client auth failed / mod_ssl-2.6.2

Thu, 2 Mar 2000 08:56:19 -0800 


Client authentication came to fail in following situation.

Client:
  c1: MSIE 5.0  (5.00.2314.1003) / Windows NT 4.0 SP5
  c2: MSIE 5.01 (5.00.2919.6307) / Windows NT 4.0 SP5

Server:
  s1: apache-1.3.11 + mod_ssl-2.5.0 + OpenSSL-0.9.4
  s2: apache-1.3.12 + mod_ssl-2.6.0 + OpenSSL-0.9.4
  s3: apache-1.3.12 + mod_ssl-2.6.1 + OpenSSL-0.9.5
  s4: apache-1.3.12 + mod_ssl-2.6.2 + OpenSSL-0.9.5     

OS:
  linux 2.2.14 / glibc-2.1.3 / gcc 2.95.3
  linux 2.2.14 / glibc-2.0.7 / gcc 2.7.2.3

client c2(MSIE 5.01) is OK in all case (s1-s4).
Netscape Communicator 4.7 (linux) and 4.72 (MacOS) is OK, too.

But client c1(MSIE 5.0) is OK only in s1.


error message is here.
# SSLLogLevel trace

----------8<----------8<----------8<----------8<----------8<----------
[03/Mar/2000 00:33:00 29531] [info]  Connection to child 2 established (server 
www0.irori.org:443, client 10.6.25.163)
[03/Mar/2000 00:33:00 29531] [info]  Seeding PRNG with 1024 bytes of entropy
[03/Mar/2000 00:33:00 29531] [trace] OpenSSL: Handshake: start
[03/Mar/2000 00:33:00 29531] [trace] OpenSSL: Loop: before/accept initialization
[03/Mar/2000 00:33:00 29531] [trace] OpenSSL: Loop: SSLv3 read client hello A
[03/Mar/2000 00:33:00 29531] [trace] OpenSSL: Loop: SSLv3 write server hello A
[03/Mar/2000 00:33:00 29531] [trace] OpenSSL: Loop: SSLv3 write certificate A
[03/Mar/2000 00:33:00 29531] [trace] OpenSSL: Loop: SSLv3 write key exchange A
[03/Mar/2000 00:33:00 29531] [trace] OpenSSL: Loop: SSLv3 write server done A
[03/Mar/2000 00:33:00 29531] [trace] OpenSSL: Loop: SSLv3 flush data
[03/Mar/2000 00:33:00 29531] [trace] OpenSSL: Exit: failed in SSLv3 read client 
certificate A
[03/Mar/2000 00:33:00 29531] [info]  Spurious SSL handshake interrupt[Hint: Usually 
just one of those OpenSSL confusions!?]
----------8<----------8<----------8<----------8<----------8<----------

o CA's DN
  subject=/C=JP/ST=Tokyo/L=Nakano ku/O=IRORI/CN=Root CA inside 
[EMAIL PROTECTED]

o Server's DN
  subject=/C=JP/ST=Tokyo/O=IRORI/OU=HTTP 
[EMAIL PROTECTED]

o Client's DN
  [EMAIL PROTECTED]


it is because of mod_ssl ? or OpenSSL ?

-- 
HIROSE, Masaaki
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to