Client Authentication Problem

Client Authentication Problem

am 06.06.2002 13:13:43 von Jochen Vogel

hi,

i created a CA and a ClientKey witch i imported in my Client.
in httpd.conf i configured

Alias /test/ "/opt/www/test/"

Options Indexes
Order allow,deny
Allow from 192.168.0.142
SSLVerifyClient require
SSLVerifyDepth 1

if i try to connect i get the following error.

==> ./logs/ssl_engine_log <==
[06/Jun/2002 13:04:06 01186] [info] Connection to child 5 established
(server suse:443, client 192.168.0.142)
[06/Jun/2002 13:04:06 01186] [info] Seeding PRNG with 23177 bytes of
entropy
[06/Jun/2002 13:04:06 01186] [info] Connection: Client IP: 192.168.0.142,
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[06/Jun/2002 13:04:06 01186] [info] Connection to child 5 closed with
standard shutdown (server suse:443, client 192.168.0.142)

==> ./logs/access_log <==
192.168.0.142 - - [06/Jun/2002:13:04:07 +0200] "GET /test/ HTTP/1.1" 403 265

==> ./logs/error_log <==
[Thu Jun 6 13:04:07 2002] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Thu Jun 6 13:04:07 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Thu Jun 6 13:04:07 2002] [error] OpenSSL: error:1409E0E5:SSL
routines:SSL3_WRITE_BYTES:ssl handshake failure

==> ./logs/ssl_engine_log <==
[06/Jun/2002 13:04:07 01187] [info] Connection to child 6 established
(server suse:443, client 192.168.0.142)
[06/Jun/2002 13:04:07 01187] [info] Seeding PRNG with 23177 bytes of
entropy
[06/Jun/2002 13:04:07 01187] [info] Connection: Client IP: 192.168.0.142,
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[06/Jun/2002 13:04:07 01187] [info] Initial (No.1) HTTPS request received
for child 6 (server suse:443)
[06/Jun/2002 13:04:07 01187] [info] Requesting connection re-negotiation
[06/Jun/2002 13:04:07 01187] [info] Awaiting re-negotiation handshake
[06/Jun/2002 13:04:07 01187] [error] Re-negotiation handshake failed: Not
accepted by client!?
[06/Jun/2002 13:04:07 01187] [error] SSL error on writing data (OpenSSL
library error follows)
[06/Jun/2002 13:04:07 01187] [error] OpenSSL: error:1409E0E5:SSL
routines:SSL3_WRITE_BYTES:ssl handshake failure
[06/Jun/2002 13:04:07 01187] [info] Connection to child 6 closed with
unclean shutdown (server suse:443, client 192.168.0.142)

==> ./logs/ssl_request_log <==
[06/Jun/2002:13:04:07 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/
HTTP/1.1" 265

==> ./logs/access_log <==
192.168.0.142 - - [06/Jun/2002:13:04:09 +0200] "GET /test/ HTTP/1.1" 403 265

==> ./logs/error_log <==
[Thu Jun 6 13:04:09 2002] [error] mod_ssl: Certificate Verification: Error
(20): unable to get local issuer certificate
[Thu Jun 6 13:04:09 2002] [error] mod_ssl: Re-negotiation handshake failed:
Not accepted by client!?
[Thu Jun 6 13:04:09 2002] [error] mod_ssl: Certificate Verification: Error
(20): unable to get local issuer certificate
[Thu Jun 6 13:04:09 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Thu Jun 6 13:04:09 2002] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

==> ./logs/ssl_engine_log <==
[06/Jun/2002 13:04:09 01188] [info] Connection to child 7 established
(server suse:443, client 192.168.0.142)
[06/Jun/2002 13:04:09 01188] [info] Seeding PRNG with 23177 bytes of
entropy
[06/Jun/2002 13:04:09 01188] [info] Connection: Client IP: 192.168.0.142,
Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[06/Jun/2002 13:04:09 01188] [info] Initial (No.1) HTTPS request received
for child 7 (server suse:443)
[06/Jun/2002 13:04:09 01188] [info] Requesting connection re-negotiation
[06/Jun/2002 13:04:09 01188] [info] Awaiting re-negotiation handshake
[06/Jun/2002 13:04:09 01188] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[06/Jun/2002 13:04:09 01188] [error] Re-negotiation handshake failed: Not
accepted by client!?
[06/Jun/2002 13:04:09 01188] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[06/Jun/2002 13:04:09 01188] [error] SSL error on writing data (OpenSSL
library error follows)
[06/Jun/2002 13:04:09 01188] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
[06/Jun/2002 13:04:09 01188] [info] Connection to child 7 closed with
unclean shutdown (server suse:443, client 192.168.0.142)

==> ./logs/ssl_request_log <==
[06/Jun/2002:13:04:09 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/
HTTP/1.1" 265

thx for help
Jochen

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org