Приветствую
Почему может не выполняться проверка сертификатов сервера???
Пробовал так
openssl s_client -connect fcm.googleapis.com:443
на одном дебиане выхлоп корректный
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1
---
Certificate chain
0 s:/CN=*.google.com
i:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
1 s:/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
i:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
2 s:/C=US/O=Google Trust Services LLC/CN=GTS Root R1
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIPBzCCDe+gAwIBAgIQKuaFLS3w+z4K/anwgexsvTANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExM
QzETMBEGA1UEAxMKR1RTIENBIDFDMzAeFw0yMzA3MTcwODE2MzFaFw0yMzEwMDkw
ODE2MzBaMBcxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMfBborGk6pXdukFvjev59Vz+nq4XsLmbYMMDQEtmSui
8wKv5LP9FxeOa4KyRJbGPajaCXFkV9wkMl5yrTY93bZ5uwMZDORRzUWylxwHlZxN
ks0/Jvjp/gUKtc+K0z5WxOnkq5V+rNpjMr6I6W0UAHHLqS+FjyKCV5b5qA2Jadz9
nvv3ddO6OuA1ozx/wGLY2j2k/27cl4ep6DbK8gDURrciy7zSzAsz1cFUBzAUEfpw
em2YppjmzCuey22gYHuFsXB5k4rzTSu9gwx3A6wooIsg54R+csY3dyNHvisWuC7w
2VlEQ87PeCshOWCfdoIxoSNeeQOmFAp5vhbo5DvDRD0CAwEAAaOCDB4wggwaMA4G
A1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBQZ48UsKZ0bzHsEYfPyvXkC+xbu1jAfBgNVHSMEGDAWgBSKdH+v
hc3ulc09nNDiRhTzcTUdJzBqBggrBgEFBQcBAQReMFwwJwYIKwYBBQUHMAGGG2h0
dHA6Ly9vY3NwLnBraS5nb29nL2d0czFjMzAxBggrBgEFBQcwAoYlaHR0cDovL3Br
aS5nb29nL3JlcG8vY2VydHMvZ3RzMWMzLmRlcjCCCc0GA1UdEQSCCcQwggnAggwq
Lmdvb2dsZS5jb22CFiouYXBwZW5naW5lLmdvb2dsZS5jb22CCSouYmRuLmRldoIV
Ki5vcmlnaW4tdGVzdC5iZG4uZGV2ghIqLmNsb3VkLmdvb2dsZS5jb22CGCouY3Jv
d2Rzb3VyY2UuZ29vZ2xlLmNvbYIYKi5kYXRhY29tcHV0ZS5nb29nbGUuY29tggsq
Lmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2ds
ZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29n
bGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5n
b29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boIL
Ki5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUu
aHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29v
Z2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22CDyouZ29vZ2xlYXBpcy5jboIRKi5n
b29nbGV2aWRlby5jb22CDCouZ3N0YXRpYy5jboIQKi5nc3RhdGljLWNuLmNvbYIP
Z29vZ2xlY25hcHBzLmNughEqLmdvb2dsZWNuYXBwcy5jboIRZ29vZ2xlYXBwcy1j
bi5jb22CEyouZ29vZ2xlYXBwcy1jbi5jb22CDGdrZWNuYXBwcy5jboIOKi5na2Vj
bmFwcHMuY26CEmdvb2dsZWRvd25sb2Fkcy5jboIUKi5nb29nbGVkb3dubG9hZHMu
Y26CEHJlY2FwdGNoYS5uZXQuY26CEioucmVjYXB0Y2hhLm5ldC5jboIQcmVjYXB0
Y2hhLWNuLm5ldIISKi5yZWNhcHRjaGEtY24ubmV0ggt3aWRldmluZS5jboINKi53
aWRldmluZS5jboIRYW1wcHJvamVjdC5vcmcuY26CEyouYW1wcHJvamVjdC5vcmcu
Y26CEWFtcHByb2plY3QubmV0LmNughMqLmFtcHByb2plY3QubmV0LmNughdnb29n
bGUtYW5hbHl0aWNzLWNuLmNvbYIZKi5nb29nbGUtYW5hbHl0aWNzLWNuLmNvbYIX
Z29vZ2xlYWRzZXJ2aWNlcy1jbi5jb22CGSouZ29vZ2xlYWRzZXJ2aWNlcy1jbi5j
b22CEWdvb2dsZXZhZHMtY24uY29tghMqLmdvb2dsZXZhZHMtY24uY29tghFnb29n
bGVhcGlzLWNuLmNvbYITKi5nb29nbGVhcGlzLWNuLmNvbYIVZ29vZ2xlb3B0aW1p
emUtY24uY29tghcqLmdvb2dsZW9wdGltaXplLWNuLmNvbYISZG91YmxlY2xpY2st
Y24ubmV0ghQqLmRvdWJsZWNsaWNrLWNuLm5ldIIYKi5mbHMuZG91YmxlY2xpY2st
Y24ubmV0ghYqLmcuZG91YmxlY2xpY2stY24ubmV0gg5kb3VibGVjbGljay5jboIQ
Ki5kb3VibGVjbGljay5jboIUKi5mbHMuZG91YmxlY2xpY2suY26CEiouZy5kb3Vi
bGVjbGljay5jboIRZGFydHNlYXJjaC1jbi5uZXSCEyouZGFydHNlYXJjaC1jbi5u
ZXSCHWdvb2dsZXRyYXZlbGFkc2VydmljZXMtY24uY29tgh8qLmdvb2dsZXRyYXZl
bGFkc2VydmljZXMtY24uY29tghhnb29nbGV0YWdzZXJ2aWNlcy1jbi5jb22CGiou
Z29vZ2xldGFnc2VydmljZXMtY24uY29tghdnb29nbGV0YWdtYW5hZ2VyLWNuLmNv
bYIZKi5nb29nbGV0YWdtYW5hZ2VyLWNuLmNvbYIYZ29vZ2xlc3luZGljYXRpb24t
Y24uY29tghoqLmdvb2dsZXN5bmRpY2F0aW9uLWNuLmNvbYIkKi5zYWZlZnJhbWUu
Z29vZ2xlc3luZGljYXRpb24tY24uY29tghZhcHAtbWVhc3VyZW1lbnQtY24uY29t
ghgqLmFwcC1tZWFzdXJlbWVudC1jbi5jb22CC2d2dDEtY24uY29tgg0qLmd2dDEt
Y24uY29tggtndnQyLWNuLmNvbYINKi5ndnQyLWNuLmNvbYILMm1kbi1jbi5uZXSC
DSouMm1kbi1jbi5uZXSCFGdvb2dsZWZsaWdodHMtY24ubmV0ghYqLmdvb2dsZWZs
aWdodHMtY24ubmV0ggxhZG1vYi1jbi5jb22CDiouYWRtb2ItY24uY29tghRnb29n
bGVzYW5kYm94LWNuLmNvbYIWKi5nb29nbGVzYW5kYm94LWNuLmNvbYIeKi5zYWZl
bnVwLmdvb2dsZXNhbmRib3gtY24uY29tgg0qLmdzdGF0aWMuY29tghQqLm1ldHJp
Yy5nc3RhdGljLmNvbYIKKi5ndnQxLmNvbYIRKi5nY3BjZG4uZ3Z0MS5jb22CCiou
Z3Z0Mi5jb22CDiouZ2NwLmd2dDIuY29tghAqLnVybC5nb29nbGUuY29tghYqLnlv
dXR1YmUtbm9jb29raWUuY29tggsqLnl0aW1nLmNvbYILYW5kcm9pZC5jb22CDSou
YW5kcm9pZC5jb22CEyouZmxhc2guYW5kcm9pZC5jb22CBGcuY26CBiouZy5jboIE
Zy5jb4IGKi5nLmNvggZnb28uZ2yCCnd3dy5nb28uZ2yCFGdvb2dsZS1hbmFseXRp
Y3MuY29tghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggpnb29nbGUuY29tghJnb29n
bGVjb21tZXJjZS5jb22CFCouZ29vZ2xlY29tbWVyY2UuY29tgghnZ3BodC5jboIK
Ki5nZ3BodC5jboIKdXJjaGluLmNvbYIMKi51cmNoaW4uY29tggh5b3V0dS5iZYIL
eW91dHViZS5jb22CDSoueW91dHViZS5jb22CFHlvdXR1YmVlZHVjYXRpb24uY29t
ghYqLnlvdXR1YmVlZHVjYXRpb24uY29tgg95b3V0dWJla2lkcy5jb22CESoueW91
dHViZWtpZHMuY29tggV5dC5iZYIHKi55dC5iZYIaYW5kcm9pZC5jbGllbnRzLmdv
b2dsZS5jb22CG2RldmVsb3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVy
cy5hbmRyb2lkLmdvb2dsZS5jboIYc291cmNlLmFuZHJvaWQuZ29vZ2xlLmNuMCEG
A1UdIAQaMBgwCAYGZ4EMAQIBMAwGCisGAQQB1nkCBQMwPAYDVR0fBDUwMzAxoC+g
LYYraHR0cDovL2NybHMucGtpLmdvb2cvZ3RzMWMzL2ZWSnhiVi1LdG1rLmNybDCC
AQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2AK33vvp8/xDIi509nB4+GGq0Zyldz7EM
JMqFhjTr3IKKAAABiWMjJUEAAAQDAEcwRQIgOupe5IIvifbm8xiVlqEyhOBpvXTC
Mkvs+996tP8raj8CIQCC+C7j+83WcIXUnzjdW8wwN/3P0uNF49pPBTmResO+tQB3
ALNzdwfhhFD4Y4bWBancEQlKeS2xZwwLh9zwAw55NqWaAAABiWMjJR8AAAQDAEgw
RgIhAO1LcKXKCSglGWIo/8XcwE5dKrcyqmyZzjcq1+ybZaL9AiEArfqI2WkZqy6M
eHLLDw1hPAmLc6DsJ13iUTkIEq6XvaUwDQYJKoZIhvcNAQELBQADggEBAHfeJw06
wBei3Xl0+77k+p0jn5wWWVXpEzDiRdaJZsJy/29lWzgGaNNDU8/kYDtoEFvOaaun
WqrrkJSDLHGooerEGWBuPo57trL7W6ZeRVn4BEogjk6lgz5w7As6IEdGiz2kZNEp
saJVgbfkdHpVIsiXJBAKSD9gXbI58bxHtIMFAYd9LwwvG4P3yFnPoYiRhKXMBuWl
i906cqjelyUG4kjB+AwDcD837QDZC78fGLDwW9NsdwYyKgY2kBdbleeRwyXtigvw
IabvTdvYKuTK8R0l+DSMz6oKS9F2IU2QDTyO1CXGPU1mYQPmtV714sdzq3r9gZmP
rktC22JuuTQfLVs=
-----END CERTIFICATE-----
subject=/CN=*.google.com
issuer=/C=US/O=Google Trust Services LLC/CN=GTS CA 1C3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 7357 bytes and written 261 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-CHACHA20-POLY1305
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-CHACHA20-POLY1305
Session-ID: 6729DCD94FC7F482C061EBA85C6925EBBD3825F91A40308F66BE77408BDE82D3
Session-ID-ctx:
Master-Key: A6A142D3777B88391EF8FCDBF83251658DD54178E49FA90D4E19D940BBCC8976BEEFE8AEC4445BD65B9B1232258E91F9
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - 02 f4 dc 2a b0 9d 9e d3-84 56 19 15 ff 1c 8d eb ...*.....V......
0010 - 19 65 dc 84 fe c9 6a 7b-fe 89 44 6a e7 88 0f 20 .e....j{..Dj...
0020 - 6c fa 03 b3 3d b6 0c f0-85 09 2a 26 a5 99 9f 25 l...=.....*&...%
0030 - fa c3 0b 3d 56 58 96 95-1a 55 96 da 3b 90 07 bc ...=VX...U..;...
0040 - 66 54 e8 b7 ad 0d ef b6-9b ff 61 d4 34 f6 6e 03 fT........a.4.n.
0050 - 3c 19 36 f7 6a fd 77 cf-b1 86 48 93 15 88 d7 40 <.6.j.w...H....@
0060 - 7b 4d 5b 00 7f 44 ca c8-a9 d0 a3 31 5b e1 b7 2f {M[..D.....1[../
0070 - 5a 4e d9 8c e5 69 0b 18-ec 99 45 3a 54 16 f0 39 ZN...i....E:T..9
0080 - cf 89 de 8d d5 3d 11 0b-e4 04 4e 54 46 a5 fe f8 .....=....NTF...
0090 - db e9 57 49 c4 c1 b7 9a-84 fe 61 dc b5 bd 13 ed ..WI......a.....
00a0 - 2e 08 4e bb b0 f5 b7 d0-ec ae 63 59 1c 0b c7 96 ..N.......cY....
00b0 - 43 33 2c d3 9e a7 bb b9-5b 30 57 36 a5 c3 b6 12 C3,.....[0W6....
00c0 - 8e f1 e3 7a d0 fd f7 22-cc bf 1b c1 df f7 22 33 ...z..."......"3
00d0 - 10 83 e6 3e cc c6 28 b6-c8 d8 4c 50 50 32 52 0d ...>..(...LPP2R.
00e0 - 2f 4c 31 d3 14 /L1..
Start Time: 1691473119
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
read:errno=0
на другом вижу только висящее
CONNECTED(00000003)
