Thanks to muks for this, there is no way I would remember this so:

openssl s_client -connect mail.gimp.org:25 -starttls smtp

shows that the name is for mail.gtk.org, which is probably bad.

the output looks something like:


CONNECTED(00000003)
depth=1 /C=US/ST=Minnesota/L=Robbinsdale/O=gtk.org/CN=gtk.org CA/emailAddress=ca@gtk.org
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/C=US/ST=Minnesota/O=gtk.org/CN=mail.gtk.org/emailAddress=ca@gtk.org
 i:/C=US/ST=Minnesota/L=Robbinsdale/O=gtk.org/CN=gtk.org CA/emailAddress=ca@gtk.org
 1 s:/C=US/ST=Minnesota/L=Robbinsdale/O=gtk.org/CN=gtk.org CA/emailAddress=ca@gtk.org
 i:/C=US/ST=Minnesota/L=Robbinsdale/O=gtk.org/CN=gtk.org CA/emailAddress=ca@gtk.org
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIBATANBgkqhkiG9w0BAQQFADB5MQswCQYDVQQGEwJVUzES
MBAGA1UECBMJTWlubmVzb3RhMRQwEgYDVQQHEwtSb2JiaW5zZGFsZTEQMA4GA1UE
ChMHZ3RrLm9yZzETMBEGA1UEAxMKZ3RrLm9yZyBDQTEZMBcGCSqGSIb3DQEJARYK
Y2FAZ3RrLm9yZzAeFw0wOTA0MTEwMDA1NDRaFw0xOTA0MDkwMDA1NDRaMGUxCzAJ
BgNVBAYTAlVTMRIwEAYDVQQIEwlNaW5uZXNvdGExEDAOBgNVBAoTB2d0ay5vcmcx
FTATBgNVBAMTDG1haWwuZ3RrLm9yZzEZMBcGCSqGSIb3DQEJARYKY2FAZ3RrLm9y
ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMS8INsrdFmXc2rFJp46
Z9OK+okWIh4zDiYc3o5sDNAawJnyxEXAL/MR6BjE7EFHMDVGw/gH2RqJ6/q6wPiU
RhXkwwcNdS9JlGw/z3XQYcvsvpGnRZp47A/Vgr66AallcGdB5UIsRMel7d8uDMSI
jziOxmFX/8iADF3SJrQ4DPNu6EPnvRTRPWSsPvpjrVky5y//J+XyQh9qzPrB9yKb
LCgkbHjWSfpYfuPgkqD7uqAi2fJdyCf4jmgf2k08yT1lQJE3aOa6V9qDsWf5FQ0H
a4oWgvGICv7FZkwHlYTAv8ePkAqrucZY0sYCN5G7MKqS2vTP2pGh+yRmm+x0MzvK
97MCAwEAAaOCAQowggEGMAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5T
U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQJwtbZWPsXwYi5LWii
h0az5S7QlDCBqwYDVR0jBIGjMIGggBQSdfM2tNf6+ivDLr7sCH/JaVUHAKF9pHsw
eTELMAkGA1UEBhMCVVMxEjAQBgNVBAgTCU1pbm5lc290YTEUMBIGA1UEBxMLUm9i
Ymluc2RhbGUxEDAOBgNVBAoTB2d0ay5vcmcxEzARBgNVBAMTCmd0ay5vcmcgQ0Ex
GTAXBgkqhkiG9w0BCQEWCmNhQGd0ay5vcmeCCQCFGCHaayHXtDANBgkqhkiG9w0B
AQQFAAOCAQEAfMXEDd46L1HfoBp4puRZKuoP4RQnsvttExmg9lqrCvWiIynq0Ijr
7f5gBFgtkgeUu9RX80sttqdcX44jM4IaYAfsbx+sPn8HKEhnH8Bz09Eh5Tvm1mXZ
JZDIKTbkW7BtmwhiB2umX2rmnx0X3ITM3PIgiEpbsytT+MSRdZLNmg3jfiF2SRY8
t15uF3zva7NwR1Sru4P+mz84sPcUt/AtLqZQ2NKFraE2ExClJYuxoFVD8jR+0tzr
uezf3sR/b0K88jmgiXvoMjg+e2j/Q7ckuey3yHeYKoAgp9II/yxYCHh+0b436FQP
0Tp1MgrcpMZYAnO2uizufj6vhA5gB0BaWw==
-----END CERTIFICATE-----
subject=/C=US/ST=Minnesota/O=gtk.org/CN=mail.gtk.org/emailAddress=ca@gtk.org
issuer=/C=US/ST=Minnesota/L=Robbinsdale/O=gtk.org/CN=gtk.org CA/emailAddress=ca@gtk.org
---
No client certificate CA names sent
---
SSL handshake has read 3112 bytes and written 354 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
 Protocol  : TLSv1
 Cipher    : DHE-RSA-AES256-SHA
 Session-ID: AC9ADA55403F144FF35FB970898628A130565EFF84E85E0F06A4252B8A3C01FE
 Session-ID-ctx: 
 Master-Key: 3CAF412A90FD9844ECDC08C6669C483733E9618591850B57AEB161E4AE3866AF4E560F18B313709C5B94943351AE1B2D
 Key-Arg   : None
 Krb5 Principal: None
 Start Time: 1326071730
 Timeout   : 300 (sec)
 Verify return code: 19 (self signed certificate in certificate chain)
---
250 DSN

 

Leave a Reply