Re: Apache 2.0 + ssl + client cert + server cert

Wed, 06 Jul 2005 14:58:12 -0700 

Is your client sending only its certificate, or are you sending the entire 
certificate chain?
It looks like your server is unable to rebuild the cert. chain from the client 
to the root.



-----Original Message-----
From: "Fco .J. Arias" <[EMAIL PROTECTED]>
Sent: Jul 6, 2005 2:47 PM
To: openssl-users@openssl.org
Subject: Apache 2.0 + ssl + client cert + server cert

Hello I'm trying to use apache with client auth, but I can't. The
problem is in logs errors:

.
.
.
before other CA
a, B ,C ,D, E, F are strings
.
[Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA
certificate: /C=A/ST=B/L=C/O=D/OU=Webserver
Team/CN=www.foo.com/[EMAIL PROTECTED]
[Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA
certificate: /C=A/ST=B/L=C/O=D/OU=Webserver
Team/CN=www.foo.com/[EMAIL PROTECTED]
[Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA
certificate: /C=A/ST=B/L=C/O=D/OU=Certificate Authority/CN=F
CA/[EMAIL PROTECTED]

.
.
.
[Wed Jul 06 21:57:34 2005] [debug] ssl_engine_kernel.c(1210):
Certificate Verification: depth: 0, subject:
/C=A/ST=B/L=C/O=None/OU=None/CN=Fran D, /[EMAIL PROTECTED],
issuer: /C=A/ST=B/L=C/O=D/OU=Certificate Authority/CN=F
CA/[EMAIL PROTECTED]
[Wed Jul 06 21:57:44 2005] [error] Certificate Verification: Error (20):
unable to get local issuer certificate
[Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1790): OpenSSL:
Write: SSLv3 read client certificate B
[Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL:
Exit: error in SSLv3 read client certificate B
[Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL:
Exit: error in SSLv3 read client certificate B
[Wed Jul 06 21:57:44 2005] [info] SSL library error 1 in handshake
(server www.foo.com:8443, client 192.168.0.2)
[Wed Jul 06 21:57:44 2005] [info] SSL Library Error: 336105650
error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
returned
[Wed Jul 06 21:57:44 2005] [info] Connection to child 2 closed with
abortive shutdown(server www.foo.com:8443, client 192.168.0.2)


Anyone know How to solve this problem?



It's posible get datum of certificates(like CN of client or server) into
Apache C API?

Thanks, Fran.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to