hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1578) Regression between v4.1 and v4.1.1 regarding validation of SSL certificates for servers with multiple VirtualHost serving HTTPS
Date Tue, 11 Nov 2014 20:41:35 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1578?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14207013#comment-14207013 ] 

Oleg Kalnichevski commented on HTTPCLIENT-1578:
-----------------------------------------------

Works fine for me with HttpClient 4.3.6
{code:java}
CloseableHttpClient client = HttpClients.createDefault();

HttpPost req = new HttpPost("https://stash.kreios.lu/rest/rest/doSomething");

req.addHeader("Content-type", "application/json");
req.setEntity(new StringEntity("{}"));
CloseableHttpResponse response = client.execute(req);
try {
     System.out.println(response.getStatusLine());
} finally {
    response.close();
}
{code}

{noformat}
trustStore is: /opt/oracle-jdk-1.7.0.60/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4eb200670c035d4f
  Valid from Wed Oct 25 10:36:00 CEST 2006 until Sat Oct 25 10:36:00 CEST 2036

adding as trusted cert:
  Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Sat Jun 26 00:23:48 CEST 1999 until Wed Jun 26 00:23:48 CEST 2019

adding as trusted cert:
  Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
  Valid from Fri Nov 17 01:00:00 CET 2006 until Thu Jul 17 01:59:59 CEST 2036

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  Algorithm: RSA; Serial number: 0x456b5054
  Valid from Mon Nov 27 21:23:42 CET 2006 until Fri Nov 27 21:53:42 CET 2026

adding as trusted cert:
  Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
  Issuer:  CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
  Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
  Valid from Tue May 26 02:00:00 CEST 2009 until Tue May 26 02:00:00 CEST 2020

adding as trusted cert:
  Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Issuer:  CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce
  Valid from Fri Aug 01 14:31:40 CEST 2008 until Sat Jul 31 14:31:40 CEST 2038

adding as trusted cert:
  Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
  Issuer:  CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 28 08:00:00 CEST 2002 until Tue Sep 29 16:08:00 CEST 2037

adding as trusted cert:
  Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 12:44:50 CEST 2000 until Sat May 30 12:44:50 CEST 2020

adding as trusted cert:
  Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x3ab6508b
  Valid from Mon Mar 19 19:33:33 CET 2001 until Wed Mar 17 19:33:33 CET 2021

adding as trusted cert:
  Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b
  Valid from Wed Oct 25 10:32:46 CEST 2006 until Sat Oct 25 10:32:46 CEST 2036

adding as trusted cert:
  Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
  Issuer:  OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jun 06 04:12:32 CEST 2007 until Sat Jun 06 04:12:32 CEST 2037

adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Mon Jun 21 06:00:00 CEST 1999 until Sun Jun 21 06:00:00 CEST 2020

adding as trusted cert:
  Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
  Issuer:  CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
  Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad
  Valid from Mon Nov 01 18:14:04 CET 2004 until Mon Jan 01 06:37:19 CET 2035

adding as trusted cert:
  Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0
  Valid from Wed Oct 25 10:30:35 CEST 2006 until Sat Oct 25 10:30:35 CEST 2036

adding as trusted cert:
  Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x123df0e7da2a2247a43889e08aeec967
  Valid from Mon Jan 01 01:00:00 CET 1996 until Sat Jan 02 00:59:59 CET 2021

adding as trusted cert:
  Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
  Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb
  Valid from Wed Apr 02 02:00:00 CEST 2008 until Wed Dec 02 00:59:59 CET 2037

adding as trusted cert:
  Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Issuer:  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1a5
  Valid from Thu Aug 13 02:29:00 CEST 1998 until Tue Aug 14 01:59:00 CEST 2018

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000b9
  Valid from Fri May 12 20:46:00 CEST 2000 until Tue May 13 01:59:00 CEST 2025

adding as trusted cert:
  Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd
  Valid from Mon Jan 29 01:00:00 CET 1996 until Thu Aug 03 01:59:59 CEST 2028

adding as trusted cert:
  Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
  Issuer:  OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
  Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d
  Valid from Mon Dec 20 03:31:27 CET 2004 until Wed Dec 20 03:31:27 CET 2034

adding as trusted cert:
  Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
  Valid from Fri Nov 10 01:00:00 CET 2006 until Mon Nov 10 01:00:00 CET 2031

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x509
  Valid from Fri Nov 24 19:27:00 CET 2006 until Mon Nov 24 19:23:33 CET 2031

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000bf
  Valid from Wed May 17 16:01:00 CEST 2000 until Sun May 18 01:59:00 CEST 2025

adding as trusted cert:
  Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Issuer:  CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Oct 01 12:29:56 CEST 2008 until Sun Oct 02 01:59:59 CEST 2033

adding as trusted cert:
  Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Issuer:  CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x3863def8
  Valid from Fri Dec 24 18:50:51 CET 1999 until Tue Jul 24 16:15:12 CEST 2029

adding as trusted cert:
  Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
  Issuer:  CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
  Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510
  Valid from Thu Mar 23 15:10:23 CET 2006 until Wed Dec 31 23:59:59 CET 2025

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
  Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028

adding as trusted cert:
  Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
  Issuer:  CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
  Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756
  Valid from Mon Nov 05 01:00:00 CET 2007 until Tue Jan 19 00:59:59 CET 2038

adding as trusted cert:
  Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x34a4fff630af4ca53c331742a1946675
  Valid from Thu Aug 01 02:00:00 CEST 1996 until Sat Jan 02 00:59:59 CET 2021

adding as trusted cert:
  Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
  Issuer:  CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
  Algorithm: RSA; Serial number: 0x26
  Valid from Fri Jul 09 14:11:00 CEST 1999 until Wed Jul 10 01:59:00 CEST 2019

adding as trusted cert:
  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
  Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
  Algorithm: RSA; Serial number: 0x374ad243
  Valid from Tue May 25 18:09:40 CEST 1999 until Sat May 25 18:39:40 CEST 2019

adding as trusted cert:
  Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Mar 04 06:00:00 CET 2004 until Sun Mar 04 06:00:00 CET 2029

adding as trusted cert:
  Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
  Issuer:  CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
  Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606
  Valid from Wed Mar 22 16:54:28 CET 2006 until Wed Dec 31 23:59:59 CET 2025

adding as trusted cert:
  Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Issuer:  CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Oct 01 12:40:14 CEST 2008 until Sun Oct 02 01:59:59 CEST 2033

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036

adding as trusted cert:
  Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Sat Jun 26 02:19:54 CEST 1999 until Wed Jun 26 02:19:54 CEST 2019

adding as trusted cert:
  Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
  Valid from Fri Nov 10 01:00:00 CET 2006 until Mon Nov 10 01:00:00 CET 2031

adding as trusted cert:
  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 12:38:31 CEST 2000 until Sat May 30 12:38:31 CEST 2020

adding as trusted cert:
  Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 12:48:38 CEST 2000 until Sat May 30 12:48:38 CEST 2020

adding as trusted cert:
  Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
  Issuer:  CN=Class 2 Primary CA, O=Certplus, C=FR
  Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
  Valid from Wed Jul 07 19:05:00 CEST 1999 until Sun Jul 07 01:59:59 CEST 2019

adding as trusted cert:
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Issuer:  OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Algorithm: RSA; Serial number: 0x35def4cf
  Valid from Sat Aug 22 18:41:51 CEST 1998 until Wed Aug 22 18:41:51 CEST 2018

adding as trusted cert:
  Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Issuer:  CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
  Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda
  Valid from Fri Aug 01 14:29:50 CEST 2008 until Sat Jul 31 14:29:50 CEST 2038

adding as trusted cert:
  Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
  Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036

adding as trusted cert:
  Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Issuer:  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Jan 01 01:00:00 CET 2004 until Mon Jan 01 00:59:59 CET 2029

adding as trusted cert:
  Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0x4
  Valid from Mon Jun 21 06:00:00 CEST 1999 until Sun Jun 21 06:00:00 CEST 2020

adding as trusted cert:
  Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Issuer:  OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Jun 29 19:39:16 CEST 2004 until Thu Jun 29 19:39:16 CEST 2034

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
  Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028

adding as trusted cert:
  Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Issuer:  CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
  Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
  Valid from Fri Nov 10 01:00:00 CET 2006 until Mon Nov 10 01:00:00 CET 2031

adding as trusted cert:
  Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Issuer:  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Algorithm: RSA; Serial number: 0x40000000001154b5ac394
  Valid from Tue Sep 01 14:00:00 CEST 1998 until Fri Jan 28 13:00:00 CET 2028

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
  Valid from Mon May 18 02:00:00 CEST 1998 until Wed Aug 02 01:59:59 CEST 2028

adding as trusted cert:
  Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
  Issuer:  CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
  Algorithm: RSA; Serial number: 0x5c6
  Valid from Fri Nov 24 20:11:23 CET 2006 until Mon Nov 24 20:06:44 CET 2031

adding as trusted cert:
  Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
  Issuer:  CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
  Algorithm: RSA; Serial number: 0x10020
  Valid from Tue Jun 11 12:46:39 CEST 2002 until Fri Jun 11 12:46:39 CEST 2027

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
  Algorithm: RSA; Serial number: 0x400000000010f8626e60d
  Valid from Fri Dec 15 09:00:00 CET 2006 until Wed Dec 15 09:00:00 CET 2021

adding as trusted cert:
  Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954
  Valid from Thu Aug 01 02:00:00 CEST 1996 until Sat Jan 02 00:59:59 CET 2021

adding as trusted cert:
  Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  Issuer:  CN=SecureTrust CA, O=SecureTrust Corporation, C=US
  Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
  Valid from Tue Nov 07 20:31:18 CET 2006 until Mon Dec 31 20:40:55 CET 2029

adding as trusted cert:
  Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
  Issuer:  CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 30 18:13:43 CEST 2003 until Wed Sep 30 18:13:44 CEST 2037

adding as trusted cert:
  Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Issuer:  CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4a538c28
  Valid from Tue Jul 07 19:25:54 CEST 2009 until Sat Dec 07 18:55:54 CET 2030

adding as trusted cert:
  Subject: CN=Class 3P Primary CA, O=Certplus, C=FR
  Issuer:  CN=Class 3P Primary CA, O=Certplus, C=FR
  Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879
  Valid from Wed Jul 07 19:10:00 CEST 1999 until Sun Jul 07 01:59:59 CEST 2019

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a
  Valid from Wed Nov 08 01:00:00 CET 2006 until Thu Jul 17 01:59:59 CEST 2036

adding as trusted cert:
  Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d
  Valid from Wed Apr 02 02:00:00 CEST 2008 until Wed Dec 02 00:59:59 CET 2037

adding as trusted cert:
  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x23456
  Valid from Tue May 21 06:00:00 CEST 2002 until Sat May 21 06:00:00 CEST 2022

adding as trusted cert:
  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
  Valid from Mon Jan 29 01:00:00 CET 1996 until Thu Aug 03 01:59:59 CEST 2028

adding as trusted cert:
  Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
  Issuer:  CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
  Algorithm: RSA; Serial number: 0x444c0
  Valid from Wed Oct 22 14:07:37 CEST 2008 until Mon Dec 31 13:07:37 CET 2029

adding as trusted cert:
  Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
  Issuer:  OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Sep 30 06:20:49 CEST 2003 until Sat Sep 30 06:20:49 CEST 2023

adding as trusted cert:
  Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
  Issuer:  CN=Sonera Class1 CA, O=Sonera, C=FI
  Algorithm: RSA; Serial number: 0x24
  Valid from Fri Apr 06 12:49:13 CEST 2001 until Tue Apr 06 12:49:13 CEST 2021

adding as trusted cert:
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Jun 29 19:06:20 CEST 2004 until Thu Jun 29 19:06:20 CEST 2034

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
  Valid from Fri Jul 09 19:28:50 CEST 1999 until Tue Jul 09 19:36:58 CEST 2019

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
  Valid from Fri Jul 09 20:10:42 CEST 1999 until Tue Jul 09 20:19:22 CEST 2019

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
  Valid from Mon Nov 27 01:00:00 CET 2006 until Thu Jul 17 01:59:59 CEST 2036

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
  Algorithm: RSA; Serial number: 0x4000000000121585308a2
  Valid from Wed Mar 18 11:00:00 CET 2009 until Sun Mar 18 11:00:00 CET 2029

adding as trusted cert:
  Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
  Issuer:  CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
  Algorithm: RSA; Serial number: 0x2
  Valid from Tue Oct 26 10:28:58 CEST 2010 until Fri Oct 26 10:28:58 CEST 2040

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b
  Valid from Mon Nov 05 01:00:00 CET 2007 until Tue Jan 19 00:59:59 CET 2038

adding as trusted cert:
  Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
  Valid from Fri Oct 01 02:00:00 CEST 1999 until Thu Jul 17 01:59:59 CEST 2036

adding as trusted cert:
  Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
  Issuer:  CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 28 08:00:00 CEST 2002 until Thu Nov 19 21:43:00 CET 2037

adding as trusted cert:
  Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
  Issuer:  CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
  Algorithm: RSA; Serial number: 0x2
  Valid from Tue Oct 26 10:38:03 CEST 2010 until Fri Oct 26 10:38:03 CEST 2040

adding as trusted cert:
  Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
  Issuer:  OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
  Algorithm: RSA; Serial number: 0x0
  Valid from Fri May 29 07:00:39 CEST 2009 until Tue May 29 07:00:39 CEST 2029

adding as trusted cert:
  Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
  Issuer:  CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x0
  Valid from Wed Jan 01 01:00:00 CET 1997 until Fri Jan 01 00:59:59 CET 2021

adding as trusted cert:
  Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f
  Valid from Wed Apr 02 02:00:00 CEST 2008 until Wed Dec 02 00:59:59 CET 2037

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3
  Valid from Mon Nov 05 01:00:00 CET 2007 until Tue Jan 19 00:59:59 CET 2038

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
  Valid from Fri Jul 09 20:31:20 CEST 1999 until Tue Jul 09 20:40:36 CEST 2019

adding as trusted cert:
  Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
  Valid from Thu Jun 24 20:57:21 CEST 1999 until Mon Jun 24 21:06:30 CEST 2019

adding as trusted cert:
  Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
  Issuer:  CN=Sonera Class2 CA, O=Sonera, C=FI
  Algorithm: RSA; Serial number: 0x1d
  Valid from Fri Apr 06 09:29:40 CEST 2001 until Tue Apr 06 09:29:40 CEST 2021

adding as trusted cert:
  Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
  Issuer:  CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
  Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
  Valid from Thu Jan 12 15:38:43 CET 2006 until Wed Dec 31 23:59:59 CET 2025

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1415738371 bytes = { 142, 35, 235, 222, 178, 32, 107, 248, 26, 57, 167, 60, 178, 109, 162, 90, 180, 157, 217, 170, 232, 157, 220, 55, 187, 43, 222, 195 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: stash.kreios.lu]
***
main, WRITE: TLSv1 Handshake, length = 173
main, READ: TLSv1 Handshake, length = 85
*** ServerHello, TLSv1
RandomCookie:  GMT: 1135692965 bytes = { 242, 131, 238, 97, 102, 233, 134, 192, 86, 130, 232, 15, 191, 215, 227, 210, 53, 79, 193, 87, 2, 182, 94, 194, 72, 176, 180, 238 }
Session ID:  {41, 253, 146, 124, 50, 119, 157, 232, 144, 38, 247, 5, 215, 17, 212, 32, 138, 65, 150, 130, 54, 41, 224, 237, 235, 106, 164, 165, 248, 94, 197, 100}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension server_name, server_name: 
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
main, READ: TLSv1 Handshake, length = 2321
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=*.kreios.lu, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)14, OU=GT98629041, SERIALNUMBER=LwCTQJjJj94odszLnywxXW0AJcv0vdlc
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 23565922992085821656930722674965112183458320536346901741114331708503785639426463108571431619105613182196488119836208855587465265465610179045083174249306975271812427161792485472624597025039518033246447498374323638200252524162641503437495928081349851950799743399527064007857635646036352343696154117496116548104357282260574037340166099449496354261574926010855858074464127436108972650175671853440826264843750506782756313148616861172777582404729630762180663489559536616186351192890554184344561240477810886902348997360771924005017873248871558373777928415907947067977840123243076343058099321454343949908455052851461917053327
  public exponent: 65537
  Validity: [From: Mon Jan 06 00:14:04 CET 2014,
               To: Sat Jan 07 19:54:13 CET 2017]
  Issuer: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
  SerialNumber: [    0fef41]

Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://rapidssl-ocsp.geotrust.com
, 
   accessMethod: caIssuers
   accessLocation: URIName: http://rapidssl-aia.geotrust.com/rapidssl.crt
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 6B 69 3D 6A 18 42 4A DD   8F 02 65 39 FD 35 24 86  ki=j.BJ...e9.5$.
0010: 78 91 16 30                                        x..0
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://rapidssl-crl.geotrust.com/crls/rapidssl.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.54]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 25 68 74 74 70 3A 2F   2F 77 77 77 2E 67 65 6F  .%http://www.geo
0010: 74 72 75 73 74 2E 63 6F   6D 2F 72 65 73 6F 75 72  trust.com/resour
0020: 63 65 73 2F 63 70 73                               ces/cps

]]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: *.kreios.lu
  DNSName: kreios.lu
]

[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 75 18 00 32 3C 73 A9 A1   B0 A4 E7 D7 8A B8 2E C1  u..2<s..........
0010: 4E 9D 73 EE                                        N.s.
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 79 E8 0C 42 BF AE 82 01   85 52 81 82 1B 57 6F 91  y..B.....R...Wo.
0010: 7B D5 E1 56 09 C6 7A DF   35 76 1B 53 2D 71 5D 14  ...V..z.5v.S-q].
0020: 72 51 87 D4 B5 CA F0 97   9D 7A 9C CF 0E F2 4C F1  rQ.......z....L.
0030: 19 06 DE 86 29 C0 B8 82   38 04 26 B7 0C BA 74 96  ....)...8.&...t.
0040: 02 1F 8D 61 3F 00 BA 7D   00 68 06 A7 49 7C BD D6  ...a?....h..I...
0050: F9 27 EC F4 5D ED 5D 6A   D2 29 33 6B C9 F2 80 82  .'..].]j.)3k....
0060: E9 36 7E B7 AB D6 FF F4   1B 09 D8 DE 55 CA 9D C1  .6..........U...
0070: A2 A2 66 D2 DC 8E 59 53   2C 8B 4B 58 3E 1F 0F 19  ..f...YS,.KX>...
0080: 49 61 D2 EA 3A 4A E5 E3   E4 DD 9B 48 6F 6E 20 31  Ia..:J.....Hon 1
0090: CA E3 DF 6E DE 1D 08 EB   14 75 81 06 07 B5 D1 70  ...n.....u.....p
00A0: A5 24 59 0B BA 03 A8 B6   00 43 2E 37 77 0A 5B AF  .$Y......C.7w.[.
00B0: B7 7C ED 58 1C A3 CA 0C   FE 5E 05 D1 FA 45 A3 99  ...X.....^...E..
00C0: 65 5C 9B B6 9E 2D D9 56   A1 43 C4 5E 84 37 00 CB  e\...-.V.C.^.7..
00D0: FD 9C CF E2 BE 70 15 48   A8 50 05 E9 87 1A DD 5F  .....p.H.P....._
00E0: D0 F8 42 9E F0 47 A7 AA   C3 9F 0B A1 10 EA BA 0E  ..B..G..........
00F0: A5 40 EE C8 C2 83 B7 58   90 A4 39 99 BF 70 AB 66  .@.....X..9..p.f

]
chain [1] = [
[
  Version: V3
  Subject: CN=RapidSSL CA, O="GeoTrust, Inc.", C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 25177623426426588132550125218451080465037374253763385069594664996390516327122820009804732518410437841466200602026190775653811606262211330024744533415253065658804469600333697112566893139869278480710101856063907377070241281954361950936190589407992349738968504563083768782249626497805396324086205697290695906640029705073288923885755650556319209257015216085103359829636265775278295669198618016055494382778675954362588901496544858178526707401301199035612812475115850714604573928246891856483139737198313331065128475659082226861581835719707320595915248950066186093729765088283424562125415470588728765078683484272608855281803
  public exponent: 65537
  Validity: [From: Fri Feb 19 23:45:05 CET 2010,
               To: Tue Feb 18 23:45:05 CET 2020]
  Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  SerialNumber: [    0236d1]

Certificate Extensions: 6
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.geotrust.com
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB   05 64 0C 11 7D AA 7D 65  .z.h.....d.....e
0010: B8 CA CC 4E                                        ...N
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.geotrust.com/crls/gtglobal.crl]
]]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[6]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6B 69 3D 6A 18 42 4A DD   8F 02 65 39 FD 35 24 86  ki=j.BJ...e9.5$.
0010: 78 91 16 30                                        x..0
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: AB BC BC 0A 5D 18 94 E3   C1 B1 C3 A8 4C 55 D6 BE  ....].......LU..
0010: B4 98 F1 EE 3C 1C CD CF   F3 24 24 5C 96 03 27 58  ....<....$$\..'X
0020: FC 36 AE A2 2F 8F F1 FE   DA 2B 02 C3 33 BD C8 DD  .6../....+..3...
0030: 48 22 2B 60 0F A5 03 10   FD 77 F8 D0 ED 96 67 4F  H"+`.....w....gO
0040: FD EA 47 20 70 54 DC A9   0C 55 7E E1 96 25 8A D9  ..G pT...U...%..
0050: B5 DA 57 4A BE 8D 8E 49   43 63 A5 6C 4E 27 87 25  ..WJ...ICc.lN'.%
0060: EB 5B 6D FE A2 7F 38 28   E0 36 AB AD 39 A5 A5 62  .[m...8(.6..9..b
0070: C4 B7 5C 58 2C AA 5D 01   60 A6 62 67 A3 C0 C7 62  ..\X,.].`.bg...b
0080: 23 F4 E7 6C 46 EE B5 D3   80 6A 22 13 D2 2D 3F 74  #..lF....j"..-?t
0090: 4F EA AF 8C 5F B4 38 9C   DB AE CE AF 84 1E A6 F6  O..._.8.........
00A0: 34 51 59 79 D3 E3 75 DC   BC D7 F3 73 DF 92 EC D2  4QYy..u....s....
00B0: 20 59 6F 9C FB 95 F8 92   76 18 0A 7C 0F 2C A6 CA   Yo.....v....,..
00C0: DE 8A 62 7B D8 F3 CE 5F   68 BD 8F 3E C1 74 BB 15  ..b...._h..>.t..
00D0: 72 3A 16 83 A9 0B E6 4D   99 9C D8 57 EC A8 01 51  r:.....M...W...Q
00E0: C7 6F 57 34 5E AB 4A 2C   42 F6 4F 1C 89 78 DE 26  .oW4^.J,B.O..x.&
00F0: 4E F5 6F 93 4C 15 6B 27   56 4D 00 54 6C 7A B7 B7  N.o.L.k'VM.Tlz..

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 27620593608073140957439440929253438012688864718977347268272053725994928948867769687165112265058896553974818505070806430256424431940072485024407486246475597522063246121214348496326377341879755851197260401080498544606788760407243324127929930612201002157618691487713632251700065187865963692723720912135393438861302779432180613616167225206519123176430362410262429702404863434904116727055203524505580952824336979641923534005571504410997292144760317953739063178352809680844232935574095508445145910310675421726257114605895831426222686272114090063230017292595425393719031924942422176213538487957041730136782988405751614792953
  public exponent: 65537
  Validity: [From: Tue May 21 06:00:00 CEST 2002,
               To: Sat May 21 06:00:00 CEST 2022]
  Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  SerialNumber: [    023456]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB   05 64 0C 11 7D AA 7D 65  .z.h.....d.....e
0010: B8 CA CC 4E                                        ...N
]
]

[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C0 7A 98 68 8D 89 FB AB   05 64 0C 11 7D AA 7D 65  .z.h.....d.....e
0010: B8 CA CC 4E                                        ...N
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 35 E3 29 6A E5 2F 5D 54   8E 29 50 94 9F 99 1A 14  5.)j./]T.)P.....
0010: E4 8F 78 2A 62 94 A2 27   67 9E D0 CF 1A 5E 47 E9  ..x*b..'g....^G.
0020: C1 B2 A4 CF DD 41 1A 05   4E 9B 4B EE 4A 6F 55 52  .....A..N.K.JoUR
0030: B3 24 A1 37 0A EB 64 76   2A 2E 2C F3 FD 3B 75 90  .$.7..dv*.,..;u.
0040: BF FA 71 D8 C7 3D 37 D2   B5 05 95 62 B9 A6 DE 89  ..q..=7....b....
0050: 3D 36 7B 38 77 48 97 AC   A6 20 8F 2E A6 C9 0C C2  =6.8wH... ......
0060: B2 99 45 00 C7 CE 11 51   22 22 E0 A5 EA B6 15 48  ..E....Q"".....H
0070: 09 64 EA 5E 4F 74 F7 05   3E C7 8A 52 0C DB 15 B4  .d.^Ot..>..R....
0080: BD 6D 9B E5 C6 B1 54 68   A9 E3 69 90 B6 9A A5 0F  .m....Th..i.....
0090: B8 B9 3F 20 7D AE 4A B5   B8 9C E4 1D B6 AB E6 94  ..? ..J.........
00A0: A5 C1 C7 83 AD DB F5 27   87 0E 04 6C D5 FF DD A0  .......'...l....
00B0: 5D ED 87 52 B7 2B 15 02   AE 39 A6 6A 74 E9 DA C4  ]..R.+...9.jt...
00C0: E7 BC 4D 34 1E A9 5C 4D   33 5F 92 09 2F 88 66 5D  ..M4..\M3_../.f]
00D0: 77 97 C7 1D 76 13 A9 D5   E5 F1 16 09 11 35 D5 AC  w...v........5..
00E0: DB 24 71 70 2C 98 56 0B   D9 17 B4 D1 E3 51 2B 5E  .$qp,.V......Q+^
00F0: 75 E8 D5 D0 DC 4F 34 ED   C2 05 66 80 A1 CB E6 33  u....O4...f....3

]
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 08 FD BB CC A6 E4   14 57 12 4E EF 2A 26 3A  .........W.N.*&:
0010: 21 11 D6 DA B9 DC 1A 93   71 D6 82 FC BD 08 22 14  !.......q.....".
0020: 01 66 6A 10 C5 57 83 D3   23 7F CD 5B DF F5 0C 0F  .fj..W..#..[....
CONNECTION KEYGEN:
Client Nonce:
0000: 54 62 74 03 8E 23 EB DE   B2 20 6B F8 1A 39 A7 3C  Tbt..#... k..9.<
0010: B2 6D A2 5A B4 9D D9 AA   E8 9D DC 37 BB 2B DE C3  .m.Z.......7.+..
Server Nonce:
0000: 44 B1 4D A5 F2 83 EE 61   66 E9 86 C0 56 82 E8 0F  D.M....af...V...
0010: BF D7 E3 D2 35 4F C1 57   02 B6 5E C2 48 B0 B4 EE  ....5O.W..^.H...
Master Secret:
0000: D5 C4 35 01 37 2C BD A3   E5 5E D8 30 2D 59 42 5D  ..5.7,...^.0-YB]
0010: DE 1F 3E 2B CD 41 C1 80   A5 90 69 78 6F 46 80 5D  ..>+.A....ixoF.]
0020: D6 22 5D 79 EA 1C 62 9A   A7 70 34 71 A7 9B 57 83  ."]y..b..p4q..W.
Client MAC write Secret:
0000: 05 87 A9 7F 8A AB D0 62   3B 86 1F 50 B9 B8 AD 77  .......b;..P...w
0010: A4 42 43 41                                        .BCA
Server MAC write Secret:
0000: 9F C7 4E 83 92 2F CA 41   11 C0 F5 C6 91 0F 1E E5  ..N../.A........
0010: BE 14 76 7E                                        ..v.
Client write key:
0000: 4C A6 82 DB C3 70 53 C3   67 D1 0B 5C 25 52 82 80  L....pS.g..\%R..
Server write key:
0000: F0 D9 67 FA 17 D9 23 F9   46 3D 70 76 28 E0 F2 5D  ..g...#.F=pv(..]
Client write IV:
0000: 78 15 E2 F7 5B 14 2D 17   D0 87 7E 8F B7 77 20 9F  x...[.-......w .
Server write IV:
0000: 25 31 49 47 7D C4 8A 4C   50 47 16 92 17 32 68 6D  %1IG...LPG...2hm
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 253, 15, 232, 72, 128, 43, 126, 32, 99, 227, 122, 46 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data:  { 75, 88, 57, 157, 73, 113, 196, 161, 149, 247, 56, 211 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
[DEBUG] wire - http-outgoing-0 >> "POST /rest/rest/doSomething HTTP/1.1[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "Content-type: application/json[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "Content-Length: 2[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "Host: stash.kreios.lu[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.3.5 (java 1.5)[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "[\r][\n]"
[DEBUG] wire - http-outgoing-0 >> "{}"
main, WRITE: TLSv1 Application Data, length = 240
main, READ: TLSv1 Application Data, length = 32
main, READ: TLSv1 Application Data, length = 432
[DEBUG] wire - http-outgoing-0 << "HTTP/1.1 404 Not Found[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "server: Apache-Coyote/1.1[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "x-arequestid: @1S7W3NIx1299x28813x0[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "x-asen: SEN-2988886[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "x-xss-protection: 1; mode=block[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "x-frame-options: SAMEORIGIN[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "x-content-type-options: nosniff[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "content-type: text/html;charset=UTF-8[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "content-language: en-US[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "transfer-encoding: chunked[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "content-encoding: gzip[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "Vary: Accept-Encoding[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "date: Tue, 11 Nov 2014 20:39:31 GMT[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "connection: close[\r][\n]"
[DEBUG] wire - http-outgoing-0 << "[\r][\n]"
HTTP/1.1 404 Not Found
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 32
main, called closeSocket(selfInitiated)
{noformat}

> Regression between v4.1 and v4.1.1 regarding validation of SSL certificates for servers with multiple VirtualHost serving HTTPS
> -------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1578
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1578
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>            Reporter: Richard Comblen
>
> We have a service provider hosting a web application (Atlassian Stash) behind https proxy. The server hosting this proxy hosts other VirtualHosts using https.
> We have a client application (Jenkins) submitting POST requests to that application using the httpclient library.
> We realized that starting with version 4.1.1 of the library, we get an SSL exception related to hostname verification.
> I've created a minimal example hosted on GitHub: https://github.com/rcomblen/HttpClientRegressionTest
> Debugging, you will see that the only certificate retrieved by the SSLSocket object corresponds to atlashost.eu (the hosting provider) and not *.kreios.lu (our own certificate).
> It seems the library behaves like the openssl command line if you miss the -servername argument:
> {code}
> $ openssl s_client -connect stash.kreios.lu:443 2>/dev/null | grep subject
> subject=/description=p7VPQDLL2DWTo7A5/C=PL/ST=Gdansk/L=Gniew/O=Damian Nowak/CN=*.atlashost.eu/emailAddress=hostmaster@atlashost.eu
> $ openssl s_client -connect stash.kreios.lu:443 -servername stash.kreios.lu 2>/dev/null | grep subject
> subject=/serialNumber=LwCTQJjJj94odszLnywxXW0AJcv0vdlc/OU=GT98629041/OU=See www.rapidssl.com/resources/cps (c)14/OU=Domain Control Validated - RapidSSL(R)/CN=*.kreios.lu
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message