Материал из Tkabber Wiki.
$ host -t srv _xmpp-client._tcp.gmail.com
_xmpp-client._tcp.gmail.com has SRV record 20 0 5222 talk3.l.google.com.
_xmpp-client._tcp.gmail.com has SRV record 20 0 5222 talk4.l.google.com.
_xmpp-client._tcp.gmail.com has SRV record 5 0 5222 talk.l.google.com.
_xmpp-client._tcp.gmail.com has SRV record 20 0 5222 talk1.l.google.com.
_xmpp-client._tcp.gmail.com has SRV record 20 0 5222 talk2.l.google.com.
% package require tls
1.50
% proc confess args { puts [info level 0] }
% set s [::tls::socket -command ::confess talk4.l.google.com 5223]
sock7
% ::tls::handshake $s
::confess info sock7 handshake start {before/connect initialization}
::confess info sock7 connect loop {before/connect initialization}
::confess info sock7 connect loop {SSLv2/v3 write client hello A}
::confess info sock7 connect loop {SSLv3 read server hello A}
::confess verify sock7 0 {sha1_hash 0000000000000000000000000000000000000000 subject {/C=US/ST=California/L=Mountain View/O=Google Inc./CN=talk.google.com} issuer {/C=US/O=Equifax/OU=Equifax Secure Certificate Authority} notBefore {Apr 11 17:20:16 2007 GMT} notAfter {Apr 10 17:20:16 2012 GMT} serial 475031} 0 {unable to get local issuer certificate}
::confess info sock7 alert write {bad certificate}
::confess info sock7 connect exit {SSLv3 read server certificate B}
::confess info sock7 connect exit {SSLv3 read server certificate B}
::confess error sock7 {certificate verify failed}
handshake failed: certificate verify failed
Очень странный SHA-1 хэш.
При этом:
$ ls /etc/ssl/certs/Equifax*
/etc/ssl/certs/Equifax_Secure_CA.pem
/etc/ssl/certs/Equifax_Secure_eBusiness_CA_1.pem
/etc/ssl/certs/Equifax_Secure_eBusiness_CA_2.pem
/etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem
Далее:
% set s [::tls::socket -command ::confess -cafile /etc/ssl/certs/Equifax_Secure_CA.pem talk4.l.google.com 5223]
sock7
% ::tls::handshake $s
::confess info sock7 handshake start {before/connect initialization}
::confess info sock7 connect loop {before/connect initialization}
::confess info sock7 connect loop {SSLv2/v3 write client hello A}
::confess info sock7 connect loop {SSLv3 read server hello A}
::confess verify sock7 1 {sha1_hash D23209AD23D314232174E40D7F9D62139786633A subject {/C=US/O=Equifax/OU=Equifax Secure Certificate Authority} issuer {/C=US/O=Equifax/OU=Equifax Secure Certificate Authority} notBefore {Aug 22 16:41:51 1998 GMT} notAfter {Aug 22 16:41:51 2018 GMT} serial 903804111} 1 {}
::confess verify sock7 0 {sha1_hash 953FBE4D549B7E700EC14782C68CD09F9B512BCE subject {/C=US/ST=California/L=Mountain View/O=Google Inc./CN=talk.google.com} issuer {/C=US/O=Equifax/OU=Equifax Secure Certificate Authority} notBefore {Apr 11 17:20:16 2007 GMT} notAfter {Apr 10 17:20:16 2012 GMT} serial 475031} 1 {}
::confess info sock7 connect loop {SSLv3 read server certificate A}
::confess info sock7 connect loop {SSLv3 read server key exchange A}
::confess info sock7 connect loop {SSLv3 read server done A}
::confess info sock7 connect loop {SSLv3 write client key exchange A}
::confess info sock7 connect loop {SSLv3 write change cipher spec A}
::confess info sock7 connect loop {SSLv3 write finished A}
::confess info sock7 connect loop {SSLv3 flush data}
::confess info sock7 connect loop {SSLv3 read finished A}
::confess info sock7 handshake done {SSL negotiation finished successfully}
::confess info sock7 connect exit {SSL negotiation finished successfully}
1