This is strange... on lucid it doesn't even attempt to check for the CA file. Using the script you provided on a Karmic machine I get the following:
now cas.ucdavis.edu... open("/etc/host.conf", O_RDONLY) = 3 open("/etc/resolv.conf", O_RDONLY) = 3 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3 open("/etc/ld.so.cache", O_RDONLY) = 3 open("/lib/libnss_mdns4_minimal.so.2", O_RDONLY) = 3 open("/etc/ld.so.cache", O_RDONLY) = 3 open("/lib/tls/i686/cmov/libnss_dns.so.2", O_RDONLY) = 3 open("/etc/resolv.conf", O_RDONLY) = 3 open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 4 open("/etc/ssl/certs/594f1775.0", O_RDONLY|O_LARGEFILE) = 4 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3 open("/etc/ssl/certs/594f1775.0", O_RDONLY|O_LARGEFILE) = 4 try ssl to google... open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3 open("/etc/gai.conf", O_RDONLY) = 3 open("/etc/ssl/certs/7651b327.0", O_RDONLY|O_LARGEFILE) = 4 open("/dev/urandom", O_RDONLY) = 0 open("/dev/urandom", O_RDONLY) = 0 open("/dev/urandom", O_RDONLY) = 0
I'm puzzled why Lucid doesn't check for the CA. As you can see from above the server's cert is offered and verified on a Karmic machine. The file referenced above (/etc/ssl/certs/594f1775.0) exists on both machines and has the same sha1sum:
03de306e6bead81b0de390a2c47ba264139e4e69 /etc/ssl/certs/594f1775.0
Long shot, but, I did notice that the Issuer CN on the cas.ucdavis.edu cert doesn't have a value. Is it required?
This is strange... on lucid it doesn't even attempt to check for the CA file. Using the script you provided on a Karmic machine I get the following:
now cas.ucdavis.edu... etc/host. conf", O_RDONLY) = 3 etc/resolv. conf", O_RDONLY) = 3 etc/ld. so.cache" , O_RDONLY) = 3 lib/libnss_ mdns4_minimal. so.2", O_RDONLY) = 3 etc/ld. so.cache" , O_RDONLY) = 3 lib/tls/ i686/cmov/ libnss_ dns.so. 2", O_RDONLY) = 3 etc/resolv. conf", O_RDONLY) = 3 dev/urandom" , O_RDONLY| O_NOCTTY| O_NONBLOCK) = 4 etc/ssl/ certs/594f1775. 0", O_RDONLY| O_LARGEFILE) = 4 etc/ssl/ certs/594f1775. 0", O_RDONLY| O_LARGEFILE) = 4 etc/gai. conf", O_RDONLY) = 3 etc/ssl/ certs/7651b327. 0", O_RDONLY| O_LARGEFILE) = 4 dev/urandom" , O_RDONLY) = 0 dev/urandom" , O_RDONLY) = 0 dev/urandom" , O_RDONLY) = 0
open("/
open("/
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
open("/
open("/
open("/
open("/
open("/
open("/
open("/
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
open("/
try ssl to google...
open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 3
open("/
open("/
open("/
open("/
open("/
I'm puzzled why Lucid doesn't check for the CA. As you can see from above the server's cert is offered and verified on a Karmic machine. The file referenced above (/etc/ssl/ certs/594f1775. 0) exists on both machines and has the same sha1sum:
03de306e6bead81 b0de390a2c47ba2 64139e4e69 /etc/ssl/ certs/594f1775. 0
Long shot, but, I did notice that the Issuer CN on the cas.ucdavis.edu cert doesn't have a value. Is it required?