Hello.
on "client auth failed / mod_ssl-2.6.2"
<[EMAIL PROTECTED]>
at Fri, 03 Mar 2000 01:43:16 +0900
I wrote:
> Client authentication came to fail in following situation.
> Client:
> c1: MSIE 5.0 (5.00.2314.1003) / Windows NT 4.0 SP5
> c2: MSIE 5.01 (5.00.2919.6307) / Windows NT 4.0 SP5
> Server:
> s1: apache-1.3.11 + mod_ssl-2.5.0 + OpenSSL-0.9.4
> s2: apache-1.3.12 + mod_ssl-2.6.0 + OpenSSL-0.9.4
> s3: apache-1.3.12 + mod_ssl-2.6.1 + OpenSSL-0.9.5
> s4: apache-1.3.12 + mod_ssl-2.6.2 + OpenSSL-0.9.5
> But client c1(MSIE 5.0) is OK only in s1.
I found workaround. But I still don't know why error happened.
1) set SSLSessionCache
This error occurs in "SSLSessionCache none" (default is "none").
When set SSLSessionCache to "dbm:/..." or "shm:/...", client authentication
OK with MSIE 5.0.
2) modify ssl_engine_init.c
edit ssl_engine_init.c.
@@ -544,7 +544,8 @@
* Configure additional context ingredients
*/
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
- if (mc->nSessionCacheMode == SSL_SCMODE_NONE)
+ if (mc->nSessionCacheMode == SSL_SCMODE_UNSET)
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
else
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER);
This change done between mod_ssl-2.5.0 and 2.5.1.
so I tried with mod_ssl-2.5.1, then same error occured.
# 2.5.0 is OK.
hmmm....
--
HIROSE, Masaaki
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
