SSLCACertificateFile getting ignored when I use a Location directive
am 22.07.2010 18:07:06 von John Carpenter--0-790917700-1279814826=:90633
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Hello,
Adding
th is causing my mutual =0Aauthentication to fail with a ssl_error_handshak=
e_failure_alert message. =A0 I =0Acan't seem to determine what might b=
e causing this. I'll just jump right to =0Athe code below:
=0A[W=
ORKS]
Excerpting my httpd.conf:
=A0DocumentRoot "
e ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+e NULL
SSL=
CertificateFile "
KeyFile "
fyDepth 1
only problem is it works EVERYWHERE I use =0A443 ... which is as expected.=
=A0 So when I add my
code: ssl_error_handshake_failure_alert. Though it properly =
=0Atriggers this error on requests to the specified location. =A0 So I=
know that =0Apart is being picked up properly. =A0 Does anybody know =
what can be causing =0Athis? =A0 This seems to be how it was beh=
aving before I added in the =0ASSLCACertificateFile=A0information. =A0=
Could the Location tag be causing the =0Aserver to somehow ignore my SSLCA=
CertificateFile? =A0
[DOESN'T WORK]=A0: Error code: =
ssl_error_handshake_failure_alert
=0A
DocumentRoot "
LL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eN ULL
SSLCer=
tificateFile "
File "
LVerifyClient required
=A0SSLVerifyDepth 1
--0-790917700-1279814826=:90633
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
ad>
font-size:12pt">
SSLVerifyClient and SSLVerifyDepth is causing my mutual authentication to =
fail with a ssl_error_handshake_failure_alert message. I =
can't seem to determine what might be causing this. I'll just j=
ump right to the code below:
=0A
&nbs=
p;DocumentRoot "<path edited>/htdocs"
SSLEngine on
=
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+e =
NULL
SSLCertificateFile "<path edited>/Cert/ssl.crt/server.c=
rt"
SSLCertificateKeyFile "<path edited>/Cert/ssl.key/server=
..key"
SSLCACertificateFile "<path edited> Cert/ca.cer"
&n=
bsp; SSLVerifyClient required
SSLVerifyDepth 1
=
;<truncated>
charm. The only problem is it works EVERYWHERE I use 443=
... which is as expected. So when I add my <Location&=
gt; directive as below I get the Error code: ssl_error_handshake_failure_al=
ert. Though it properly triggers this error on requ=
ests to the specified location. So I know that part is be=
ing picked up properly. Does anybody know what can be cau=
sing this? This seems to be how it was behavi=
ng before I added in the SSLCACertificateFile information. =
Could the Location tag be causing the server to somehow ignore my SS=
LCACertificateFile?
sp;
ror code: ssl_error_handshake_failure_alert
=
DocumentRoot "<path edited>/htdocs"
SSLEngine on
&n=
bsp;SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EX=
P:+eNULL
SSLCertificateFile "<path edited>/Cert/ssl.crt/serv=
er.crt"
SSLCertificateKeyFile "<path edited>/Cert/ssl.key/se=
rver.key"
SSLCACertificateFile "<path edited> Cert/ca.cer"
ogonWithCertificate>
nt required
SSLVerifyDepth 1
;
=0A
tp-equiv=3Dx-dns-prefetch-control>
=
--0-790917700-1279814826=:90633--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org