Download raw body.
LibreSSL changes in 7.5?
On Sat, Apr 06, 2024 at 11:25:41AM +0100, Stuart Henderson wrote: > On 2024/04/06 11:51, Mischa wrote: > > Hi All, > > > > After the upgrade from 7.4 to 7.5 I am noticing a different > > behavior with LibreSSL talking to a destination with a > > self-signed certificate, in this case a Philips Hue Bridge. > > > Certificate chain > > 0 s:/C=NL/O=Philips Hue/CN=ecb5fafffe236588 > > i:/C=NL/O=Philips Hue/CN=root-bridge > > That's not self-signed (you would have the same for s: and i:) > rather a cert signed by a private CA. A bit of searching found it: > > -----BEGIN CERTIFICATE----- > MIICMjCCAdigAwIBAgIUO7FSLbaxikuXAljzVaurLXWmFw4wCgYIKoZIzj0EAwIw > OTELMAkGA1UEBhMCTkwxFDASBgNVBAoMC1BoaWxpcHMgSHVlMRQwEgYDVQQDDAty > b290LWJyaWRnZTAiGA8yMDE3MDEwMTAwMDAwMFoYDzIwMzgwMTE5MDMxNDA3WjA5 > MQswCQYDVQQGEwJOTDEUMBIGA1UECgwLUGhpbGlwcyBIdWUxFDASBgNVBAMMC3Jv > b3QtYnJpZGdlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjNw2tx2AplOf9x86 > aTdvEcL1FU65QDxziKvBpW9XXSIcibAeQiKxegpq8Exbr9v6LBnYbna2VcaK0G22 > jOKkTqOBuTCBtjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNV > HQ4EFgQUZ2ONTFrDT6o8ItRnKfqWKnHFGmQwdAYDVR0jBG0wa4AUZ2ONTFrDT6o8 > ItRnKfqWKnHFGmShPaQ7MDkxCzAJBgNVBAYTAk5MMRQwEgYDVQQKDAtQaGlsaXBz > IEh1ZTEUMBIGA1UEAwwLcm9vdC1icmlkZ2WCFDuxUi22sYpLlwJY81Wrqy11phcO > MAoGCCqGSM49BAMCA0gAMEUCIEBYYEOsa07TH7E5MJnGw557lVkORgit2Rm1h3B2 > sFgDAiEA1Fj/C3AN5psFMjo0//mrQebo0eKd3aWRx+pQY08mk48= > -----END CERTIFICATE----- > > I would have expected 'ftp -S dont' to work anyway, but perhaps there's > something in the server cert breaking that (I wonder about basic > constraints CA:false). It's a server cert, not a CA cert, so these basic constraints seem correct. The cert looks good to me apart from the UTCTime vs GeneralizedTime issue.
LibreSSL changes in 7.5?