I am still stack with the same issue : [Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL: Handshake: start [Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: before accept initialization [Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1893): OpenSSL: Write: SSLv3 read client hello A [Tue Nov 24 16:56:15 2009] [debug] ssl_engine_kernel.c(1912): OpenSSL: Exit: error in SSLv3 read client hello A [Tue Nov 24 16:56:15 2009] [error] [client 194.2.193.253] Re-negotiation handshake failed: Not accepted by client!? [Tue Nov 24 16:56:23 2009] [debug] ssl_engine_io.c(1869): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f313d364fc0 [mem: 7f313d8641a0]
I renewed one more time all my certificates, so I don't think there is anything wrong with it. My apache configuration hasn't changed : <Directory /secured> SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 1 Order allow,deny allow from All </Directory> And any browser (Firefox, Opera) fail so I don't think it is a browser issue. Of course, I imported the CA and the client certificate... And still no prompt for the client certificate... Really no hint ? Could it be a bug in the distro package ? Thanks. On Mon, 23 Nov 2009 01:29:30 +0100, Jean-Christophe Baptiste <j...@phocean.net> wrote: > Hi all, > > I have been using client certificate for a while (more than 2 years) > successfuly. > > But now, after migrating a server, I am stuck with a problem that I have > no idea how to handle. > I just spent 10 hours googling around and reading the doc without > finding any clue. > > On my new set-up, the web browser seems to reject the negociation : > > [Sun Nov 22 22:51:36 2009] [info] [client ::1] Connection to child 2 > established (server www.***.net:443) > [Sun Nov 22 22:51:36 2009] [info] Seeding PRNG with 656 bytes of entropy > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL: > Handshake: start > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: > Loop: before/accept initialization > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read > 11/11 bytes from BIO#7f35d1213840 [mem: 7f35d1218f00] (BIO dump follows) > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1791): > +-------------------------------------------------------------------------+ > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1830): | 0000: 4f 50 > 54 49 4f 4e 53 20-2a 20 48 OPTIONS * H | > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_io.c(1836): > +-------------------------------------------------------------------------+ > [Sun Nov 22 22:51:36 2009] [debug] ssl_engine_kernel.c(1912): OpenSSL: > Exit: error in SSLv2/v3 read client hello A > [Sun Nov 22 22:51:36 2009] [info] [client ::1] SSL library error 1 in > handshake (server www.***.net:443) > [Sun Nov 22 22:51:36 2009] [info] SSL Library Error: 336027900 > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol > speaking not SSL to HTTPS port!? > [Sun Nov 22 22:51:36 2009] [info] [client ::1] Connection closed to > child 2 with abortive shutdown (server www.***.net:443) > > I have tried a bund of different settings. Of course, I re-generated > several times all the certificates, from the CA to the client. > Both the CA and the client were imported into the web browser. > > The mod-ssl settings are in no point different from the previous > machine, so am I missing ? > > So any help, any hint would be greatly appreciated. > > Thank you in advance, > > Regards, > Jean-Christophe ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager majord...@modssl.org