On Thu, Mar 25, 1999, Magnus Stenman wrote:
> Here comes my trace:
>
> [25/Mar/1999 13:10:21] [info] Connection to child 0 established (server
>starbug.inbox.se:443)
> [25/Mar/1999 13:10:21] [trace] Seeding PRNG with 1032 bytes of entropy
> [25/Mar/1999 13:10:21] [trace] OpenSSL: Handshake: start
> [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: before SSL initialization
> [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 read client hello A
> [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write server hello A
> [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write certificate A
> [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write key exchange A
> [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 write server done A
> [25/Mar/1999 13:10:21] [trace] OpenSSL: Loop: SSLv3 flush data
> [25/Mar/1999 13:10:21] [trace] OpenSSL: Read: SSLv3 read client certificate A
> [25/Mar/1999 13:10:21] [trace] OpenSSL: Exit: failed in SSLv3 read client
>certificate A
> [25/Mar/1999 13:10:21] [info] SSL handshake stopped: connection was closed
>
> Strange... I don't use SSLVerifyClient...
> > > I'm getting the same odd error as the other fellow:
> > > "Netscape has encountered bad data from the server." (Mac Communicator 4.51)
> > >
> > > Here's my setup:
> > > 3.1-RELEASE FreeBSD
> > > Apache/1.3.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.2b
> > >
> > > And the errors from the logs:
> > > [Thu Mar 25 04:52:37 1999] [error] mod_ssl: SSL handshake failed (client
> > > 199.120.185.113, server secure.infocom.com:443) (OpenSSL library error follows)
> > > [Thu Mar 25 04:52:37 1999] [error] OpenSSL: error:14094410:SSL
> > > routines:SSL3_READ_BYTES:sslv3 alert handshake failure
> >
> > At which state of the handshake happens this?
> > Use "SSLLogLevel trace" to find this out, please.
But where the [error] message in your trace? Seems like you've now a different
problem. And yes, it's strange that a client certificate is read although
youßve not configured one. BTW, I use exactly the same software as you
(FreeBSD 3.1, Apache 1.3.6, mod_ssl 2.2.6, OpenSSL 0.9.2b) and it works fine
with my local Netscape. So it really seems that those Mac-Netscapes send
something different? Are you sure this Netscape isn't broken? Can
you correctly connect to other SSL sites?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.engelschall.com/sw/mod_ssl/
Official Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
