# 2 test listed here, with and with out the -verify 3 flag

@server1:~$ openssl s_client -connect server1.ca1.example:4433 -verify 3
verify depth is 3
CONNECTED(00000003)
depth=1 /C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=1 /C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
verify error:num=26:unsupported certificate purpose
verify return:1
depth=1 /C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
verify return:1
depth=0 /C=US/O=TestCA1/OU=CA1/L=Someplace/ST=Somewhere/CN=server1.ca1.example
verify return:1
---
Certificate chain
 0 s:/C=US/O=TestCA1/OU=CA1/L=Someplace/ST=Somewhere/CN=server1.ca1.example
   i:/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
 1 s:/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
   i:/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICwjCCAm6gAwIBAgIEUQjDOTALBgkqhkiG9w0BAQUwbTELMAkGA1UEBhMCVVMx
EDAOBgNVBAoTB1Rlc3RDQTExDDAKBgNVBAsTA0NBMTEMMAoGA1UEBxMDVVNBMRIw
EAYDVQQIEwlTb21lcGxhY2UxHDAaBgNVBAMTE3Rlc3RjYTEuY2ExLmV4YW1wbGUw
HhcNMTMwMTMwMDY1MjQ0WhcNMTQwMTMwMDY1MjQ3WjBzMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHVGVzdENBMTEMMAoGA1UECxMDQ0ExMRIwEAYDVQQHEwlTb21lcGxh
Y2UxEjAQBgNVBAgTCVNvbWV3aGVyZTEcMBoGA1UEAxMTc2VydmVyMS5jYTEuZXhh
bXBsZTBZMAsGCSqGSIb3DQEBAQNKADBHAkDFh9iDHfxntnbMPddgpCTw0LwmGYlA
vppfmT+r+A3K5lBdZ/cvDJmKJvfm5Sqv53tN0RVwJnciu3lzS66eFIbHAgMBAAGj
gfQwgfEwMwYDVR0RBCwwKoITc2VydmVyMS5jYTEuZXhhbXBsZYITc2VydmVyMS5j
YTEuZXhhbXBsZTAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAwMQYDVR0l
BCowKAYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYD
VR0OBBYEFLTg+PkAU4Y/lJHTD9azpDoo6OC+MB8GA1UdIwQYMBaAFFoU0+n4fTOx
kNEul2ISP2onY3LFMCgGA1UdHwQhMB8wHaAboBmGF3Rlc3RjYTEuY2ExLmV4YW1w
bGUvY3JsMAsGCSqGSIb3DQEBBQNBAG3Dw/JjQ82R1k0mKxahtBFsQwdSIqo0+fzl
HHFHSvgp7PIfqCW094aE7HAqIzIWDVe3d08Du3PDcrwOJTm8R2A=
-----END CERTIFICATE-----
subject=/C=US/O=TestCA1/OU=CA1/L=Someplace/ST=Somewhere/CN=server1.ca1.example
issuer=/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
---
No client certificate CA names sent
---
SSL handshake has read 1811 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 512 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 10E6C044751D8B5BE9C003176F5F6FB78F26BC7ED7DDC5D9D22B7B344F42C88F
    Session-ID-ctx: 
    Master-Key: 7F0CB931258F03BDFCC65D80CD5A1B31D043BEE6B14AFC4F6B090111503C28BFD03E9CC40ADED57F5AE0EC7B3D508BC7
    Key-Arg   : None
    Start Time: 1359586018
    Timeout   : 300 (sec)
    Verify return code: 26 (unsupported certificate purpose)
---
^C









@server1:~$ openssl s_client -connect server1.ca1.example:4433
CONNECTED(00000003)
depth=1 /C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/C=US/O=TestCA1/OU=CA1/L=Someplace/ST=Somewhere/CN=server1.ca1.example
   i:/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
 1 s:/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
   i:/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICwjCCAm6gAwIBAgIEUQjDOTALBgkqhkiG9w0BAQUwbTELMAkGA1UEBhMCVVMx
EDAOBgNVBAoTB1Rlc3RDQTExDDAKBgNVBAsTA0NBMTEMMAoGA1UEBxMDVVNBMRIw
EAYDVQQIEwlTb21lcGxhY2UxHDAaBgNVBAMTE3Rlc3RjYTEuY2ExLmV4YW1wbGUw
HhcNMTMwMTMwMDY1MjQ0WhcNMTQwMTMwMDY1MjQ3WjBzMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHVGVzdENBMTEMMAoGA1UECxMDQ0ExMRIwEAYDVQQHEwlTb21lcGxh
Y2UxEjAQBgNVBAgTCVNvbWV3aGVyZTEcMBoGA1UEAxMTc2VydmVyMS5jYTEuZXhh
bXBsZTBZMAsGCSqGSIb3DQEBAQNKADBHAkDFh9iDHfxntnbMPddgpCTw0LwmGYlA
vppfmT+r+A3K5lBdZ/cvDJmKJvfm5Sqv53tN0RVwJnciu3lzS66eFIbHAgMBAAGj
gfQwgfEwMwYDVR0RBCwwKoITc2VydmVyMS5jYTEuZXhhbXBsZYITc2VydmVyMS5j
YTEuZXhhbXBsZTAMBgNVHRMBAf8EAjAAMA8GA1UdDwEB/wQFAwMHoAAwMQYDVR0l
BCowKAYIKwYBBQUHAwIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYD
VR0OBBYEFLTg+PkAU4Y/lJHTD9azpDoo6OC+MB8GA1UdIwQYMBaAFFoU0+n4fTOx
kNEul2ISP2onY3LFMCgGA1UdHwQhMB8wHaAboBmGF3Rlc3RjYTEuY2ExLmV4YW1w
bGUvY3JsMAsGCSqGSIb3DQEBBQNBAG3Dw/JjQ82R1k0mKxahtBFsQwdSIqo0+fzl
HHFHSvgp7PIfqCW094aE7HAqIzIWDVe3d08Du3PDcrwOJTm8R2A=
-----END CERTIFICATE-----
subject=/C=US/O=TestCA1/OU=CA1/L=Someplace/ST=Somewhere/CN=server1.ca1.example
issuer=/C=US/O=TestCA1/OU=CA1/L=USA/ST=Someplace/CN=testca1.ca1.example
---
No client certificate CA names sent
---
SSL handshake has read 1811 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 512 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: F6E72361AA60D64B4BAB343E77FC6CAB6FD223DE4D1BEED74678FC078F68F3E7
    Session-ID-ctx: 
    Master-Key: 9D9FD54CBB0270BC6CAF409A83009ED9EB26726F55CCF8C6C89E31DF329C269958F637205DBBBF95BACAF6C9D8313647
    Key-Arg   : None
    Start Time: 1359583222
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
^C