openssl でoverssl のtest

bike stand

$ openssl s_client -connect host:port

という感じでssl 通信が簡単にできることを知りました.

例えばgmail のPOP3s に繋ぐときは,

$ openssl s_client -connect pop.gmail.com:995
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv
cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV
8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL/6z/Z59ZQvrztqkwhchA2
APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2+nbuFl
flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD
AgTwMB0GA1UdDgQWBBTJRG/OFpZt+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC+g
LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf
BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf
3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K
sO/NUVZ/IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn+eDEpqmU3CE7IP
HDCjWOK1fGkZ/yFAuTxuxAc=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 883 bytes and written 306 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 39540113484DCE99A2672F1EB2816DAA4E9AE7BBC40DEC104AB3B41E242213CB
    Session-ID-ctx: 
    Master-Key: 6173C205751DD56A0AF14EBE126FDFA2012F534FC59FF01CF55D16E87570E11FC209104103BDD25417A8B5F6C550BB44
    Key-Arg   : None
    Start Time: 1222857967
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
+OK Gpop ready for requests from 202.244.32.242 t1pf933894poh.13
USER matoken
+OK send PASS
PASS xxxxxxxx
+OK Welcome.
STAT
+OK 7 37195
quit
+OK Farewell.
read:errno=0

な感じで繋がります.


同様にIMAP4s(993)/SMTPs(465)/HTTPS(443) と普通に繋がりました.
これは便利.


ただ,証明書の確認はしてくれてないと思うのでその辺は注意かな?


追記)
START TLS の場合の例

$ openssl s_client -starttls smtp -connect localhost:25

中間証明書も確認したい場合は -showcerts を付ける