternative Name: 
                DirName:/CN=SymantecPKI-1-698
            X509v3 Subject Key Identifier: 
                9F:B8:C1:A9:6C:F2:F5:C0:22:2A:94:ED:5C:99:AC:D4:EC:D7:C6:07
            X509v3 Authority Key Identifier: 
                keyid:7B:5B:45:CF:AF:CE:CB:7A:FD:31:92:1A:6A:B6:F3:46:EB:57:48:50

    Signature Algorithm: sha256WithRSAEncryption
         53:54:f2:47:a8:02:d7:ef:aa:35:78:be:4a:08:0d:90:18:4b:
         6d:9e:2a:53:2b:e9:54:17:77:74:29:7e:d0:37:07:05:b8:e4:
         fa:b8:b4:63:98:44:dc:c6:4f:81:06:8c:3a:be:c7:30:57:c6:
         70:fc:d6:93:19:9f:c3:55:d7:3e:1f:72:8a:9d:30:5a:35:97:
         32:cb:63:e4:c6:72:df:fb:68:ca:69:2f:db:cd:50:38:3e:2b:
         bb:ab:3b:82:c7:fd:4b:9b:bd:7c:41:98:ef:01:53:d8:35:8f:
         25:c9:03:06:e6:9c:57:c1:51:0f:9e:f6:7d:93:4d:f8:76:c8:
         3a:6b:f4:c4:8f:33:32:7f:9d:21:84:34:d9:a7:f9:92:fa:41:
         91:61:84:05:9d:a3:79:46:ce:67:e7:81:f2:5e:ac:4c:bc:a8:
         ab:6a:6d:15:e2:9c:4e:5a:d9:63:80:bc:f7:42:eb:9a:44:c6:
         8c:6b:06:36:b4:8b:32:89:de:c2:f1:a8:26:aa:a9:ac:ff:ea:
         71:a6:e7:8c:41:fa:17:35:bb:b3:87:31:a9:93:c2:c8:58:e1:
         0a:4e:95:83:9c:b9:ed:3b:a5:ef:08:e0:74:f9:c3:1b:e6:07:
         a3:ee:07:d7:42:22:79:21:a0:a1:d4:1d:26:d3:d0:d6:a6:5d:
         2b:41:c0:79
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIQLGnhL2pnC9md0g+RnvCeUTANBgkqhkiG9w0BAQsFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMTQwNjEwMDAwMDAwWhcNMjQw
NjA5MjM1OTU5WjBjMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhhd3RlLCBJbmMu
MR0wGwYDVQQLExREb21haW4gVmFsaWRhdGVkIFNTTDEeMBwGA1UEAxMVdGhhd3Rl
IERWIFNTTCBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
6pQHhchBLPaDEmySX6sfANSWb3TNLhHpbA85AblIkEA5TcSiyHlqpZq9kURld1St
/yVf7kL7swIP6l163RpUntdzQpvMeV/FTfS3Cxg5IHrdUAFdNEVfTBEO9YcmJrSw
835xoDFxUIloWmOKFGLljDoWVQ0+66qAHXF644cHq72idM3aCAGdG8wniIxH1Gkl
Qta7UG2FUNBIgg0In+kj40LGPJi4u27FcBPfGR0B/dK1TuZi9Af6a30Rd8RiT0BO
pXiXqyxNDKd8w8RQMp/QcJsP//91WTSFrUnVNe5PW9TUNpWgfujFoRy9E0597mNq
lhmZyKcqAOZRjUbrMFjoLQIDAQABo4IBOTCCATUwEgYDVR0TAQH/BAgwBgEB/wIB
ADBBBgNVHSAEOjA4MDYGCmCGSAGG+EUBBzYwKDAmBggrBgEFBQcCARYaaHR0cHM6
Ly93d3cudGhhd3RlLmNvbS9jcHMwDgYDVR0PAQH/BAQDAgEGMC4GCCsGAQUFBwEB
BCIwIDAeBggrBgEFBQcwAYYSaHR0cDovL3Quc3ltY2QuY29tMDEGA1UdHwQqMCgw
JqAkoCKGIGh0dHA6Ly90LnN5bWNiLmNvbS9UaGF3dGVQQ0EuY3JsMCkGA1UdEQQi
MCCkHjAcMRowGAYDVQQDExFTeW1hbnRlY1BLSS0xLTY5ODAdBgNVHQ4EFgQUn7jB
qWzy9cAiKpTtXJms1OzXxgcwHwYDVR0jBBgwFoAUe1tFz6/Oy3r9MZIaarbzRutX
SFAwDQYJKoZIhvcNAQELBQADggEBAFNU8keoAtfvqjV4vkoIDZAYS22eKlMr6VQX
d3QpftA3BwW45Pq4tGOYRNzGT4EGjDq+xzBXxnD81pMZn8NV1z4fcoqdMFo1lzLL
Y+TGct/7aMppL9vNUDg+K7urO4LH/UubvXxBmO8BU9g1jyXJAwbmnFfBUQ+e9n2T
Tfh2yDpr9MSPMzJ/nSGENNmn+ZL6QZFhhAWdo3lGzmfngfJerEy8qKtqbRXinE5a
2WOAvPdC65pExoxrBja0izKJ3sLxqCaqqaz/6nGm54xB+hc1u7OHMamTwshY4QpO
lYOcue07pe8I4HT5wxvmB6PuB9dCInkhoKHUHSbT0NamXStBwHk=
-----END CERTIFICATE-----

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:a6:be:80:b6:86:c6:2f:01:ed:0c:ab:b1:96:a1:05
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA/emailAddress=premium-server at thawte.com
        Validity
            Not Before: Nov 17 00:00:00 2006 GMT
            Not After : Dec 30 23:59:59 2020 GMT
        Subject: C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:ac:a0:f0:fb:80:59:d4:9c:c7:a4:cf:9d:a1:59:
                    73:09:10:45:0c:0d:2c:6e:68:f1:6c:5b:48:68:49:
                    59:37:fc:0b:33:19:c2:77:7f:cc:10:2d:95:34:1c:
                    e6:eb:4d:09:a7:1c:d2:b8:c9:97:36:02:b7:89:d4:
                    24:5f:06:c0:cc:44:94:94:8d:02:62:6f:eb:5a:dd:
                    11:8d:28:9a:5c:84:90:10:7a:0d:bd:74:66:2f:6a:
                    38:a0:e2:d5:54:44:eb:1d:07:9f:07:ba:6f:ee:e9:
                    fd:4e:0b:29:f5:3e:84:a0:01:f1:9c:ab:f8:1c:7e:
                    89:a4:e8:a1:d8:71:65:0d:a3:51:7b:ee:bc:d2:22:
                    60:0d:b9:5b:9d:df:ba:fc:51:5b:0b:af:98:b2:e9:
                    2e:e9:04:e8:62:87:de:2b:c8:d7:4e:c1:4c:64:1e:
                    dd:cf:87:58:ba:4a:4f:ca:68:07:1d:1c:9d:4a:c6:
                    d5:2f:91:cc:7c:71:72:1c:c5:c0:67:eb:32:fd:c9:
                    92:5c:94:da:85:c0:9b:bf:53:7d:2b:09:f4:8c:9d:
                    91:1f:97:6a:52:cb:de:09:36:a4:77:d8:7b:87:50:
                    44:d5:3e:6e:29:69:fb:39:49:26:1e:09:a5:80:7b:
                    40:2d:eb:e8:27:85:c9:fe:61:fd:7e:e6:7c:97:1d:
                    d5:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Certificate Policies: 
                Policy: X509v3 Any Policy
                  CPS: https://www.thawte.com/cps

            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            X509v3 Subject Key Identifier: 
                7B:5B:45:CF:AF:CE:CB:7A:FD:31:92:1A:6A:B6:F3:46:EB:57:48:50
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.thawte.com/ThawtePremiumServerCA.crl

            X509v3 Extended Key Usage: 
                Netscape Server Gated Crypto, 2.16.840.1.113733.1.8.1
            X509v3 Authority Key Identifier: 
                DirName:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server at thawte.com
                serial:01

    Signature Algorithm: sha1WithRSAEncryption
         2b:ca:12:c9:dd:d7:cc:63:1c:9b:31:35:4a:dd:e4:b7:f6:9d:
         d1:a4:fb:1e:f8:47:f9:ae:07:8e:0d:58:12:fb:da:ed:b5:cc:
         33:e5:97:68:47:61:42:d5:66:a9:6e:1e:47:bf:85:db:7d:58:
         d1:77:5a:cc:90:61:98:9a:29:f5:9d:b1:cf:b8:dc:f3:7b:80:
         47:48:d1:7d:f4:68:8c:c4:41:cb:b4:e9:fd:f0:23:e0:b1:9b:
         76:2a:6d:28:56:a3:8c:cd:e9:ec:21:00:71:f0:5f:dd:50:a5:
         69:42:1b:83:11:5d:84:28:d3:27:ae:ec:2a:ab:2f:60:42:c5:
         c4:78
-----BEGIN CERTIFICATE-----
MIIFUTCCBLqgAwIBAgIQX6a+gLaGxi8B7QyrsZahBTANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA2MTExNzAwMDAwMFoXDTIwMTIzMDIzNTk1OVow
gakxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwx0aGF3dGUsIEluYy4xKDAmBgNVBAsT
H0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24xODA2BgNVBAsTLyhjKSAy
MDA2IHRoYXd0ZSwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MR8wHQYD
VQQDExZ0aGF3dGUgUHJpbWFyeSBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEArKDw+4BZ1JzHpM+doVlzCRBFDA0sbmjxbFtIaElZN/wLMxnC
d3/MEC2VNBzm600JpxzSuMmXNgK3idQkXwbAzESUlI0CYm/rWt0RjSiaXISQEHoN
vXRmL2o4oOLVVETrHQefB7pv7un9Tgsp9T6EoAHxnKv4HH6JpOih2HFlDaNRe+68
0iJgDblbnd+6/FFbC6+Ysuku6QToYofeK8jXTsFMZB7dz4dYukpPymgHHRydSsbV
L5HMfHFyHMXAZ+sy/cmSXJTahcCbv1N9Kwn0jJ2RH5dqUsveCTakd9h7h1BE1T5u
KWn7OUkmHgmlgHtALevoJ4XJ/mH9fuZ8lx3VnQIDAQABo4IBzTCCAckwDwYDVR0T
AQH/BAUwAwEB/zA7BgNVHSAENDAyMDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0
cHM6Ly93d3cudGhhd3RlLmNvbS9jcHMwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQW
BBR7W0XPr87Lev0xkhpqtvNG61dIUDBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8v
Y3JsLnRoYXd0ZS5jb20vVGhhd3RlUHJlbWl1bVNlcnZlckNBLmNybDAgBgNVHSUE
GTAXBglghkgBhvhCBAEGCmCGSAGG+EUBCAEwgeUGA1UdIwSB3TCB2qGB1KSB0TCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tggEBMA0GCSqGSIb3DQEBBQUAA4GBACvKEsnd18xjHJsx
NUrd5Lf2ndGk+x74R/muB44NWBL72u21zDPll2hHYULVZqluHke/hdt9WNF3WsyQ
YZiaKfWdsc+43PN7gEdI0X30aIzEQcu06f3wI+Cxm3YqbShWo4zN6ewhAHHwX91Q
pWlCG4MRXYQo0yeu7CqrL2BCxcR4
-----END CERTIFICATE-----



More information about the openssl-users mailing list