ok never mind, got it working. My server certificate had expired. Thanks for all your help. Stella
On Wed, Nov 12, 2003 at 01:23:15PM +0000, Stella Power wrote: > ok I think I figured out one problem - the client side was using a cert > signed with a password protected key, which my script was unable to deal > with. Having fixed that, I am now getting error > > 140890B2 : SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned > on the server side. > > and error: > 14094418 : SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca > on the client side. > > Looking at the Net::SSLeay module, it seems to fail on the > 'get_peer_certificate' line. I'm presuming that it has a list of known CA's > somewhere, and hence there must be some way of adding another CA to it. Does > anyone know if there is a function to do this? is it > Net::SSLeay::CTX_set_client_CA_list() by any chance? I can't seem to find > any examples for this, could someone point me in the right direction? > > thanks Lutz for letting me know about the 'openssl errstr' command by the > way, it's quite useful! > > Thanks, > Stella > > > On Wed, Nov 12, 2003 at 12:51:58PM +0100, Lutz Jaenicke wrote: > > On Wed, Nov 12, 2003 at 10:53:58AM +0000, Stella Power wrote: > > > I was wondering if anyone on this list could help me. I'm trying to use the > > > post_https() function in Net::SSLeay to post to a website that needs a valid > > > client certificate. > > ... > > > However, the server fails to validate my cert. I'm not sure if it is the > > > module or my actual cert which is wrong. > > > > > I then used the path to newcert.pem for $cert_path above, and the path to > > > newreq.pem as the $key_path above (post_https() line). > > > > > > I get the following errors in /var/log/httpd/error_log > > > mod_ssl: SSL handshake failed (server renegade.dev.ie.alphyra.com:443, client > > > 192.168.1.146) (OpenSSL library error follows) > > > [error] OpenSSL: error:140890C7:lib(20):func(137):reason(199) > > > > [EMAIL PROTECTED]:~/cc/openssl-0.9.7-stable/ssl$ openssl errstr 140890C7 > > error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a > > certificate > > > > Your client does not send a certificate, even though requested. > > So the problem is on the client side. > > > > Best regards, > > Lutz > > -- > > Lutz Jaenicke [EMAIL PROTECTED] > > http://www.aet.TU-Cottbus.DE/personen/jaenicke/ > > BTU Cottbus, Allgemeine Elektrotechnik > > Universitaetsplatz 3-4, D-03044 Cottbus > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]