On Sat, 2000-3-18 01:10:35 +0000, <[EMAIL PROTECTED]> Dr Stephen Henson wrote: > [EMAIL PROTECTED] wrote: > > > > Hi there, > > > > we run apache 1.3.x with mod_ssl and openssl and although explicitely > > having switched of the FakeBasicAuth for the virtual secure server > > (own IP) it occasionaly requests a client cert and reports an error. > > At the client side a "Network Error" is reported. Repeated reloads > > finally load the page. > > > > SSLLog: > > 16/Mar/2000 17:23:39] [trace] OpenSSL: Loop: SSLv3 write certificate A > > [16/Mar/2000 17:23:39] [trace] OpenSSL: Loop: SSLv3 write server done A > > [16/Mar/2000 17:23:39] [trace] OpenSSL: Loop: SSLv3 flush data > > [16/Mar/2000 17:23:39] [trace] OpenSSL: Read: SSLv3 read client certificate A > > [16/Mar/2000 17:23:39] [trace] OpenSSL: Exit: failed in SSLv3 read client >certificate A > > [16/Mar/2000 17:23:39] [error] SSL handshake failed (client <ip>, server <ip>:443) >(OpenSSL library error follows) > > [16/Mar/2000 17:23:39] [error] OpenSSL: error:140943F2:SSL >routines:SSL3_READ_BYTES:sslv3 alert unexpected message > > > > Does anyone know a solution??? We need this to work. By the way it > > keeps appearing with that multistep redirection from insecurely > > transmitted pages to > > https://user:passwd@securehost/something1 > > and then to > > https://securehost/something2 > > > > Please help, if you can. I have no more ideas on this one... > > > > Hmmm... are you using an SGC certificate and does this only occur with > MSIE? If so then it could be the Microsoft SGC certificate problem: MS > SGC violates the SSL protocol. However OpenSSL 0.9.5 has a work around. > > Steve. The problem appears with different Clients (MSIE (Wins,Mac), netscape (Wins,Macs,Linuxs)) and the certificate is from thawte. We "solved" the problem by inserting an (for my understanding) unnesseccary line: SSLCACertificateFile /opt/apache13/conf/ssl.crt/ca-bundle.crt in the global server config of apache. By the way, we thought to rid ourselves of the problem already once, but had to reboot the machine recently... To me this appears to be some kind of server parsing or memory problem. But I confess not to be a specialist in mod_ssl and apache internals. Thanks so far. Olaf ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
