openssl でoverssl のtest
$ openssl s_client -connect host:port
という感じでssl 通信が簡単にできることを知りました.
例えばgmail のPOP3s に繋ぐときは,
$ openssl s_client -connect pop.gmail.com:995 CONNECTED(00000003) depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2 WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV 8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL/6z/Z59ZQvrztqkwhchA2 APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2+nbuFl flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD AgTwMB0GA1UdDgQWBBTJRG/OFpZt+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC+g LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf 3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K sO/NUVZ/IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn+eDEpqmU3CE7IP HDCjWOK1fGkZ/yFAuTxuxAc= -----END CERTIFICATE----- subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- No client certificate CA names sent --- SSL handshake has read 883 bytes and written 306 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 39540113484DCE99A2672F1EB2816DAA4E9AE7BBC40DEC104AB3B41E242213CB Session-ID-ctx: Master-Key: 6173C205751DD56A0AF14EBE126FDFA2012F534FC59FF01CF55D16E87570E11FC209104103BDD25417A8B5F6C550BB44 Key-Arg : None Start Time: 1222857967 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- +OK Gpop ready for requests from 202.244.32.242 t1pf933894poh.13 USER matoken +OK send PASS PASS xxxxxxxx +OK Welcome. STAT +OK 7 37195 quit +OK Farewell. read:errno=0
な感じで繋がります.
同様にIMAP4s(993)/SMTPs(465)/HTTPS(443) と普通に繋がりました.
これは便利.
ただ,証明書の確認はしてくれてないと思うのでその辺は注意かな?
追記)
START TLS の場合の例
$ openssl s_client -starttls smtp -connect localhost:25
中間証明書も確認したい場合は -showcerts を付ける