Re: Client authentication problem

Wed, 13 Jul 2005 05:32:16 -0700 

>   The above indicates that. Make sure client cert
> processing is done correctly on the server side. If it
> is a program failure, then you need to get the
> programmer to debug the program.
> 

Thank you for your answer. I'm not sure what you intend with "program
failure": the pages served by this virtual host  are for the time
being only static html pages. The only programs involed are apache,
openssl and the browser

I tried the following command found in the openssl faq "openssl
s_client -connect tomcat-ssl.itcilo.org:443 -state -debug" and it
finished with the following error:

SSL_connect:SSLv3 write client key exchange A
write to 080B07A0 [080BFFC0] (6 bytes => -1 (0xFFFFFFFF))
SSL_connect:error in SSLv3 write finished A
SSL_connect:error in SSLv3 write finished A

I've googled a little bit but didn't really find something that
allowed me to solve my problem.

host:~/CA # openssl s_client -connect myhost:443 -showcerts -CAfile
/root/CA/itcilo-ca.crt
CONNECTED(00000003)
depth=1 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO
CA/[EMAIL PROTECTED]
verify return:1
depth=0 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=myhost/[EMAIL PROTECTED]
verify return:1
17680:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure:s3_pkt.c:1052:SSL alert number 40
17680:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:

I also tried passing to "openssl s_client" the client certificate and
key, with also an error, as you can see below:
dolphin:~/CA # openssl s_client -cert lams.crt -key lams.key -CAfile
itcilo-ca.crt -ssl3 -showcerts -connect myhost:443
CONNECTED(00000003)
depth=1 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO
CA/[EMAIL PROTECTED]
verify return:1
depth=0 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=myhost/[EMAIL PROTECTED]
verify return:1
17910:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:529:

I tried with ssl2 with same exit.

I'm searching but really don't understand the problem. I also created
again all the certificates with the same result.

Any help would be appreciated as I'm pretty baffled

Regards,

Gaël
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to