Folks,
I believe I'm experiencing the same MSIE problems that
have been discussed on this list over the past few weeks,
but with a little more information. Perhaps it will help.
I'm running Apache 1.3.12 + modssl 2.6.4 + openssl 0.9.5a on
an UltraSparc 10 + Solaris7.
First, I created a dummy certificate (i.e. signed by Snake-Oil CA)
and everything works just fine. Both IE and Netscape connect
without incident.
Next, I got a generated new keys and got a Verisign certificate.
I installed this certificate (along with the intermediate certificate)
and that's when things started breaking for IE only. Netscape will
connect just fine, but IE gives that 'very informative' error screen.
Here is the tail end of the log with debug turned on:
[26/Jul/2000 09:55:20 27052] [debug] OpenSSL: write 67/67 bytes
to BIO#0014D048 [mem: 001749F0] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 14 03 00 00 01 01 16 03-00 00 38 7c 9b f8 cc 94 ..........8|.... |
| 0010: 73 0a b9 2b e8 ec 32 91-c2 88 86 52 2b d6 f3 12 s..+..2....R+... |
| 0020: 8c 67 0d 7a f9 c2 0c 1e-4c c8 6d 7a 95 3e 21 d9 .g.z....L.mz.>!. |
| 0030: 02 16 c0 7d 94 4d 47 7d-70 49 9a 4c d6 db 82 c9 ...}.MG}pI.L.... |
| 0040: 72 09 17 r.. |
+-------------------------------------------------------------------------+
[26/Jul/2000 09:55:20 27052] [trace] OpenSSL: Loop: SSLv3 flush data
[26/Jul/2000 09:55:20 27052] [trace] Inter-Process Session Cache:
request=SET
status=OK
id=460730715DA5C519241676A466979A8EC3B3813DC8A8803C81BCA4658A094BD8
timeout=299s (session caching)
[26/Jul/2000 09:55:20 27052] [trace] OpenSSL: Handshake: done
[26/Jul/2000 09:55:20 27052] [info] Connection: Client IP: 192.168.8.109,
Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
[26/Jul/2000 09:55:20 27052] [debug] OpenSSL: read 0/18437 bytes from
BIO#0014D048
[mem: 001675C8] (BIO dump follows)
+-------------------------------------------------------------------------+
+-------------------------------------------------------------------------+
[26/Jul/2000 09:55:20 27052] [debug] OpenSSL: write 23/23 bytes to
BIO#0014D048
[mem: 0016FDD8] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 15 03 00 00 12 d4 c5 65-6a a4 01 3f bd 11 49 75 .......ej..?..Iu |
| 0010: 12 43 94 83 8f 2c a5 .C...,. |
+-------------------------------------------------------------------------+
[26/Jul/2000 09:55:20 27052] [trace] OpenSSL: Write: SSL negotiation
finished
successfully
[26/Jul/2000 09:55:20 27052] [info] Connection to child 1 closed with
standard
shutdown (server 192.168.8.84:443, client 192.168.8.109)
It appears that in the line above (read 0/18437 bytes from...) that IE
shutdown the TCP/IP connection, forcing the SSL connection to be closed by
the server. The question is, why does IE shutdown the connection, but
Netscape continued on without problem?
I'm going to try to sniff the TCP line to see what is actually happening,
but until then, any additional insight would be helpfull.
Thanks,
- Bob
------------------------------------------------------
Bob Burns Zaxus
[EMAIL PROTECTED] 1-888-744-4976, X6510
(local) 1-954-846-6510
------------------------------------------------------
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
