Hi. Have you imported the CA of the client cert on the server side? A verify depth of 1 has been set, which could mean that the client cert is self signed? Can you set it to some higher value and try?
Also can you check whether the option "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"? It looks to me a definitive server side issue.. Can you retry the same thing from Mozilla or something. FYI: I implemented the exacy same thing recently and didnt see such problems..is your server mod_ssl? Thanks --Gayathri > The above indicates that. Make sure client cert > processing is done correctly on the server side. If it > is a program failure, then you need to get the > programmer to debug the program. > Thank you for your answer. I'm not sure what you intend with "program failure": the pages served by this virtual host are for the time being only static html pages. The only programs involed are apache, openssl and the browser I tried the following command found in the openssl faq "openssl s_client -connect tomcat-ssl.itcilo.org:443 -state -debug" and it finished with the following error: SSL_connect:SSLv3 write client key exchange A write to 080B07A0 [080BFFC0] (6 bytes => -1 (0xFFFFFFFF)) SSL_connect:error in SSLv3 write finished A SSL_connect:error in SSLv3 write finished A I've googled a little bit but didn't really find something that allowed me to solve my problem. host:~/CA # openssl s_client -connect myhost:443 -showcerts -CAfile /root/CA/itcilo-ca.crt CONNECTED(00000003) depth=1 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO CA/[EMAIL PROTECTED] verify return:1 depth=0 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=myhost/[EMAIL PROTECTED] verify return:1 17680:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40 17680:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: I also tried passing to "openssl s_client" the client certificate and key, with also an error, as you can see below: dolphin:~/CA # openssl s_client -cert lams.crt -key lams.key -CAfile itcilo-ca.crt -ssl3 -showcerts -connect myhost:443 CONNECTED(00000003) depth=1 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO CA/[EMAIL PROTECTED] verify return:1 depth=0 /C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=myhost/[EMAIL PROTECTED] verify return:1 17910:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529: I tried with ssl2 with same exit. I'm searching but really don't understand the problem. I also created again all the certificates with the same result. Any help would be appreciated as I'm pretty baffled Regards, Gaƫl ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
