[clug] ssl and https

[dylan porter]

>>> Unless I've (quite likely) missed something here, you are connecting to
>>> a wireless modem, through which you connect to the internet....
>>>
>>> 2. How did you setup the modem? (absolutely stock? I had a fiddle? etc)
>> well stock yeah
> Also excellent - saves dragging every setting out of you, for a device
> I'm probably unfamiliar with. For all I know you could've been
> wardriving over Canberra in a light aeroplane, or using a McDonald's
> access-point...
>
well it also happens at other wifi hot spots like McDonald's and at CIT
>>> I suspect from the comment about Windoof VB (VirtualBox??) being able to
>>> connect, that it is using UPNP, whereas Ubuntu isn't... In which case
>>> you should consider reconfiguring your modem rules. (I consider UPNP the
>>> network equivalent of ActiveX, others may disagree).
>>> You can test that by turning off UPNP in Windoof and seeing if it will
>>> still connect.
>>>
>>> Cheers
>>  how do i turn it off to test it
> [pretending this is a Microsoft list]
> Fire up your VirtualBox -
> Windoof+R (run...) --> "appwiz.cpl" --> "Add/Remove Windoof Programs"
> --> Networking Services --> Details --> First and last options
>
>
yeah upnp wasnt enabled in the first place
>> and if that is the case how do i get
>> ubuntu to use UPnP?
>>
>
> I don't know that you can - and I'd certainly recommend against it (but
> then, I thought the seven layers OSI had something to do with a member
> of Black Sabbath).
>
> *If* you can no longer connect to fffacebook using https in Windoof
> after disabling UPnP && you could before - then I suspect we will have
> proven the cause of the problem. In which case I'd suggest you study
> your modem settings to learn what needs to be changed to allow https
> connections through.
>
> There are two things I may have overlooked (at a minimum) - one is your
> wireless card which may not be operating optimally under Ubuntu (which
> makes no sense if it does for a vm in Ubuntu), and the other is SSL itself.
>
> "#dpkg --get-selections | grep openssl" should show you if you have it
> installed. Note: the "#" means the command is run as root (use your
> sudo), and I'm "assuming" Ubuntu calls the package the same as Debian.
>
yeah openssl is installed
> If ssl is *not* installed - there's your problem. The other part of ssl
> that *might* be a problem (unlikely given Konq works neither) is that
> for some purposes ssl requires a user certificate as well as a server
> certificate. You can get more information about ssl functions using:-
>
> "$ openssl s_client -connect facebook.com:443" which will return a lot
> of gibberish, or sod all. (Note: "$" means *not* run as root)
>
> eg. output:-
> scott at work:~$ openssl s_client -connect facebook.com:443
> CONNECTED(00000003)
> depth=2 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High
> Assurance EV Root CA
> verify error:num=20:unable to get local issuer certificate
> verify return:0
> ---
> Certificate chain
>  0 s:/C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=www.facebook.com
>    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
> CA-3
>  1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
> CA-3
>    i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
> EV Root CA
>  2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
> EV Root CA
>    i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
> liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
> Certification Authority
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> <snipped to save electrons>
>
>
> Cheers
$ openssl s_client -connect facebook.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
High Assurance EV Root CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=www.facebook.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
CA-3
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
CA-3
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
EV Root CA
 2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance
EV Root CA
   i:/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
blah
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=www.facebook.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High
Assurance CA-3
---
No client certificate CA names sent
---
SSL handshake has read 4461 bytes and written 393 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID:
2308154228CBADFFB071E7F972E07469E303DE3215E784F319074054EBE8CBFE
    Session-ID-ctx:
    Master-Key:
5389FB17AD86AED6703C0607835279E8951BEF2227012839B98F39595659DE69634E3069C9945184F59F33843EC7B881
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1298765059
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

thats what i got for that

also i got a net book yesterday and installed sabayon and im having the
same problem

-- 
dylan porter