how would I use openssl and curl ? to check port 443 from a nonlocal host ?
thanks !! ________________________________________________ Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag ---- On Thu, 28 Feb 2002, Brad Burdick ([EMAIL PROTECTED]) wrote: > > > > > > When I go to the url https://localhost > > using netscape on the same box running > > apache and mod_ssl, SSL appears to > > work fine. > > > > But when I come in from a box other than > > the box running apache and mod_ssl, I get > > Page cannot be displayed. > > > > I have apache 1.3.20 RedHat, OpenSSL > > version 0.9.6b, on redhat version 2.4.7-10. > > > > Is this because of the Servername ? I am at > > a loss and cannot find the solution in the > > mod_ssl documentation. Is there a set of > > tests to help ferret out this problem ? > > same (or similar) problem here. > > i've just installed these on a solaris 8 x86 box: > > - apache 1.3.23 > - mod_ssl 2.8.7-1.3.23 > - openssl 0.9.6c > - fake certificate for testing using the snakeoil CA > > > i can connect using openssl and curl, but netscape and mozilla from > linux > and IE 5.x from win98 are failing. all 3 clients can connect to other > SSL > sites without problem up to 128-bit. > > > i've turned up the log level and see the following for the failed > connections. > > [28/Feb/2002 09:57:43 11626] [info] Connection to child 5 established > (server dev.topbox.net:443, client 68.65.62.5) > [28/Feb/2002 09:57:43 11626] [info] Seeding PRNG with 255 bytes of > entropy > [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Handshake: start > [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Loop: before/accept > initialization > [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Write: SSLv3 read client > hello B > [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Exit: error in SSLv3 read > client hello B > [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Exit: error in SSLv3 read > client hello B > [28/Feb/2002 09:57:43 11626] [error] SSL handshake failed (server > dev.topbox.net:443, client 68.65.62.5) (OpenSSL library error follows) > [28/Feb/2002 09:57:43 11626] [error] OpenSSL: > error:1408A0C1:lib(20):func(138):reason(193) > > > this is a connection using 'curl -v https://dev.topbox.net/': > > [28/Feb/2002 10:01:21 11619] [info] Connection to child 0 established > (server dev.topbox.net:443, client 68.65.62.5) > [28/Feb/2002 10:01:21 11619] [info] Seeding PRNG with 255 bytes of > entropy > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Handshake: start > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: before/accept > initialization > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read client > hello A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write server > hello A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write > certificate A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write key > exchange A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write server > done A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 flush data > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read client > key exchange A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read finished > A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write change > cipher spec A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write > finished A > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 flush data > [28/Feb/2002 10:01:21 11619] [trace] Inter-Process Session Cache (DBM) > Expiry: old: 3, new: 1, removed: 2 > [28/Feb/2002 10:01:21 11619] [trace] Inter-Process Session Cache: > request=SET status=OK > id=50E1590207BA3AD79ABFF90030434FB8E8DF0F684802105EF43DCABCA4454C36 > timeout=300s (session caching) > [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Handshake: done > [28/Feb/2002 10:01:21 11619] [info] Connection: Client IP: 68.65.62.5, > Protocol: TLSv1, Cipher: EDH-DSS-DES-CBC3-SHA (168/168 bits) > [28/Feb/2002 10:01:22 11619] [info] Initial (No.1) HTTPS request > received for child 0 (server dev.topbox.net:443) > [28/Feb/2002 10:01:22 11619] [trace] OpenSSL: Write: SSL negotiation > finished successfully > [28/Feb/2002 10:01:22 11619] [info] Connection to child 0 closed with > standard shutdown (server dev.topbox.net:443, client 68.65.62.5) > > > here's the startup info for apache+mod_ssl: > > [28/Feb/2002 10:02:23 11505] [info] Init: 5nd restart round (already > detached) > [28/Feb/2002 10:02:23 11505] [info] Init: Reinitializing OpenSSL > library > [28/Feb/2002 10:02:23 11505] [trace] Inter-Process Session Cache (DBM) > Expiry: old: 0, new: 0, removed: 0 > [28/Feb/2002 10:02:23 11505] [info] Init: Seeding PRNG with 255 bytes > of entropy > [28/Feb/2002 10:02:23 11505] [info] Init: Configuring temporary RSA > private keys (512/1024 bits) > [28/Feb/2002 10:02:23 11505] [info] Init: Configuring temporary DH > parameters (512/1024 bits) > [28/Feb/2002 10:02:23 11505] [info] Init: Initializing (virtual) > servers for SSL > [28/Feb/2002 10:02:23 11505] [info] Init: Configuring server > dev.topbox.net:443 for SSL protocol > [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) > Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) > [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) > Configuring permitted SSL ciphers > [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] > [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) > Configuring DSA server certificate > [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) > Configuring DSA server private key > > > i can turn loglevel up to debug if anyone thinks the extra output would > be > useful, but the logged results don't mean anything to me. :) > > -brad > -- > Brad Burdick | [EMAIL PROTECTED] > http://media.org/ | The medium is NOT the message > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
