At 03:47 PM 1/1/00 +0100, Christian Buysschaert wrote:
>Hello Bertie,
>
>Thanks for providing this patch!
>
>I've been testing it but have been unsuccessful in getting it
>to work. I'll provide my setup here perhaps somebody could
>point out some things I've been doing wrong?
>
>Server: Apache 1.3.9/mod_ssl 2.4.9/OpenSSL 0.9.4 on NT4SP6a
>Client: IE501 on NT4SP6a
>
The Interesting part of the log file is
>+-------------------------------------------------------------------------+
>[01/Jan/2000 15:30:02 00267] [trace] OpenSSL: Write: SSLv3 read client
>certificate B
>[01/Jan/2000 15:30:02 00267] [trace] OpenSSL: Exit: error in SSLv3 read
>client certificate B
>[01/Jan/2000 15:30:02 00267] [trace] OpenSSL: Exit: error in SSLv3 read
>client certificate B
>[01/Jan/2000 15:30:02 00267] [error] SSL handshake failed (server
>sgctest.globalsign.net:443, client 192.168.255.1) (OpenSSL library error
>follows)
>[01/Jan/2000 15:30:02 00267] [error] OpenSSL: error:14089106:SSL
>routines:SSL3_GET_CLIENT_CERTIFICATE:wrong message type
I have found that the fix I sent previously was premature, it works for
some versions of IE and not others ! In particular it depends on the
version of schannel.dll on the client machine. My fix copes with the case
when a client hello is sent in the middle of the SSL handshake. I think on
later versions of schannel.dll IE sends a new message called a client reset
message before the client hello message.
Am looking into it.
Bertie
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
