jmorahan · September 9, 2024 18:41
diff --git a/gistfile1.txt b/gistfile1.txt
 $ openssl s_client -connect static.gnome.org:443 -servername static.gnome.org -status </dev/null
 CONNECTED(00000003)
 depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
 verify return:1
 depth=1 C = US, O = Let's Encrypt, CN = E6
 verify return:1
 depth=0 CN = 1009550802.rsc.cdn77.org
 verify return:1
 OCSP response: 
 ======================================
 OCSP Response Data:
    OCSP Response Status: successful (0x0)
    Response Type: Basic OCSP Response
    Version: 1 (0x0)
    Responder Id: C = US, O = Let's Encrypt, CN = E6
    Produced At: Sep  2 16:50:00 2024 GMT
    Responses:
    Certificate ID:
      Hash Algorithm: sha1
      Issuer Name Hash: D47A388041E8E98D07387CECF6B6D8F20FA56431
      Issuer Key Hash: 0DC5CCFD9BEE1405A14C3082A53E5E8AC35809D2
      Serial Number: 04EC7039E3954584D756991622D95BFB74FB
    Cert Status: good
    This Update: Sep  2 16:50:00 2024 GMT
    Next Update: Sep  9 16:49:58 2024 GMT

    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:65:02:31:00:ea:d2:00:cf:b0:31:d7:99:4d:d1:4f:60:70:
        43:0b:db:fd:95:35:5e:92:46:85:73:ef:40:0a:a9:f4:b4:5d:
        71:a1:f5:22:fe:b3:8a:90:c3:13:82:c7:66:8b:aa:09:cc:02:
        30:3f:7b:06:b2:45:0e:7b:55:0f:4d:7e:fa:4e:f0:bc:e9:8e:
        72:3b:44:e6:69:09:89:01:e7:72:63:89:3b:07:6b:bc:14:bd:
        bd:7f:da:89:50:40:e8:1a:2f:ad:45:09:ef
 ======================================
 ---
 Certificate chain
 0 s:CN = 1009550802.rsc.cdn77.org
   i:C = US, O = Let's Encrypt, CN = E6
   a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384
   v:NotBefore: Jul 31 17:03:02 2024 GMT; NotAfter: Oct 29 17:03:01 2024 GMT
 1 s:C = US, O = Let's Encrypt, CN = E6
   i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
   a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
 ---
 Server certificate
 -----BEGIN CERTIFICATE-----
 MIIDtDCCAzqgAwIBAgISBOxwOeOVRYTXVpkWItlb+3T7MAoGCCqGSM49BAMDMDIx
 CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
 NjAeFw0yNDA3MzExNzAzMDJaFw0yNDEwMjkxNzAzMDFaMCMxITAfBgNVBAMTGDEw
 MDk1NTA4MDIucnNjLmNkbjc3Lm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
 BOAteGd9+q3NYHgFoi2OeBERSWGNzEfoOlAWrcbmdqfmWEzy+ZBWFzCckmC/YhqG
 wIJamK0QJV/lNquyH0wmm/+jggI9MIICOTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0l
 BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
 FFeNwfeSK6HBvfEBE322zgkwXGW9MB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI
 2yO/WJTSMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8u
 bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMEgG
 A1UdEQRBMD+CGDEwMDk1NTA4MDIucnNjLmNkbjc3Lm9yZ4IQc3RhdGljLmdub21l
 Lm9yZ4IRd3d3LW9sZC5nbm9tZS5vcmcwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEC
 BgorBgEEAdZ5AgQCBIHzBIHwAO4AdQBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZ
 u7+rOdiEcwAAAZEJ9bRrAAAEAwBGMEQCIDAxLirJNBn4o68+3wrp5Fk5hHQ1Yota
 5SwGE3rv4jqpAiAdB9585mgnXpo0ZoOaxT3XnX9+i3Zn7FZSoeZbbYQU0wB1AO7N
 0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABkQn1tGwAAAQDAEYwRAIg
 QFRIOj8SrNvLrL0SrS0QyaSYMnc7DO6FflnFysyrgZECIFDRudtI2AyYrfO/eXyP
 tv0gHJusLo/V7ug+CJz9tcMcMAoGCCqGSM49BAMDA2gAMGUCMD4E/cxl6z6bC4/B
 3RvdfCo+eeKjNQXNYxMqiGyG1QDS4SRNxfdovnVcmo1z52m2EgIxAJb84IwwJPuU
 /6+SruMcIrB/8duyOjglJTd6VmUGbKzjfBmZJYoFeLYZZ0c33oNNRA==
 -----END CERTIFICATE-----
 subject=CN = 1009550802.rsc.cdn77.org
 issuer=C = US, O = Let's Encrypt, CN = E6
 ---
 No client certificate CA names sent
 Peer signing digest: SHA256
 Peer signature type: ECDSA
 Server Temp Key: X25519, 253 bits
 ---
 SSL handshake has read 2800 bytes and written 407 bytes
 Verification: OK
 ---
 New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
 Server public key is 256 bit
 Secure Renegotiation IS NOT supported
 Compression: NONE
 Expansion: NONE
 No ALPN negotiated
 Early data was not sent
 Verify return code: 0 (ok)
 ---
 DONE
	$ openssl s_client -connect static.gnome.org:443 -servername static.gnome.org -status </dev/null
	CONNECTED(00000003)
	depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
	verify return:1
	depth=1 C = US, O = Let's Encrypt, CN = E6
	verify return:1
	depth=0 CN = 1009550802.rsc.cdn77.org
	verify return:1
	OCSP response:
	======================================
	OCSP Response Data:
	OCSP Response Status: successful (0x0)
	Response Type: Basic OCSP Response
	Version: 1 (0x0)
	Responder Id: C = US, O = Let's Encrypt, CN = E6
	Produced At: Sep 2 16:50:00 2024 GMT
	Responses:
	Certificate ID:
	Hash Algorithm: sha1
	Issuer Name Hash: D47A388041E8E98D07387CECF6B6D8F20FA56431
	Issuer Key Hash: 0DC5CCFD9BEE1405A14C3082A53E5E8AC35809D2
	Serial Number: 04EC7039E3954584D756991622D95BFB74FB
	Cert Status: good
	This Update: Sep 2 16:50:00 2024 GMT
	Next Update: Sep 9 16:49:58 2024 GMT

	Signature Algorithm: ecdsa-with-SHA384
	Signature Value:
	30:65:02:31:00:ea:d2:00:cf:b0:31:d7:99:4d:d1:4f:60:70:
	43:0b:db:fd:95:35:5e:92:46:85:73:ef:40:0a:a9:f4:b4:5d:
	71:a1:f5:22:fe:b3:8a:90:c3:13:82:c7:66:8b:aa:09:cc:02:
	30:3f:7b:06:b2:45:0e:7b:55:0f:4d:7e:fa:4e:f0:bc:e9:8e:
	72:3b:44:e6:69:09:89:01:e7:72:63:89:3b:07:6b:bc:14:bd:
	bd:7f:da:89:50:40:e8:1a:2f:ad:45:09:ef
	======================================
	---
	Certificate chain
	0 s:CN = 1009550802.rsc.cdn77.org
	i:C = US, O = Let's Encrypt, CN = E6
	a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA384
	v:NotBefore: Jul 31 17:03:02 2024 GMT; NotAfter: Oct 29 17:03:01 2024 GMT
	1 s:C = US, O = Let's Encrypt, CN = E6
	i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
	a:PKEY: id-ecPublicKey, 384 (bit); sigalg: RSA-SHA256
	v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
	---
	Server certificate
	-----BEGIN CERTIFICATE-----
	MIIDtDCCAzqgAwIBAgISBOxwOeOVRYTXVpkWItlb+3T7MAoGCCqGSM49BAMDMDIx
	CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
	NjAeFw0yNDA3MzExNzAzMDJaFw0yNDEwMjkxNzAzMDFaMCMxITAfBgNVBAMTGDEw
	MDk1NTA4MDIucnNjLmNkbjc3Lm9yZzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
	BOAteGd9+q3NYHgFoi2OeBERSWGNzEfoOlAWrcbmdqfmWEzy+ZBWFzCckmC/YhqG
	wIJamK0QJV/lNquyH0wmm/+jggI9MIICOTAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0l
	BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
	FFeNwfeSK6HBvfEBE322zgkwXGW9MB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI
	2yO/WJTSMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8u
	bGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMEgG
	A1UdEQRBMD+CGDEwMDk1NTA4MDIucnNjLmNkbjc3Lm9yZ4IQc3RhdGljLmdub21l
	Lm9yZ4IRd3d3LW9sZC5nbm9tZS5vcmcwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEC
	BgorBgEEAdZ5AgQCBIHzBIHwAO4AdQBIsONr2qZHNA/lagL6nTDrHFIBy1bdLIHZ
	u7+rOdiEcwAAAZEJ9bRrAAAEAwBGMEQCIDAxLirJNBn4o68+3wrp5Fk5hHQ1Yota
	5SwGE3rv4jqpAiAdB9585mgnXpo0ZoOaxT3XnX9+i3Zn7FZSoeZbbYQU0wB1AO7N
	0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAABkQn1tGwAAAQDAEYwRAIg
	QFRIOj8SrNvLrL0SrS0QyaSYMnc7DO6FflnFysyrgZECIFDRudtI2AyYrfO/eXyP
	tv0gHJusLo/V7ug+CJz9tcMcMAoGCCqGSM49BAMDA2gAMGUCMD4E/cxl6z6bC4/B
	3RvdfCo+eeKjNQXNYxMqiGyG1QDS4SRNxfdovnVcmo1z52m2EgIxAJb84IwwJPuU
	/6+SruMcIrB/8duyOjglJTd6VmUGbKzjfBmZJYoFeLYZZ0c33oNNRA==
	-----END CERTIFICATE-----
	subject=CN = 1009550802.rsc.cdn77.org
	issuer=C = US, O = Let's Encrypt, CN = E6
	---
	No client certificate CA names sent
	Peer signing digest: SHA256
	Peer signature type: ECDSA
	Server Temp Key: X25519, 253 bits
	---
	SSL handshake has read 2800 bytes and written 407 bytes
	Verification: OK
	---
	New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
	Server public key is 256 bit
	Secure Renegotiation IS NOT supported
	Compression: NONE
	Expansion: NONE
	No ALPN negotiated
	Early data was not sent
	Verify return code: 0 (ok)
	---
	DONE