"Mary Peterson" <[EMAIL PROTECTED]> writes:
> Can anyone help with this problem???
>
> I am getting the following error in my apache error log when a user is
> using their certificate's private key to digitally sign a registration
> form on our website. Does anyone know how to fix this so the error
> message doesn't appear? The signing algorithm is sha1RSA. Does
> something need to be added to the sslciphersuite of the httpd.conf?
>
>
> [error] mod_ssl: SSL handshake failed (server www.test..org, client
> xx.xx.xx.xx) (OpenSSL library error follows)
> [error] OpenSSL: error:14088109:SSL routines:SSL3_GET_CERT_VERIFY:wrong
> signature size
>
> I would appreciate any assistance that anyone could give. Thanks!
Talking about sha1RSA doesn't make sense in the context of SSL client
authentication (which is what this error indicates). All SSL client
authentication (with RSA) uses two hashes, MD5 and SHA-1.
Some questions:
(1) What client are you using?
(2) What exactly are you doing that leads you to believe that
sha1RSA is being used?
(3) Can you get an ssldump trace of this transaction?
Use -NAx so that we get the maximal amount of data.
-Ekr
--
[Eric Rescorla [EMAIL PROTECTED]]
http://www.rtfm.com/
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
