Hello, I don't know where to submit this, either to the OpenSSL camp, or the mod_ssl camp, but as Ralf Engelschall also reads this list, I think it's the right way to go.
A certificate chain with sha224withRSA can't be used for client authentication, Apache claims that the signature is invalid. I've read the source, this error is triggered because OpenSSL can't find the digest algorithm (ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM). It has been corrected in the Apache2 2.2.x branch, but is still present in the Apache2 2.0.x one. The problem is that SSL_library_init() doesn't add all the algorithms added by OPENSSL_add_all_algorithms(), and particularly not the SHA2 series. Unfortunately, Apache2 2.0.x calls the former, Apache2 2.2.x the later. So, basically, Apache2 is corrected (but an additional call to OPENSSL_add_all_algorithms() could be a good thing to do), but that leaves the SSL_library_init() problem, this function should do what is necessary, and an additional *init* function shouldn't be required. -- Erwann ABALEA <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
