NCommander/s_client IDN failure Secret

## s_client IDN failure
mcasadevall@dawntreader:~/src$ openssl s_client -strict -verify 2 -host räksmörgås.josefsson.org -port 443
verify depth is 2
139892292616640:error:20087002:BIO routines:BIO_lookup:system lib:../crypto/bio/b_addr.c:693:Name or service not known
connect:errno=2
mcasadevall@dawntreader:~/src$ openssl s_client -strict -verify 2 -host xn--rksmrgs-5wao1o.josefsson.org -port 443
verify depth is 2
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = josefsson.org
verify return:1
---
Certificate chain
 0 s:/CN=josefsson.org
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGlTCCBX2gAwIBAgISBOcNYlz6CnjHORHmzZ0Qy3QOMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA5MDgwNjMzMTFaFw0x
ODEyMDcwNjMzMTFaMBgxFjAUBgNVBAMTDWpvc2Vmc3Nvbi5vcmcwggF4MA0GCSqG
SIb3DQEBAQUAA4IBZQAwggFgAoIBVwCq+ZgjcLb9RPUFkpEGz8gZ31fwi/kxxbUJ
3iR//w8SHL9V8CBkHd6YpCXi9wCV1olOqKOlog+51Nnoyp+LgXKlZbm5+quXTqpC
v9oazcaoprgP63ZTeXl21wwh/RanzevqvqzkJRIdZCF5aVQD0Pz4rba4+pwpCm/I
X71Bje6lFu1+0nXhiBEl9fCGYPBR30MS6FcvxCW+ZWr7Z1aB8qPF1zNsjECKlGHQ
gocXp8xcOYoPObEe/HQNjHk7A/1f2OUFLrIyGm26hJvI4bN3cjYrOAnNxKob0zGT
rLv1TAH3xbeCjX6YmsPYaQZzyrlenPHMo/NjCdLQjevW52qKMd3wM9RgNVR01Bku
M/V/5eWk7T64Bf5kdfevEBWAfEV9XvDSRkbd/oVGU9PrmNaqJrEl/GUwe+DAIhP/
+mdYRySDXM0jWX3ByVpQ/pAKc9QVoYtIRMVPHtkCAwEAAaOCA08wggNLMA4GA1Ud
DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
AQH/BAIwADAdBgNVHQ4EFgQUr9q5NR2n4Ey8UbJadgUYKDMbHSswHwYDVR0jBBgw
FoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUF
BzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUF
BzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzBTBgNVHREE
TDBKghJibG9nLmpvc2Vmc3Nvbi5vcmeCDWpvc2Vmc3Nvbi5vcmeCBnNqZC5zZYIR
d3d3Lmpvc2Vmc3Nvbi5vcmeCCnd3dy5zamQuc2Uwgf4GA1UdIASB9jCB8zAIBgZn
gQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
LmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmlj
YXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBh
bmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGlj
eSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzCC
AQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUI
Fy+jqh0HE9MMAAABZbgZT9sAAAQDAEcwRQIgVIl4OVVPznibCKsUU2Y/sYMileBG
w5E1DtjbqkUtImYCIQDlRraoXJ7tG7G76rXkJRqztLfiCahfl+76HylxuUB92gB1
ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABZbgZT8QAAAQDAEYw
RAIgYODPBqgwNqpuyYWXPxSC1rwM2rIr7Zf2dsxuhR0uiHkCIF4dUyQYG+cn/onM
y30R4a5tp7W3yhMI0Un6YShZrsyUMA0GCSqGSIb3DQEBCwUAA4IBAQA2u6+ATr8S
XGf4V89yVjP7Sw+xBFlQyQ5juPqAsRW12xMGC4JmXPsrg0R++nzlqXYy+h2pyvFC
c8XhCud/uW8dCgL5syPF+fNET7KXt47zbbXMs/gkeeI3Z7opriQ8ACMAgOmI9abQ
Lw7hgQHZQs44zdmGoi90fdZyX/RcWTcjMc7JdLJ0vQtLo0nopEEJopjgDb7MSDqq
i4k8wk9Om/5qRP9ky8IWO72RDHTbGGn/DEgsZq+h82kP7JGZziju4CMF1azp8bqy
njl2xj/HNX6k5ZhSt2TlVNQsc6br6pvM/VfD03wtjU4k5WSBhGMrb6/v8JsVh6H/
YgyWQYX37bSZ
-----END CERTIFICATE-----
subject=/CN=josefsson.org
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3638 bytes and written 302 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2736 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: DB1F6A2C765D61F5352DAAFB507C113C456E5505D07A8E94150B61EFD13E06F7
    Session-ID-ctx:
    Master-Key: F9C7589F001AFF8488B8A65CF6188055D4AF6FEC7D1B96D26B8F230909941868E25C240FFE83B0C4F43154CE42F71CAB
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 27 08 d4 2e 32 83 b1 d0-c0 57 7a 35 c5 6e dc 83   '...2....Wz5.n..
    0010 - d8 b5 61 39 f1 3f e2 7c-bb 38 72 51 a6 9c 13 be   ..a9.?.|.8rQ....
    0020 - b9 64 2c ac a6 0a 0c b0-d3 e3 9e 59 83 91 4b 16   .d,........Y..K.
    0030 - a6 32 a6 ca ad 65 d3 b8-59 d2 7b b9 23 b7 82 92   .2...e..Y.{.#...
    0040 - fb 1f 19 53 5a ba 1c c3-86 72 8a 0b 7b 76 78 29   ...SZ....r..{vx)
    0050 - 71 6b f5 ce c0 5e 9a 76-e3 b8 28 16 bc cb fb e0   qk...^.v..(.....
    0060 - bf 61 b3 fd a0 aa d7 0d-71 13 00 57 24 5a 15 4c   .a......q..W$Z.L
    0070 - 84 1e e6 87 2a bc 03 3f-c2 05 63 05 66 f2 44 6c   ....*..?..c.f.Dl
    0080 - 2d 8d 71 c5 6f bd 93 d7-8f be 31 44 03 f5 88 b8   -.q.o.....1D....
    0090 - f3 b9 b9 11 29 fa 9d 0b-a8 2a 0c 49 5d df 13 33   ....)....*.I]..3
    00a0 - cd 15 33 13 b7 af 43 a2-b8 72 f0 22 df ee 70 d4   ..3...C..r."..p.
    00b0 - e0 4b a5 8f 1e 7f 70 88-67 35 00 c8 fa 0f 21 ce   .K....p.g5....!.

    Start Time: 1542120602
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
	mcasadevall@dawntreader:~/src$ openssl s_client -strict -verify 2 -host räksmörgås.josefsson.org -port 443
	verify depth is 2
	139892292616640:error:20087002:BIO routines:BIO_lookup:system lib:../crypto/bio/b_addr.c:693:Name or service not known
	connect:errno=2
	mcasadevall@dawntreader:~/src$ openssl s_client -strict -verify 2 -host xn--rksmrgs-5wao1o.josefsson.org -port 443
	verify depth is 2
	CONNECTED(00000003)
	depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
	verify return:1
	depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
	verify return:1
	depth=0 CN = josefsson.org
	verify return:1
	---
	Certificate chain
	0 s:/CN=josefsson.org
	i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
	1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
	i:/O=Digital Signature Trust Co./CN=DST Root CA X3
	---
	Server certificate
	-----BEGIN CERTIFICATE-----
	MIIGlTCCBX2gAwIBAgISBOcNYlz6CnjHORHmzZ0Qy3QOMA0GCSqGSIb3DQEBCwUA
	MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
	ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA5MDgwNjMzMTFaFw0x
	ODEyMDcwNjMzMTFaMBgxFjAUBgNVBAMTDWpvc2Vmc3Nvbi5vcmcwggF4MA0GCSqG
	SIb3DQEBAQUAA4IBZQAwggFgAoIBVwCq+ZgjcLb9RPUFkpEGz8gZ31fwi/kxxbUJ
	3iR//w8SHL9V8CBkHd6YpCXi9wCV1olOqKOlog+51Nnoyp+LgXKlZbm5+quXTqpC
	v9oazcaoprgP63ZTeXl21wwh/RanzevqvqzkJRIdZCF5aVQD0Pz4rba4+pwpCm/I
	X71Bje6lFu1+0nXhiBEl9fCGYPBR30MS6FcvxCW+ZWr7Z1aB8qPF1zNsjECKlGHQ
	gocXp8xcOYoPObEe/HQNjHk7A/1f2OUFLrIyGm26hJvI4bN3cjYrOAnNxKob0zGT
	rLv1TAH3xbeCjX6YmsPYaQZzyrlenPHMo/NjCdLQjevW52qKMd3wM9RgNVR01Bku
	M/V/5eWk7T64Bf5kdfevEBWAfEV9XvDSRkbd/oVGU9PrmNaqJrEl/GUwe+DAIhP/
	+mdYRySDXM0jWX3ByVpQ/pAKc9QVoYtIRMVPHtkCAwEAAaOCA08wggNLMA4GA1Ud
	DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
	AQH/BAIwADAdBgNVHQ4EFgQUr9q5NR2n4Ey8UbJadgUYKDMbHSswHwYDVR0jBBgw
	FoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBhMC4GCCsGAQUF
	BzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3JnMC8GCCsGAQUF
	BzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3JnLzBTBgNVHREE
	TDBKghJibG9nLmpvc2Vmc3Nvbi5vcmeCDWpvc2Vmc3Nvbi5vcmeCBnNqZC5zZYIR
	d3d3Lmpvc2Vmc3Nvbi5vcmeCCnd3dy5zamQuc2Uwgf4GA1UdIASB9jCB8zAIBgZn
	gQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRwOi8vY3Bz
	LmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENlcnRpZmlj
	YXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBh
	bmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRlIFBvbGlj
	eSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzCC
	AQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUI
	Fy+jqh0HE9MMAAABZbgZT9sAAAQDAEcwRQIgVIl4OVVPznibCKsUU2Y/sYMileBG
	w5E1DtjbqkUtImYCIQDlRraoXJ7tG7G76rXkJRqztLfiCahfl+76HylxuUB92gB1
	ACk8UZZUyDlluqpQ/FgH1Ldvv1h6KXLcpMMM9OVFR/R4AAABZbgZT8QAAAQDAEYw
	RAIgYODPBqgwNqpuyYWXPxSC1rwM2rIr7Zf2dsxuhR0uiHkCIF4dUyQYG+cn/onM
	y30R4a5tp7W3yhMI0Un6YShZrsyUMA0GCSqGSIb3DQEBCwUAA4IBAQA2u6+ATr8S
	XGf4V89yVjP7Sw+xBFlQyQ5juPqAsRW12xMGC4JmXPsrg0R++nzlqXYy+h2pyvFC
	c8XhCud/uW8dCgL5syPF+fNET7KXt47zbbXMs/gkeeI3Z7opriQ8ACMAgOmI9abQ
	Lw7hgQHZQs44zdmGoi90fdZyX/RcWTcjMc7JdLJ0vQtLo0nopEEJopjgDb7MSDqq
	i4k8wk9Om/5qRP9ky8IWO72RDHTbGGn/DEgsZq+h82kP7JGZziju4CMF1azp8bqy
	njl2xj/HNX6k5ZhSt2TlVNQsc6br6pvM/VfD03wtjU4k5WSBhGMrb6/v8JsVh6H/
	YgyWQYX37bSZ
	-----END CERTIFICATE-----
	subject=/CN=josefsson.org
	issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
	---
	No client certificate CA names sent
	Peer signing digest: SHA512
	Server Temp Key: ECDH, P-256, 256 bits
	---
	SSL handshake has read 3638 bytes and written 302 bytes
	Verification: OK
	---
	New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
	Server public key is 2736 bit
	Secure Renegotiation IS supported
	Compression: NONE
	Expansion: NONE
	No ALPN negotiated
	SSL-Session:
	Protocol : TLSv1.2
	Cipher : ECDHE-RSA-AES256-GCM-SHA384
	Session-ID: DB1F6A2C765D61F5352DAAFB507C113C456E5505D07A8E94150B61EFD13E06F7
	Session-ID-ctx:
	Master-Key: F9C7589F001AFF8488B8A65CF6188055D4AF6FEC7D1B96D26B8F230909941868E25C240FFE83B0C4F43154CE42F71CAB
	PSK identity: None
	PSK identity hint: None
	SRP username: None
	TLS session ticket lifetime hint: 300 (seconds)
	TLS session ticket:
	0000 - 27 08 d4 2e 32 83 b1 d0-c0 57 7a 35 c5 6e dc 83 '...2....Wz5.n..
	0010 - d8 b5 61 39 f1 3f e2 7c-bb 38 72 51 a6 9c 13 be ..a9.?.\|.8rQ....
	0020 - b9 64 2c ac a6 0a 0c b0-d3 e3 9e 59 83 91 4b 16 .d,........Y..K.
	0030 - a6 32 a6 ca ad 65 d3 b8-59 d2 7b b9 23 b7 82 92 .2...e..Y.{.#...
	0040 - fb 1f 19 53 5a ba 1c c3-86 72 8a 0b 7b 76 78 29 ...SZ....r..{vx)
	0050 - 71 6b f5 ce c0 5e 9a 76-e3 b8 28 16 bc cb fb e0 qk...^.v..(.....
	0060 - bf 61 b3 fd a0 aa d7 0d-71 13 00 57 24 5a 15 4c .a......q..W$Z.L
	0070 - 84 1e e6 87 2a bc 03 3f-c2 05 63 05 66 f2 44 6c ....*..?..c.f.Dl
	0080 - 2d 8d 71 c5 6f bd 93 d7-8f be 31 44 03 f5 88 b8 -.q.o.....1D....
	0090 - f3 b9 b9 11 29 fa 9d 0b-a8 2a 0c 49 5d df 13 33 ....)....*.I]..3
	00a0 - cd 15 33 13 b7 af 43 a2-b8 72 f0 22 df ee 70 d4 ..3...C..r."..p.
	00b0 - e0 4b a5 8f 1e 7f 70 88-67 35 00 c8 fa 0f 21 ce .K....p.g5....!.

	Start Time: 1542120602
	Timeout : 7200 (sec)
	Verify return code: 0 (ok)
	Extended master secret: no
	---