on 9/17/01 10:50 AM, Eric Rescorla at [EMAIL PROTECTED] wrote:
>> I get the same error connecting from other client machines using Netscape
>> 4.7, but not if I use 4.7.5. There's clearly a bug in Netscape 4.7 and
>> earlier versions, but why is it just affecting our implementation of
>> OpenSSL?
> That's a good question.
Well, I found out that Netscape only sends the invalid CSS message if the
certificate used by the server is a SGC cert or the common name on the
certificate was different from the hostname used to contact the machine.
(eg: the URL was https://testing1.berkeley.4d.com/ but the common name on
the certificate is "any.other.name.com").
If you use a non-SGC certificate whose common name matches the hostname of
the server, then everything is fine.
Still unanswered is why OpenSSL feels the need to respond to an invalid CSS
message with an equally invalid CSS message. I've only glanced at the
OpenSSL handshake code in the past, so I'm not keen on diving into it right
now. But if nobody else is willing...
>> I'll try to get a complete session with tcpdump for you.
> Good plan.
Still working on this. I'm not familiar with tcpdump at all, and I'm
assuming I can get a copy for MacOS X, but I'll figure it out.
cjh
================================================================
CJ Holmes, Director of Engineering [EMAIL PROTECTED]
4D, Inc. http://www.4D.com/
4D Server v6.7.5 and Mac OS X
"When the Solution Matters"
(Now Shipping!) http://www.4D.com/675 (FREE to 4D v6.7 Owners)
================================================================
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
