William,
That *DID* work....do you happen to have any explaination as to why?
It doesn't make sense that having to turn on revocation checking would allow
it to work?
Is this true for all Verisign certs? If so, why do I not get that error
when going to other sites with a Verisign cert using IE?
- Bob
> -----Original Message-----
> From: Wallace, William [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, July 27, 2000 10:17 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: MSIE *Again*
>
>
> Does changing the "Check for server certificate revocation (requires
> restart)" advanced security setting in IE change the behavior?
>
> > -----Original Message-----
> > From: Burns, Robert [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 26, 2000 10:38 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: MSIE *Again*
> >
> >
> > Folks,
> >
> > I believe I'm experiencing the same MSIE problems that
> > have been discussed on this list over the past few weeks,
> > but with a little more information. Perhaps it will help.
> >
> > I'm running Apache 1.3.12 + modssl 2.6.4 + openssl 0.9.5a on
> > an UltraSparc 10 + Solaris7.
> >
> > First, I created a dummy certificate (i.e. signed by Snake-Oil CA)
> > and everything works just fine. Both IE and Netscape connect
> > without incident.
> >
> > Next, I got a generated new keys and got a Verisign certificate.
> > I installed this certificate (along with the intermediate
> certificate)
> > and that's when things started breaking for IE only. Netscape will
> > connect just fine, but IE gives that 'very informative'
> error screen.
> >
> > Here is the tail end of the log with debug turned on:
> >
> > [26/Jul/2000 09:55:20 27052] [debug] OpenSSL: write 67/67 bytes
> > to BIO#0014D048 [mem: 001749F0] (BIO dump follows)
> > +-------------------------------------------------------------
> > ------------+
> > | 0000: 14 03 00 00 01 01 16 03-00 00 38 7c 9b f8 cc 94
> > ..........8|.... |
> > | 0010: 73 0a b9 2b e8 ec 32 91-c2 88 86 52 2b d6 f3 12
> > s..+..2....R+... |
> > | 0020: 8c 67 0d 7a f9 c2 0c 1e-4c c8 6d 7a 95 3e 21 d9
> > .g.z....L.mz.>!. |
> > | 0030: 02 16 c0 7d 94 4d 47 7d-70 49 9a 4c d6 db 82 c9
> > ...}.MG}pI.L.... |
> > | 0040: 72 09 17 r..
> > |
> > +-------------------------------------------------------------
> > ------------+
> > [26/Jul/2000 09:55:20 27052] [trace] OpenSSL: Loop: SSLv3 flush data
> > [26/Jul/2000 09:55:20 27052] [trace] Inter-Process Session Cache:
> > request=SET
> > status=OK
> > id=460730715DA5C519241676A466979A8EC3B3813DC8A8803C81BCA4658A094BD8
> > timeout=299s (session caching)
> > [26/Jul/2000 09:55:20 27052] [trace] OpenSSL: Handshake: done
> > [26/Jul/2000 09:55:20 27052] [info] Connection: Client IP:
> > 192.168.8.109,
> > Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits)
> > [26/Jul/2000 09:55:20 27052] [debug] OpenSSL: read 0/18437
> bytes from
> > BIO#0014D048
> > [mem: 001675C8] (BIO dump follows)
> > +-------------------------------------------------------------
> > ------------+
> > +-------------------------------------------------------------
> > ------------+
> > [26/Jul/2000 09:55:20 27052] [debug] OpenSSL: write 23/23 bytes to
> > BIO#0014D048
> > [mem: 0016FDD8] (BIO dump follows)
> > +-------------------------------------------------------------
> > ------------+
> > | 0000: 15 03 00 00 12 d4 c5 65-6a a4 01 3f bd 11 49 75
> > .......ej..?..Iu |
> > | 0010: 12 43 94 83 8f 2c a5
> > .C...,. |
> > +-------------------------------------------------------------
> > ------------+
> > [26/Jul/2000 09:55:20 27052] [trace] OpenSSL: Write: SSL negotiation
> > finished
> > successfully
> > [26/Jul/2000 09:55:20 27052] [info] Connection to child 1
> closed with
> > standard
> > shutdown (server 192.168.8.84:443, client 192.168.8.109)
> >
> > It appears that in the line above (read 0/18437 bytes
> from...) that IE
> > shutdown the TCP/IP connection, forcing the SSL connection to
> > be closed by
> > the server. The question is, why does IE shutdown the
> connection, but
> > Netscape continued on without problem?
> >
> > I'm going to try to sniff the TCP line to see what is
> > actually happening,
> > but until then, any additional insight would be helpfull.
> >
> > Thanks,
> >
> > - Bob
> >
> > ------------------------------------------------------
> > Bob Burns Zaxus
> > [EMAIL PROTECTED] 1-888-744-4976, X6510
> > (local) 1-954-846-6510
> > ------------------------------------------------------
> >
> ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
