negotiation handshake failed: Not accepted by cient!?

negotiation handshake failed: Not accepted by cient!?

am 20.05.2002 18:05:12 von Pako

Hi, I had instaled apache with openssl, modssl and php the last two as
modules of apache, I had created my own CA certificate, Server
certificate and User certificate, using openssl functions, and i'm
trying to use it for test my server with SSL and i'm loosing hair
rapidly.

I had some problems with the handsake secuence, at first when i load my
secure site everything work, but i been asked for two times for my user
certificate, i don't know for what but if the second time i cancel the
presentation of certificate some of the images of my site don't load. My
page use frames, and everything is keeped in the same page, my images
are simple gifts and there's no diferrence aparently between the images
that load or the ones that not.

I think this could be a problem with the SSL Cache but i had it
activated in my httpd.conf

SSLSessionCache dbm:/opt/apache1.3.22/logs/ssl_scache
SSLSessionCacheTimeout 300

when i start apache i get the two files ssl_cache.dir and ssl_cache.pag,
but i still had to presentate my user certificate for every link that i
use in my site, and every time that i use it. Sometimes witouth aparent
relation with the operations that i had made my netscape closes and i
get in my error_log the next:

[Tue May 7 17:42:39 2002] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?
[Tue May 7 17:42:39 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Tue May 7 17:42:39 2002] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered
details of a re-created server certificate?]

I don't know what to do, I'm using SSL_Require sentencies and maybe the
problem be there, I don't know I use the next sintax an i think it's ok


SSLVerifyClient require
SSLVerifyDepth 5
SSLOptions -FakeBasicAuth +ExportCertData
SSLRequireSSL
SSLRequire ( %{SSL_CLIENT_S_DN_O} in {"TEST"} )


Help please, and sorry for the English ...

Pako.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org