AW: Client Authentication Problem

AW: Client Authentication Problem

am 07.06.2002 14:58:32 von Jochen Vogel

the path for SSLCACertificateFile was wrong.
know its working

> -----Ursprüngliche Nachricht-----
> Von: Jochen Vogel [mailto:jvogel@it-sec.de]
> Gesendet: Donnerstag, 6. Juni 2002 13:14
> An: 'modssl-users@modssl.org'
> Betreff: Client Authentication Problem
>
>
> hi,
>
> i created a CA and a ClientKey witch i imported in my Client.
> in httpd.conf i configured
>
> Alias /test/ "/opt/www/test/"
>
> Options Indexes
> Order allow,deny
> Allow from 192.168.0.142
> SSLVerifyClient require
> SSLVerifyDepth 1
> >
> if i try to connect i get the following error.
>
> ==> ./logs/ssl_engine_log <==
> [06/Jun/2002 13:04:06 01186] [info] Connection to child 5 established
> (server suse:443, client 192.168.0.142)
> [06/Jun/2002 13:04:06 01186] [info] Seeding PRNG with 23177 bytes of
> entropy
> [06/Jun/2002 13:04:06 01186] [info] Connection: Client IP:
> 192.168.0.142,
> Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
> [06/Jun/2002 13:04:06 01186] [info] Connection to child 5 closed with
> standard shutdown (server suse:443, client 192.168.0.142)
>
> ==> ./logs/access_log <==
> 192.168.0.142 - - [06/Jun/2002:13:04:07 +0200] "GET /test/
> HTTP/1.1" 403 265
>
> ==> ./logs/error_log <==
> [Thu Jun 6 13:04:07 2002] [error] mod_ssl: Re-negotiation
> handshake failed:
> Not accepted by client!?
> [Thu Jun 6 13:04:07 2002] [error] mod_ssl: SSL error on writing data
> (OpenSSL library error follows)
> [Thu Jun 6 13:04:07 2002] [error] OpenSSL: error:1409E0E5:SSL
> routines:SSL3_WRITE_BYTES:ssl handshake failure
>
> ==> ./logs/ssl_engine_log <==
> [06/Jun/2002 13:04:07 01187] [info] Connection to child 6 established
> (server suse:443, client 192.168.0.142)
> [06/Jun/2002 13:04:07 01187] [info] Seeding PRNG with 23177 bytes of
> entropy
> [06/Jun/2002 13:04:07 01187] [info] Connection: Client IP:
> 192.168.0.142,
> Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
> [06/Jun/2002 13:04:07 01187] [info] Initial (No.1) HTTPS
> request received
> for child 6 (server suse:443)
> [06/Jun/2002 13:04:07 01187] [info] Requesting connection
> re-negotiation
> [06/Jun/2002 13:04:07 01187] [info] Awaiting re-negotiation handshake
> [06/Jun/2002 13:04:07 01187] [error] Re-negotiation handshake
> failed: Not
> accepted by client!?
> [06/Jun/2002 13:04:07 01187] [error] SSL error on writing
> data (OpenSSL
> library error follows)
> [06/Jun/2002 13:04:07 01187] [error] OpenSSL: error:1409E0E5:SSL
> routines:SSL3_WRITE_BYTES:ssl handshake failure
> [06/Jun/2002 13:04:07 01187] [info] Connection to child 6 closed with
> unclean shutdown (server suse:443, client 192.168.0.142)
>
> ==> ./logs/ssl_request_log <==
> [06/Jun/2002:13:04:07 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/
> HTTP/1.1" 265
>
> ==> ./logs/access_log <==
> 192.168.0.142 - - [06/Jun/2002:13:04:09 +0200] "GET /test/
> HTTP/1.1" 403 265
>
> ==> ./logs/error_log <==
> [Thu Jun 6 13:04:09 2002] [error] mod_ssl: Certificate
> Verification: Error
> (20): unable to get local issuer certificate
> [Thu Jun 6 13:04:09 2002] [error] mod_ssl: Re-negotiation
> handshake failed:
> Not accepted by client!?
> [Thu Jun 6 13:04:09 2002] [error] mod_ssl: Certificate
> Verification: Error
> (20): unable to get local issuer certificate
> [Thu Jun 6 13:04:09 2002] [error] mod_ssl: SSL error on writing data
> (OpenSSL library error follows)
> [Thu Jun 6 13:04:09 2002] [error] OpenSSL: error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>
> ==> ./logs/ssl_engine_log <==
> [06/Jun/2002 13:04:09 01188] [info] Connection to child 7 established
> (server suse:443, client 192.168.0.142)
> [06/Jun/2002 13:04:09 01188] [info] Seeding PRNG with 23177 bytes of
> entropy
> [06/Jun/2002 13:04:09 01188] [info] Connection: Client IP:
> 192.168.0.142,
> Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
> [06/Jun/2002 13:04:09 01188] [info] Initial (No.1) HTTPS
> request received
> for child 7 (server suse:443)
> [06/Jun/2002 13:04:09 01188] [info] Requesting connection
> re-negotiation
> [06/Jun/2002 13:04:09 01188] [info] Awaiting re-negotiation handshake
> [06/Jun/2002 13:04:09 01188] [error] Certificate
> Verification: Error (20):
> unable to get local issuer certificate
> [06/Jun/2002 13:04:09 01188] [error] Re-negotiation handshake
> failed: Not
> accepted by client!?
> [06/Jun/2002 13:04:09 01188] [error] Certificate
> Verification: Error (20):
> unable to get local issuer certificate
> [06/Jun/2002 13:04:09 01188] [error] SSL error on writing
> data (OpenSSL
> library error follows)
> [06/Jun/2002 13:04:09 01188] [error] OpenSSL: error:140890B2:SSL
> routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
> [06/Jun/2002 13:04:09 01188] [info] Connection to child 7 closed with
> unclean shutdown (server suse:443, client 192.168.0.142)
>
> ==> ./logs/ssl_request_log <==
> [06/Jun/2002:13:04:09 +0200] 192.168.0.142 SSLv3 (NONE) "GET /test/
> HTTP/1.1" 265
>
> thx for help
> Jochen
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org