Skip to content

Instantly share code, notes, and snippets.

@wolfeidau

wolfeidau/openssl.md

Last active December 14, 2015 03:48
Show Gist options
  • Save wolfeidau/5023408 to your computer and use it in GitHub Desktop.
Save wolfeidau/5023408 to your computer and use it in GitHub Desktop.
Download ZIP
Openssl hitting https://rubygems.org/
Raw
openssl.md

Running the version of openssl installed via homebrew.

$ /usr/local/Cellar/openssl/1.0.1e/bin/openssl s_client -connect rubygems.org:443
CONNECTED(00000003)
depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/serialNumber=RRAXldgzDrRZWQpGo6FHdTHV3qwvwXtD/OU=GT35895174/OU=See www.rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=*.rubygems.org
   i:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
 1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIDCl4aMA0GCSqGSIb3DQEBBQUAMDwxCzAJBgNVBAYTAlVT
MRcwFQYDVQQKEw5HZW9UcnVzdCwgSW5jLjEUMBIGA1UEAxMLUmFwaWRTU0wgQ0Ew
HhcNMTMwMTMwMjA1NjE0WhcNMTcwMjAxMTk0MzA4WjCBvTEpMCcGA1UEBRMgUlJB
WGxkZ3pEclJaV1FwR282RkhkVEhWM3F3dndYdEQxEzARBgNVBAsTCkdUMzU4OTUx
NzQxMTAvBgNVBAsTKFNlZSB3d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMg
KGMpMTMxLzAtBgNVBAsTJkRvbWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlk
U1NMKFIpMRcwFQYDVQQDDA4qLnJ1YnlnZW1zLm9yZzCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMY3fklqGjBfohzgejSBLc5e4LAI8FNLv/BMyG6BKtQK
rM4ZTbbMnrw2xfrRXr8aeZYoWN63uv0OO/BxK/RLYO4SQBiB0/JMB+wzn/hLJpJD
bhP9Pd4XIOtQTv/5CNrRpUGZLX3W1eZtnPZvJVDbeuTN49rWZBS3JOCjkFw2EWoS
StrxOSwJ0iaa7HATZKKgMbtV1qeBwTyARBgSIYEgJ+TI3cKVg5qDNdPr2dGaTlHg
LTs+nIqDUggduRI7xyLaUj+Mf2j3mv+26yy2yEr5zdXLuZzFYU1eqzETb7oI4x46
KXyBVv75WgoK881PULhVJqWGRgCyx2ZMK7AvpMdngDkCAwEAAaOCAbcwggGzMB8G
A1UdIwQYMBaAFGtpPWoYQkrdjwJlOf01JIZ4kRYwMA4GA1UdDwEB/wQEAwIFoDAd
BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwJwYDVR0RBCAwHoIOKi5ydWJ5
Z2Vtcy5vcmeCDHJ1YnlnZW1zLm9yZzBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8v
cmFwaWRzc2wtY3JsLmdlb3RydXN0LmNvbS9jcmxzL3JhcGlkc3NsLmNybDAdBgNV
HQ4EFgQU2Czq+nFLhWXI839ux9DNgKsb3vYwDAYDVR0TAQH/BAIwADB4BggrBgEF
BQcBAQRsMGowLQYIKwYBBQUHMAGGIWh0dHA6Ly9yYXBpZHNzbC1vY3NwLmdlb3Ry
dXN0LmNvbTA5BggrBgEFBQcwAoYtaHR0cDovL3JhcGlkc3NsLWFpYS5nZW90cnVz
dC5jb20vcmFwaWRzc2wuY3J0MEwGA1UdIARFMEMwQQYKYIZIAYb4RQEHNjAzMDEG
CCsGAQUFBwIBFiVodHRwOi8vd3d3Lmdlb3RydXN0LmNvbS9yZXNvdXJjZXMvY3Bz
MA0GCSqGSIb3DQEBBQUAA4IBAQBMugSZ6+ISnmeDd66Q42kSyPXYkfxNTSzYWTIm
fdvI66/DFRJTYa/25vaP/gGidrN2UZa9wQm2/t2A5lZrNXneUNN4dVdr9868AjFp
pdXvu/w2Bl3BQv2Uo6FDbnM9g1OzBLMPvPjtksJ1ybkEAOihi0EijbzFNP5rNYJm
lYBwU3Z68ZOZk943JVq1sQsKol1QQAEo3KgGU2JWuSJTnglwZwidimikTkEA+FEe
EjeYVpQZ/PV6OdzfBCM2NTy7FIyg9k7z3j/MV73G/fsgTIvQWjcUAH2d7+35XJdt
VjXjeJH2lIMZXIVeAqxSSmeX4jHHdZePSEMgqa8DJ8kmmmOA
-----END CERTIFICATE-----
subject=/serialNumber=RRAXldgzDrRZWQpGo6FHdTHV3qwvwXtD/OU=GT35895174/OU=See www.rapidssl.com/resources/cps (c)13/OU=Domain Control Validated - RapidSSL(R)/CN=*.rubygems.org
issuer=/C=US/O=GeoTrust, Inc./CN=RapidSSL CA
---
No client certificate CA names sent
---
SSL handshake has read 2985 bytes and written 360 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : ECDHE-RSA-AES256-SHA
    Session-ID: 676536E9083C39E2AD67D1491E1BE26C2BE9BEBF8A65D7C3B253FFE401A757E9
    Session-ID-ctx: 
    Master-Key: 122C3A65843EA733248363EA01D4F0A34F9130010AC13D03CFCE9423D35AA98E6A2FEB089AF30BAC597797D6A6B30869
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 600 (seconds)
    TLS session ticket:
    0000 - 5a 1b 53 f2 56 e4 99 7a-49 4d 3c 0a 00 db 62 f1   Z.S.V..zIM<...b.
    0010 - 50 dc ad 6f 45 bf e5 8a-e9 84 9d e2 96 b3 5e 48   P..oE.........^H
    0020 - 1a cb 53 d2 b8 1b a4 4e-9a 8b b5 cf 32 09 05 de   ..S....N....2...
    0030 - e3 13 79 60 b2 52 a4 c8-f9 02 e8 3d a7 6f 36 94   ..y`.R.....=.o6.
    0040 - 96 26 e1 01 fc 7b 51 28-21 ae 76 b9 f1 13 10 9b   .&...{Q(!.v.....
    0050 - fb 46 e5 f2 1f 13 17 71-68 72 66 cf f8 9f 3c 8b   .F.....qhrf...<.
    0060 - 95 70 e3 48 9c 10 75 5c-7e ac 6a bb f9 ef 4e 06   .p.H..u\~.j...N.
    0070 - 6c 58 9b 32 39 d5 05 13-dd 6b bf de 45 d2 77 eb   lX.29....k..E.w.
    0080 - dd 64 40 30 68 00 64 11-78 1b ea 2b c0 d0 6b 4a   .d@0h.d.x..+..kJ
    0090 - a9 8c a5 5d c6 8a 08 3b-8b 24 c8 15 8c 91 57 b9   ...]...;.$....W.

    Start Time: 1361703345
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

read:errno=0

Using Dtrace to look at what openssl access.

Our aim is to see all files opened by openssl and thier mode as per man 2 open which describes this system call's arguments, in this arg0 is the file and arg1 is the mode.

The following fragment will look for processes which match openssl execname and trace the probe for the aforementioned system call.

dtrace -Z -n 'syscall::open_nocancel:entry /execname == "openssl"/{ printf("%s %d", copyinstr(arg0), arg1); }'

In another terminal I run.

/usr/local/Cellar/openssl/1.0.1e/bin/openssl s_client -CAfile /usr/local/share/ca-bundle.crt -connect rubygems.org:443

This command completes and I see the following output in the terminal running dtrace.

# dtrace -Z -n 'syscall::open_nocancel:entry /execname == "openssl"/{ printf("%s %d", copyinstr(arg0), arg1); }'
dtrace: description 'syscall::open_nocancel:entry ' matched 1 probe
CPU     ID                    FUNCTION:NAME
  4    927              open_nocancel:entry /usr/local/etc/openssl/openssl.cnf 0
  4    927              open_nocancel:entry /Users/markw/.rnd 0
  4    927              open_nocancel:entry /usr/local/share/ca-bundle.crt 0
  0    927              open_nocancel:entry /usr/share/zoneinfo/UTC 0
  4    927              open_nocancel:entry /usr/local/etc/openssl/cert.pem 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment