Hey can you try setting verify depth to Zero and not pointing to any CA cert i.e SSLCACertificatePath pointing to null?
Thanks --Gayathri > Hi Again., > > This is what I found from the "log" file you sent..is this pointing to the > same CA cert "itcilo-ca.crt, I put it in ssl.crt" ? > > debug] ssl_engine_init.c(1112): CA certificate: > /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO > CA/[EMAIL PROTECTED] > [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_init.c(703): Configuring > server certificate chain (1 CA certificate) > > You will not find that option "SSL_VERIFY_FAIL_IF_NO_PEER_CERT" thats > openssl macro..I thought you had written your own server.. > > found this link > http://httpd.apache.org/docs-2.0/mod/mod_ssl.html > perhaps your already aware of this..but sorry no idea abt apache mod ssl > :) > > Thanks > Gayathri > > > >> Hi. > > Hi, > > Thanks for the reply > >> Have you imported the CA of the client cert on the server side? > > Yes, it's the itcilo-ca.crt, I put it in ssl.crt (self-signed) > >> A verify depth of 1 has been set, which could mean that the client >> cert is self signed? Can you set it to some higher value and try? > > Yes, it's a self signed certificate, I tried with a higher values (5) > without any success > >> Also can you check whether the option "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"? > > I searched for the string on my server but can not find it. In which > should I find it? > >> Can you retry the same thing from Mozilla or something. > > I tried with firefox with the same result > >> is your server mod_ssl? > > Yes, apache 2 on suse includes it by default. > > I turned the loglevel to debug and attached the log file below, just in > case > > There are a lot of > Wed Jul 13 11:48:34 2005] [debug] ssl_engine_kernel.c(1793): OpenSSL: > Handshake: start > [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: > Loop: before/accept initialization > [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_io.c(1518): OpenSSL: I/O > error, 11 bytes expected to read on BIO#836ffc8 [mem: 8377648] > [Wed Jul 13 11:48:34 2005] [debug] ssl_engine_kernel.c(1830): OpenSSL: > Exit: error in SSLv2/v3 read client hello A > [Wed Jul 13 11:48:34 2005] [info] (70014)End of file found: SSL > handshake interrupted by system [Hint: Stop button pressed in > browser?!] > [Wed Jul 13 11:48:34 2005] [info] Connection to child 9 closed with > abortive shutdown(server tomcat-ssl.itcilo.org:443, client ::1) > [Wed Jul 13 11:48:34 2005] [info] Connection to child 9 established > (server tomcat-ssl.itcilo.org:443, client ::1) > [Wed Jul 13 11:48:34 2005] [info] Seeding PRNG with 136 bytes of entropy > > and then > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1793): OpenSSL: > Handshake: start > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: > Loop: before/accept initialization > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1507): OpenSSL: > read 11/11 bytes from BIO#8372060 [mem: 83776d8] (BIO dump follows) > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1454): > +-------------------------------------------------------------------------+ > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0000: 80 > 67 01 03 00 00 4e 00-00 00 10 .g....N.... | > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1485): > +-------------------------------------------------------------------------+ > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1507): OpenSSL: > read 94/94 bytes from BIO#8372060 [mem: 83776e3] (BIO dump follows) > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1454): > +-------------------------------------------------------------------------+ > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0000: 01 > 00 80 03 00 80 07 00-c0 06 00 40 02 00 80 04 [EMAIL PROTECTED] | > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0010: 00 > 80 00 00 39 00 00 38-00 00 35 00 00 33 00 00 ....9..8..5..3.. | > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0020: 32 > 00 00 04 00 00 05 00-00 2f 00 00 16 00 00 13 2......../...... | > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0030: 00 > fe ff 00 00 0a 00 00-15 00 00 12 00 fe fe 00 ................ | > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0040: 00 > 09 00 00 64 00 00 62-00 00 03 00 00 06 69 13 ....d..b......i. | > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1479): | 0050: 73 > ff 86 72 4e 7d 52 4a-fe 9a b9 38 b9 1e s..rN}RJ...8.. | > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_io.c(1485): > +-------------------------------------------------------------------------+ > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: > Loop: SSLv3 read client hello A > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: > Loop: SSLv3 write server hello A > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: > Loop: SSLv3 write certificate A > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1185): handing > out temporary 1024 bit DH key > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: > Loop: SSLv3 write key exchange A > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: > Loop: SSLv3 write certificate request A > [Wed Jul 13 11:48:42 2005] [debug] ssl_engine_kernel.c(1801): OpenSSL: > Loop: SSLv3 flush data > [Wed Jul 13 11:48:47 2005] [debug] ssl_engine_io.c(1507): OpenSSL: > read 5/5 bytes from BIO#8372060 [mem: 83776d8] (BIO dump follows) > [Wed Jul 13 11:48:47 2005] [debug] ssl_engine_io.c(1454): > +-------------------------------------------------------------------------+ > [Wed Jul 13 11:48:47 2005] [debug] ssl_engine_io.c(1479): | 0000: 16 > 03 00 04 16 ..... | > [Wed Jul 13 11:48:47 2005] [debug] ssl_engine_io.c(1485): > +-------------------------------------------------------------------------+ > [Wed Jul 13 11:48:47 2005] [debug] ssl_engine_io.c(1507): OpenSSL: > read 1046/1046 bytes from BIO#8372060 [mem: 83776dd] (BIO dump > follows) > [Wed Jul 13 11:48:47 2005] [debug] ssl_engine_io.c(1454): > +-------------------------------------------------------------------------+ > [Wed Jul 13 11:48:47 2005] [debug] ssl_engine_io.c(1479): | 0000: 0b > 00 03 06 00 03 03 00-03 00 30 82 02 fc 30 82 ..........0...0. | > [Wed Jul 13 11:48:47 2005] [debug] ssl_engine_io.c(1479): | 0010: 01 > e4 02 01 02 30 0d 06-09 2a 86 48 86 f7 0d 01 .....0...*.H.... | > [Wed Jul 13 11 > > Regards > > Gaƫl > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
