Hi all,
I'm on RH 6.1, Apache 1.3.9, modssl 2.4.8-1.3.9, and openssl 0.9.4. When
I attempted to establish a secure connection, my Netscape browser
complained about an incorrect "Message Authentication Code." The end of
ssl_engine_log looks like this:
[10/Nov/1999 20:47:25 25706] [info] Connection to child 3 established
(server blah.com:443, client 12.34.56.78)
[10/Nov/1999 20:47:25 25706] [error] SSL handshake failed (server
blah.com:443, client 12.34.56.78) (OpenSSL library error follows)
[10/Nov/1999 20:47:25 25706] [error] OpenSSL: error:0407106B:rsa
routines:RSA_padding_check_PKCS1_type_2:block type is not 02
[10/Nov/1999 20:47:25 25706] [error] OpenSSL: error:04065072:rsa
routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed
[10/Nov/1999 20:47:25 25706] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode
Can anybody help me? This looks like an openssl problem, but I was able
to make this same build of openssl run fine under Apache 1.3.6 with
mod_ssl-2.3.11-1.3.6. This factor focuses my suspicions on this new
version of modssl. Here's some background, if needed:
I downloaded and untarred the sources. Moving to openSSL, I did:
./configure
make
make test
Everything looked good. I then moved to mod_SSL and did:
./configure --with-apache=../apache_1.3.9 --with-ssl=../openssl-0.9.4
--prefix=/usr/local/apache
Looked fine. Then I moved to the apache source and did:
make
make certificate (I kept all the www.snakeoil.com defaults)
make install
Everything looked good. I was able to do this successfully with Apache
1.3.6 (and the appropriate mod_ssl version), but 1.3.9 is giving me fits.
The rest of the server (e.g. non-encrypted stuff) runs fine. Any ideas?
Thanks,
Steve Freitas
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
