The site is using a 'chained' or 'intermediate' certificate, as is usual with
verisign 'global' certificates. (The site cert is signed by a 'Verisign Trust
Network' cert, which is in turn signed by the Verisign root key in the ca-bundle
file.)

ssl2 doesn't support certificate chaining, that features is only in ssl3 and
above, so the certificate chain can't be verified when using ssl2.

Don't use ssl2 - there's no good reason if you have ssl3 capable software (and
you almost always do) - ssl2 is broken in plenty of other ways too.

Cris

Craig Davison wrote:
> Hi again,
> Does anyone know why this might fail due to a certificate problem (with 7.10.1):
> curl -2 https://upload.securityfocus.com/
>
> While SSLv3 (-3) and TLSv1 (-1) succeed?
>
> Other hosts I can make this happen with are tms.securityfocus.com, analyzer.securityfocus.com, and sfcm.securityfocus.com. upload, tms and analyzer are IIS servers, whereas sfcm is running Apache on UNIX.
> Is this a problem with our certificates, or is SSLv2 certificate verification somehow broken?
>
> Thanks in advance for any help.
>

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2002-10-12