Apache: httpd-2.0.40
OpenSSL: openssl-0.9.6g
On a same HTTPS Apache server and with same client certificate, all connections from
MSIE have failed, but all NS connections are issued properly.
MSIE with same client certificate, and same trusted intermediate authority one HTTPS
Iplanet server 4 connect properly.
MSIE connect properly to HTPPS Apache sever when i use a certificate that is signed
directly by root CA not from intermediate CA.
I use SSLV3 Protocol to protect a sub-directory with this setting:
<Location "/cert">
SSLVerifyDepth 2
SSLVerifyClient require
SSLCACertificateFile R:\PDCI\dciweb\Apache2\dciwebca.crt
SSLOptions +ExportCertData +OptRenegotiate
</Location>
Log file with debug setting gives:
God connection with NSE V4.7
[Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1294): Certificate
Verification: depth: 1, subject: /C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters
Financial SoftWare/CN=Reuters Financial SoftWare test
[EMAIL PROTECTED], issuer:
/C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters Financial
SoftWare test [EMAIL PROTECTED]
[Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1294): Certificate
Verification: depth: 0, subject: /C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters
Financial SoftWare/CN=RCF User [EMAIL PROTECTED], issuer:
/C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters Financial
SoftWare test [EMAIL PROTECTED]
[Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3
read client certificate A
[Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3
read client key exchange A
[Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop: SSLv3
read certificate verify A
Bad connection vith MSIE 6
[Mon Sep 30 14:55:01 2002] [debug] ssl_engine_kernel.c(1294): Certificate
Verification: depth: 1, subject: /C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters
Financial SoftWare/CN=RCF User [EMAIL PROTECTED], issuer:
/C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters Financial
SoftWare test [EMAIL PROTECTED]
[Mon Sep 30 14:55:01 2002] [error] Certificate Verification: Error (24): invalid CA
certificate
[Mon Sep 30 14:55:01 2002] [debug] ssl_engine_kernel.c(1864): OpenSSL: Write: SSLv3
read client certificate B
[Mon Sep 30 14:55:01 2002] [debug] ssl_engine_kernel.c(1883): OpenSSL: Exit: error in
SSLv3 read client certificate B
Best regards
[EMAIL PROTECTED]<Olivier Baulier>
------------------------------------------------------------- ---
Visit our Internet site at http://www.reuters.com
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Reuters Ltd.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
