[exim] Debian upgrades and TLS AUTH not working for some cli…

Pàgina inicial
Delete this message
Reply to this message
Autor: Ernie Dunbar
Data:  
A: exim-users
Assumpte: [exim] Debian upgrades and TLS AUTH not working for some clients.
On our outgoing mail server, we've recently upgraded to Debian Squeeze
(stable), and we're having some odd issues with TLS authentication. I
suspect it may be an issue with OpenSSL, or maybe my tinkering with TLS
after the fact to try to get things working again. However, I've gone over
Exim's configuration with a fine-toothed comb and gone through the
original configuration checklist for authentication through TLS, and some
clients are still having problems.

The specific problem we're having is that Gnome Evolution, Mozilla
Thunderbird, and Eudora refuse to authenticate with TLS. Outlook and
Outlook Express appear to not have a problem, and that represents the bulk
of the clients connecting to the server, but the other clients use SSL
properly.

Thunderbird for example, produces the error message "An error occurred
during a connection to <hostname>:25. Peer's public key is invalid. (Error
code: sec_error_bad_key)" when I try connecting with STARTTLS and
Encrypted passwords. For the life of me, I can find no reference to the
use of public keys in the Exim configuration, and OpenSSL doesn't use them
anymore, instead including the public key as part of the private key, and
using an intermediate CA certificate.

Other tests I've done:

I can use swaks to successfully authenticate:

$ swaks -s smtp.lightspeed.ca -p 25 --ehlo office.lightspeed.ca -au
<myuser> -ap <mypass> -t <myaddress> -f <myaddress>

=== Trying smtp.lightspeed.ca:25...
=== Connected to smtp.lightspeed.ca.
<- 220 ns2.lightspeed.ca ESMTP Exim 4.72 Thu, 31 Mar 2011 08:52:20 -0700
-> EHLO office.lightspeed.ca
<- 250-ns2.lightspeed.ca Hello office.lightspeed.ca [65.110.29.154]
<- 250-SIZE 52428800
<- 250-PIPELINING
<- 250-AUTH PLAIN LOGIN
<- 250-STARTTLS
<- 250 HELP
-> AUTH LOGIN
<- 334 <encrypted>
-> <encrypted>
<- 334 <encrypted>
-> <encrypted>
<- 235 Authentication succeeded
-> MAIL FROM:<myaddress>
<- 250 OK
-> RCPT TO:<myaddress>
<- 250 Accepted
-> DATA
<- 354 Enter message, ending with "." on a line by itself
-> Date: Thu, 31 Mar 2011 08:52:15 -0699
-> To: <myaddress>
-> From: <myaddress>
-> Subject: test Thu, 31 Mar 2011 08:52:15 -0699
-> X-Mailer: swaks v20100211.0 jetmore.org/john/code/swaks/
->
-> This is a test mailing
->
-> .
<- 250 OK id=1Q5KAW-0005Ep-TX
-> QUIT
<- 221 ns2.lightspeed.ca closing connection
=== Connection closed with remote host.

As you can see here, the Exim server is offering STARTTLS and the PLAIN
and LOGIN authentication methods. And the authentication works.

If I try the OpenSSL method, the connection fails:


$ openssl s_client -starttls smtp -crlf -connect smtp.lightspeed.ca:25
CONNECTED(00000003)
depth=0
/serialNumber=EGKZzrdW-EpuM5jI3QaVFSdRqKZSh4QW/C=CA/O=ns2.lightspeed.ca/OU=GT90526192/OU=See
www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated -
QuickSSL(R)/CN=ns2.lightspeed.ca
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
/serialNumber=EGKZzrdW-EpuM5jI3QaVFSdRqKZSh4QW/C=CA/O=ns2.lightspeed.ca/OU=GT90526192/OU=See
www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated -
QuickSSL(R)/CN=ns2.lightspeed.ca
verify error:num=27:certificate not trusted
verify return:1
depth=0
/serialNumber=EGKZzrdW-EpuM5jI3QaVFSdRqKZSh4QW/C=CA/O=ns2.lightspeed.ca/OU=GT90526192/OU=See
www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated -
QuickSSL(R)/CN=ns2.lightspeed.ca
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0
s:/serialNumber=EGKZzrdW-EpuM5jI3QaVFSdRqKZSh4QW/C=CA/O=ns2.lightspeed.ca/OU=GT90526192/OU=See
www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated -
QuickSSL(R)/CN=ns2.lightspeed.ca
   i:/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
---
Server certificate
-----BEGIN CERTIFICATE-----
<certificate>
-----END CERTIFICATE-----
subject=/serialNumber=EGKZzrdW-EpuM5jI3QaVFSdRqKZSh4QW/C=CA/O=ns2.lightspeed.ca/OU=GT90526192/OU=See
www.geotrust.com/resources/cps (c)11/OU=Domain Control Validated -
QuickSSL(R)/CN=ns2.lightspeed.ca
issuer=/C=US/O=GeoTrust Inc./OU=Domain Validated SSL/CN=GeoTrust DV SSL CA
---
Acceptable client certificate CA names
/C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao -
ITI/L=Brasilia/ST=DF/CN=Autoridade Certificadora Raiz Brasileira
/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
Authority/emailAddress=support@???
/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
/O=CAcert Inc./OU=http://www.CAcert.org/CN=CAcert Class 3 Root
/O=Root CA/OU=http://www.cacert.org/CN=CA Cert Signing
Authority/emailAddress=support@???
/C=DE/ST=Hessen/L=Fulda/O=Debconf/CN=Debconf CA/emailAddress=joerg@???
/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@???
/C=FR/ST=France/L=Paris/O=PM/SGDN/OU=DCSSI/CN=IGC/A/emailAddress=igca@???
/C=US/ST=DC/L=Washington/O=ABA.ECOM, INC./CN=ABA.ECOM Root
CA/emailAddress=admin@???
/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External
CA Root
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Class 1 CA Root
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Public CA Root
/C=SE/O=AddTrust AB/OU=AddTrust TTP Network/CN=AddTrust Qualified CA Root
/C=US/O=America Online Inc./CN=America Online Root Certification Authority 1
/C=US/O=America Online Inc./CN=America Online Root Certification Authority 2
/C=US/O=AOL Time Warner Inc./OU=America Online Inc./CN=AOL Time Warner
Root Certification Authority 1
/C=US/O=AOL Time Warner Inc./OU=America Online Inc./CN=AOL Time Warner
Root Certification Authority 2
/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
/O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA-Baltimore
Implementation
/C=WW/O=beTRUSTed/CN=beTRUSTed Root CAs/CN=beTRUSTed Root CA
/O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA - Entrust
Implementation
/O=beTRUSTed/OU=beTRUSTed Root CAs/CN=beTRUSTed Root CA - RSA Implementation
/C=EU/O=AC Camerfirma SA CIF
A82743287/OU=http://www.chambersign.org/CN=Chambers of Commerce Root
/C=EU/O=AC Camerfirma SA CIF
A82743287/OU=http://www.chambersign.org/CN=Global Chambersign Root
/C=FR/O=Certplus/CN=Class 2 Primary CA
/C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA
Certificate Services
/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO
Certification Authority
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Secure
Certificate Services
/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=Trusted
Certificate Services
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Assured ID Root CA
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV
Root CA
/C=US/O=Digital Signature Trust Co./OU=DSTCA E1
/C=us/ST=Utah/L=Salt Lake City/O=Digital Signature Trust Co./OU=DSTCA
X1/CN=DST RootCA X1/emailAddress=ca@???
/C=US/O=Digital Signature Trust Co./OU=DSTCA E2
/C=us/ST=Utah/L=Salt Lake City/O=Digital Signature Trust Co./OU=DSTCA
X2/CN=DST RootCA X2/emailAddress=ca@???
/C=US/O=Digital Signature Trust/OU=DST ACES/CN=DST ACES CA X6
/O=Digital Signature Trust Co./CN=DST Root CA X3
/O=Entrust.net/OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits
liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Client Certification
Authority
/O=Entrust.net/OU=www.entrust.net/SSL_CPS incorp. by ref. (limits
liab.)/OU=(c) 2000 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification
Authority (2048)
/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref.
limits liab./OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Client
Certification Authority
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
/C=US/O=Entrust, Inc./OU=www.entrust.net/CPS is incorporated by
reference/OU=(c) 2006 Entrust, Inc./CN=Entrust Root Certification
Authority
/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
/C=US/O=Equifax Secure Inc./CN=Equifax Secure eBusiness CA-1
/C=US/O=Equifax Secure/OU=Equifax Secure eBusiness CA-2
/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
/C=ES/L=C/ Muntaner 244 Barcelona/CN=Autoridad de Certificacion
Firmaprofesional CIF A62634068/emailAddress=ca@???
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 2
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Primary Certification Authority
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA 2
/C=US/O=GeoTrust Inc./CN=GeoTrust Universal CA
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE
CyberTrust Global Root
/C=US/O=GTE Corporation/CN=GTE CyberTrust Root
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services
s.l./O=ips@??? C.I.F.  B-60929452/OU=IPS CA Chained CAs
Certification Authority/CN=IPS CA Chained CAs Certification
Authority/emailAddress=ips@???
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services
s.l./O=ips@??? C.I.F.  B-60929452/OU=IPS CA CLASE1 Certification
Authority/CN=IPS CA CLASE1 Certification
Authority/emailAddress=ips@???
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services
s.l./O=ips@??? C.I.F.  B-60929452/OU=IPS CA CLASE3 Certification
Authority/CN=IPS CA CLASE3 Certification
Authority/emailAddress=ips@???
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services
s.l./O=ips@??? C.I.F.  B-60929452/OU=IPS CA CLASEA1 Certification
Authority/CN=IPS CA CLASEA1 Certification
Authority/emailAddress=ips@???
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services
s.l./O=ips@??? C.I.F.  B-60929452/OU=IPS CA CLASEA3 Certification
Authority/CN=IPS CA CLASEA3 Certification
Authority/emailAddress=ips@???
/C=ES/ST=BARCELONA/L=BARCELONA/O=IPS Seguridad
CA/OU=Certificaciones/CN=IPS SERVIDORES/emailAddress=ips@???
/C=ES/ST=Barcelona/L=Barcelona/O=IPS Internet publishing Services
s.l./O=ips@??? C.I.F.  B-60929452/OU=IPS CA Timestamping
Certification Authority/CN=IPS CA Timestamping Certification
Authority/emailAddress=ips@???
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi
Kft./OU=Tanusitvanykiadok/CN=NetLock Uzleti (Class B) Tanusitvanykiado
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi
Kft./OU=Tanusitvanykiadok/CN=NetLock Expressz (Class C) Tanusitvanykiado
/C=HU/ST=Hungary/L=Budapest/O=NetLock Halozatbiztonsagi
Kft./OU=Tanusitvanykiadok/CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado
/C=HU/L=Budapest/O=NetLock Halozatbiztonsagi
Kft./OU=Tanusitvanykiadok/CN=NetLock Minositett Kozjegyzoi (Class QA)
Tanusitvanykiado/emailAddress=info@???
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 2
/C=BM/O=QuoVadis Limited/CN=QuoVadis Root CA 3
/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root
Certification Authority
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 3 Policy
Validation
Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
/O=RSA Security Inc/OU=RSA Security 1024 V3
/O=RSA Security Inc/OU=RSA Security 2048 V3
/C=US/O=SecureTrust Corporation/CN=Secure Global CA
/C=US/O=SecureTrust Corporation/CN=SecureTrust CA
/C=JP/O=SECOM Trust.net/OU=Security Communication RootCA1
/C=FI/O=Sonera/CN=Sonera Class1 CA
/C=FI/O=Sonera/CN=Sonera Class2 CA
/C=NL/O=Staat der Nederlanden/CN=Staat der Nederlanden Root CA
/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification
Authority
/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom
Certification Authority
/C=IL/ST=Israel/L=Eilat/O=StartCom Ltd./OU=CA Authority Dep./CN=Free SSL
Certification Authority/emailAddress=admin@???
/C=ch/O=Swisscom/OU=Digital Certificate Services/CN=Swisscom Root CA 1
/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
/C=CH/O=SwissSign AG/CN=SwissSign Platinum CA - G2
/C=CH/O=SwissSign AG/CN=SwissSign Silver CA - G2
/C=TW/O=Government Root Certification Authority
/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks
GmbH/OU=TC TrustCenter Class 2 CA/emailAddress=certificate@???
/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data Networks
GmbH/OU=TC TrustCenter Class 3 CA/emailAddress=certificate@???
/C=DK/O=TDC Internet/OU=TDC Internet Root CA
/C=DK/O=TDC/CN=TDC OCES CA
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification
Services Division/CN=Thawte Personal Basic
CA/emailAddress=personal-basic@???
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification
Services Division/CN=Thawte Personal Freemail
CA/emailAddress=personal-freemail@???
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification
Services Division/CN=Thawte Personal Premium
CA/emailAddress=personal-premium@???
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification
Services Division/CN=Thawte Premium Server
CA/emailAddress=premium-server@???
/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006
thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification
Services Division/CN=Thawte Server CA/emailAddress=server-certs@???
/C=ZA/ST=Western Cape/L=Durbanville/O=Thawte/OU=Thawte
Certification/CN=Thawte Timestamping CA
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet
Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=ANKARA/O=(c) 2005
T\xC3\x9CRKTRUST Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim
G\xC3\xBCvenli\xC4\x9Fi Hizmetleri A.\xC5\x9E.
/CN=T\xC3\x9CRKTRUST Elektronik Sertifika Hizmet
Sa\xC4\x9Flay\xC4\xB1c\xC4\xB1s\xC4\xB1/C=TR/L=Ankara/O=T\xC3\x9CRKTRUST
Bilgi \xC4\xB0leti\xC5\x9Fim ve Bili\xC5\x9Fim G\xC3\xBCvenli\xC4\x9Fi
Hizmetleri A.\xC5\x9E. (c) Kas\xC4\xB1m 2005
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
Network/OU=http://www.usertrust.com/CN=UTN - DATACorp SGC
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Client Authentication
and Email
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Network Applications
/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST
Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Object
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 1 Policy
Validation
Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy
Validation
Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust
Network
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign,
Inc. - For authorized use only/CN=VeriSign Class 1 Public Primary
Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust
Network
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign,
Inc. - For authorized use only/CN=VeriSign Class 2 Public Primary
Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust
Network
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign,
Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary
Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign,
Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary
Certification Authority - G5
/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority -
G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust
Network
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 1999 VeriSign,
Inc. - For authorized use only/CN=VeriSign Class 4 Public Primary
Certification Authority - G3
/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at
https://www.verisign.com/rpa (c)00/CN=VeriSign Time Stamping Authority CA
/C=US/O=VISA/OU=Visa International Service Association/CN=Visa eCommerce Root
/C=US/O=VISA/OU=Visa International Service Association/CN=GP Root 2
/C=US/O=Wells Fargo/OU=Wells Fargo Certification Authority/CN=Wells Fargo
Root Certificate Authority
/C=US/OU=www.xrampsecurity.com/O=XRamp Security Services Inc/CN=XRamp
Global Certification Authority
/C=BM/O=QuoVadis Limited/OU=Root Certification Authority/CN=QuoVadis Root
Certification Authority
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet
- CA Klasa 1
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet
- CA Klasa 2
/C=PL/O=TP Internet Sp. z o.o./CN=CC Signet - CA Klasa
3/serialNumber=Numer wpisu: 4
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet
- OCSP Klasa 2
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet
- OCSP Klasa 3
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet
- PCA Klasa 2
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet
- PCA Klasa 3
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet
- RootCA
/C=PL/O=TP Internet Sp. z o.o./OU=Centrum Certyfikacji Signet/CN=CC Signet
- TSA Klasa 1
/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certification
Authority/emailAddress=hostmaster@???
/C=US/ST=Indiana/L=Indianapolis/O=Software in the Public
Interest/OU=hostmaster/CN=Certificate
Authority/emailAddress=hostmaster@???
/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche Telekom
Root CA 2
---
SSL handshake has read 22345 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-DSS-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-DSS-AES256-SHA
    Session-ID:
510F41918AD4A65D88A43BC6ED66651F98842EBBF7975295F6808342F9AE7067
    Session-ID-ctx:
    Master-Key:
53D1F9E30DC867D662BC2F859B79319294F67D7EB8753237A181DBE41C84B69EF00721F63BFC8938613EB7B694D8C53F
    Key-Arg   : None
    Start Time: 1301593832
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
250 HELP
quit
221 ns2.lightspeed.ca closing connection
closed