unsupported certificate purpose

unsupported certificate purpose

am 13.11.2002 12:49:42 von Fabio Spataro

Hello all,
I'm setting up an https server with apache+mod_ssl+php. Since I have to
check the client certificate at php level I put this line in httpd.conf:

SSLVerifyClient require

The client certificate has been created with this extension:

nsCertType = server

At the client side I'm testing the application with this command:

wget --sslcertfile= --sslcertkey=

This is the error I get:

Unable to establish SSL connection.

This is the apache error_log I get:

[error] mod_ssl: Certificate Verification: Error (26): unsupported
certificate purpose

I can solve the problem putting these lines in
mod_ssl-2.8.5-1.3.22/pkg.sslmod/ssl_engine_init.c

/*
* Configure CTX purpose
*/
SSL_CTX_set_purpose(ctx, X509_PURPOSE_ANY);

just before

/*
* Configure Client Authentication details
*/

and rebuilding mod_ssl.

Is there a cleaner way to configure the required client certificate purpose?


Fabio Spataro
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org