CRL verification failed on apache-mod_ssl 2.0.40

CRL verification failed on apache-mod_ssl 2.0.40

am 10.01.2003 12:32:29 von Omar TANTAOUI

This is a multi-part message in MIME format.

------=_NextPart_000_0003_01C2B8A4.5706B580
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

Hi everybody

I am using Apache 2.0.40 with mod_ssl 2.0.40-11 on a Linux Redhat 8.0.
I have configured apache in order to have a secured area where clients must
authenticate themselves with certificates. Until this point everything works
fine.

But when I added the crl verification feature, I got the followin errror
message:

[Fri Jan 10 12:21:09 2003] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Fri Jan 10 12:21:09 2003] [error] Spurious SSL handshake interrupt [Hint:
Usually just one of those OpenSSL confusions!?]
[Fri Jan 10 12:21:11 2003] [warn] Invalid signature on CRL
[Fri Jan 10 12:21:11 2003] [error] Certificate Verification: Error (8): CRL
signature failure
[Fri Jan 10 12:21:11 2003] [error] Re-negotiation handshake failed: Not
accepted by client!?
[Fri Jan 10 12:21:11 2003] [error] SSL handshake failed (server
192.168.2.237:443, client 192.168.2.178)
[Fri Jan 10 12:21:11 2003] [error] SSL Library Error: 336130161
error:1408F071:lib(20):func(143):reason(113)

Apache says that crl signature is wrong but when I verify it using the
openssl command line, the result is OK !?

Has anybody experienced this problem ? Any idea on how to fix it?

Thanks a lot.


------=_NextPart_000_0003_01C2B8A4.5706B580
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"

eJ8+Ih0LAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcA GAAAAElQTS5NaWNy
b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEGgAMADgAAANMHAQAK AAwAIAAAAAUAFgEB
A5AGADAIAAAmAAAACwACAAEAAAALACMAAAAAAAMAJgAAAAAACwApAAAAAAAD ADYAAAAAAB4AcAAB
AAAAMQAAAENSTCB2ZXJpZmljYXRpb24gZmFpbGVkIG9uIGFwYWNoZS1tb2Rf c3NsIDIuMC40MAAA
AAACAXEAAQAAABYAAAABwrib9Ol9jhoM8aROQLaWeGtFxYWTAAACAR0MAQAA AB0AAABTTVRQOk9N
QVIuVEFOVEFPVUlAQVRFWE8uQ09NAAAAAAsAAQ4AAAAAQAAGDgA4vOObuMIB AgEKDgEAAAAYAAAA
AAAAADQcnhKOOKhDhyno/hgZ/TTCgAAACwAfDgEAAAACAQkQAQAAAJIDAACO AwAAjQUAAExaRnUE
c/wdAwAKAHJjcGcxMjUWMgD4C2BuDhAwMzZPAfcCpAPjAgBjaArAc7BldDAg BxMCgH0KgZJ2CJB3
awuAZDQMYA5jAFALAwu1IEhpIJRldgSQeQbgZHkKogMKhAqASSBhbSB1HwCQ DyARYAqwEOBlIDIw
LjAuNBFQA/B0aDogBGFfBBADIBZ0LTFMMSACIBVgIEwLgHXeeAfwCYAQ8AVA OBaBFPYLEPAUECAF
oG5maWf/CHAJgBVgFhQLgBhACyAEkLggdG8aJBiAESBjGuS7CXAYgHcWQAlw GnBsCJCbAjAEIG0V
oAVAYXUXAF8eMQ3gGUAWUB7xbREgbPcUEAQgFuNjBJAfMBqwH1Lwcy4gVR8h AyAXAAQA+CBwbwuA
BUAUAyHhFdGadwWwawQgGrBuZRmlvRSUQh7gHZIDoBVRZAEAdxsQHvEacHID IBQRIORpVRhRZh1w
dBrhLCUxZ+5vBUAlwgIQbAkAA/ADoA8EkCjgBbEHgXNhZ2WSOhSaW0YFECBK A5EDD0ArADI6MjE6
MIo5FmAwD1BdIFso0fcFsCwQGQAtI8AnwQcwJsNrEPASgHMQ8GsoIQtwbP0J gDoHsCfRANAgoAUw
GwHkYnkd9SE/Ki8rPyxFnFNwCHEIYAZBU0wtmesiUSjRdQUxWxPQAjAuoKhV c3UHQGwvoGoeklMC
IBZQb2YfkW8RICB8T3AJ8DNiGoIVoQIgc70wIF0wTzFVGCEr1XcKwKJuLBBJ bnYHQGkbEBkAkGdu
JzMYQkNSTJc4TzlfLEVDILggViZZxS6gRSjzKDgpLqA8Ef87OS5CGuE8Tz1f LE8tXy5v/y9/Qr9D
zzKiM3tGlEDAESCWchQRMSA5FnAxNhlwARZwMjM3OjQ0M+cngB4ETOkxN0Dg SJ9Jr/NKuRigYnIK
wEfwQHNG8OIzD2AxMzBNMBgwRJPDObAWsDhGMDcxoB4QHGIoAdBA8DegbmMo 7VQwM0DwHWFzAiBV
gFNg3ikK4xTWFgUpcHkEIBcAbxlBJgI7SCIBdwNgFdFivyTIJkNH8BbwFZUl wm83AfsXcgWgbQOB
GxAeECPAJ4A3JcIJcDVgbAVAIgFPS7YgSHYUlEhWABVgbhRD/RPweDcACIFV YCWTIgIDYPMCYB/A
ID8RYF9wG5ABAP8YgEXCKIAcIhqwGOAW8F5b3lRF8SNxGIAJAHQj6xHhAgBl wAAAAwABbiAAAAAL
AAGACCAGAAAAAADAAAAAAAAARgAAAAADhQAAAAAAAAMAA4AIIAYAAAAAAMAA AAAAAABGAAAAABCF
AAAAAAAAAwAHgAggBgAAAAAAwAAAAAAAAEYAAAAAUoUAAI5qAQAeAAiACCAG AAAAAADAAAAAAAAA
RgAAAABUhQAAAQAAAAQAAAA5LjAAHgAJgAggBgAAAAAAwAAAAAAAAEYAAAAA NoUAAAEAAAABAAAA
AAAAAB4ACoAIIAYAAAAAAMAAAAAAAABGAAAAADeFAAABAAAAAQAAAAAAAAAe AAuACCAGAAAAAADA
AAAAAAAARgAAAAA4hQAAAQAAAAEAAAAAAAAACwANgAggBgAAAAAAwAAAAAAA AEYAAAAAgoUAAAEA
AAALADqACCAGAAAAAADAAAAAAAAARgAAAAAOhQAAAAAAAAMAPIAIIAYAAAAA AMAAAAAAAABGAAAA
ABGFAAAAAAAAAwA9gAggBgAAAAAAwAAAAAAAAEYAAAAAGIUAAAAAAAALAFKA CCAGAAAAAADAAAAA
AAAARgAAAAAGhQAAAAAAAAMAU4AIIAYAAAAAAMAAAAAAAABGAAAAAAGFAAAA AAAAAgH4DwEAAAAQ
AAAANByeEo44qEOHKej+GBn9NAIB+g8BAAAAEAAAADQcnhKOOKhDhyno/hgZ /TQCAfsPAQAAAJ4A
AAAAAAAAOKG7EAXlEBqhuwgAKypWwgAAUFNUUFJYLkRMTAAAAAAAAAAATklU Qfm/uAEAqgA32W4A
AABDOlxEb2N1bWVudHMgYW5kIFNldHRpbmdzXE9tciBUQU5UQU9VSVxMb2Nh bCBTZXR0aW5nc1xB
cHBsaWNhdGlvbiBEYXRhXE1pY3Jvc29mdFxPdXRsb29rXG91dGxvb2sucHN0 AAAAAwD+DwUAAAAD
AA00/TcAAAIBfwABAAAANwAAADxLSUVESUhDSk5NT0NJR0FMSERBTUlFTEFD QUFBLm9tYXIudGFu
dGFvdWlAYXRleG8uY29tPgAAAwAGEIgrWOUDAAcQwgMAAAMAEBAAAAAAAwAR EAEAAAAeAAgQAQAA
AGUAAABISUVWRVJZQk9EWUlBTVVTSU5HQVBBQ0hFMjA0MFdJVEhNT0RTU0wy MDQwLTExT05BTElO
VVhSRURIQVQ4MElIQVZFQ09ORklHVVJFREFQQUNIRUlOT1JERVJUT0hBVkVB U0VDAAAAAP3s

------=_NextPart_000_0003_01C2B8A4.5706B580--


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org