subject:"Re\: Problems with client certificates \(was\: Bug in Apache\/mod

Re: Problems with client certificates (was: Bug in Apache/mod_ssl ?)

1999-08-30 Thread Holger Reif


Your session cache might have not been set up.

 Arend van der Veen wrote:
 
  Hi all,
 
  I have been continuing my testing.  I have downloaded demo versions of both
  Raven-SSL and Stronghold and tried to use my Netscape generated client
  certificates.  Raven-SSL behaved identically to mod_ssl.  However,
  Stronghold worked !!.  When I select the certificate with Communicator and
  enter by Certificate Database Password, the connection hangs.  But after
  5-10 seconds the connection opens.  As I navigate the site Communicator does
  not request the certificate again.
 
  Is it possible to patch mod_ssl to give this behavior?  I think the
  Communicator may be the problem - but Stronghold found a work around.
 
  Any comments ?
 
  Arend van der Veen
  UTRS, Inc.
 
  -Original Message-
  From: Arend van der Veen [EMAIL PROTECTED]
  To: [EMAIL PROTECTED] [EMAIL PROTECTED]
  Cc: OTR Communications [EMAIL PROTECTED]
  Date: Sunday, August 08, 1999 4:05 PM
  Subject: Bug in Apache/mod_ssl ?
 
  Hi all,
  
  I have been trying to use client certificates with both Communicator and
  IE.
  I generated them myself.  I converted them to pkcs12 format using notes in
  the following FAQ: http://www.drh-consultancy.demon.co.uk/  (Q. I'm having
  real problems getting a certificate into Netscape, help!) and imported them
  into various browsers.
  
  The certificates worked great with Internet Explorer.  However, I am having
  problems with Communicator.  When  apache/mod_ssl asks for a certificate I
  select the one I made.  The browser then asks for the DB password and times
  out.  If I hit stop and then retried, it would ask me for the certificate
  again and then load the web page.  Whenever I jumped to a new page I am
  asked for the certificate again !!!
  
  I thought that I was not making the certificates properly.  To confirm this
  conclusion I decided to test client certificates that I generated on
  Netscape Certificate Server and have used on other servers (Netscape
  Enterprise on NT).  The client certificates that I used for testing work
  with Netscape Enterprise Server and both Internet Explorer and Netscape
  Communicator browsers.  Everything still worked with IE.  However
  Communicator  gave me the exact same result as before.  So I think I have
  been making valid certificates all along.
  
  Thus, I think that there is a problem with mod_ssl.  Is anybody out there
  using mod_ssl with Netscape Browsers?
  
  Any suggestions or comments ?
  
  Thanks,
  Arend van der Veen
  UTRS, Inc.
  
  
  __
  Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
  User Support Mailing List  [EMAIL PROTECTED]
  Automated List Manager[EMAIL PROTECTED]
  
 
  __
  Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
  User Support Mailing List  [EMAIL PROTECTED]
  Automated List Manager[EMAIL PROTECTED]
 
 __
 Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
 User Support Mailing List  [EMAIL PROTECTED]
 Automated List Manager[EMAIL PROTECTED]

-- 
Holger Reif  Tel.: +49 361 74707-0
SmartRing GmbH   Fax.: +49 361 7470720
Europaplatz 5 [EMAIL PROTECTED]
D-99091 ErfurtWWW.SmartRing.de
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Problems with client certificates (was: Bug in Apache/mod_ssl ?)

1999-08-30 Thread Lutz Jaenicke


Hi,

I have experienced similar problems as Arend van der Veen.
My problem was reproducability, because I could reproduce it with
old Netscape versions and new versions, that were generated by
upgrading old version. I could not reproduce these problems on
a freshly installed PC with a freshly installed 4.61...

Anyway, to get more precise:
- I have only seen this problem with Netscape for Win32 (never tried Win16).
  NS for Linux and HP-UX did not exhibit this problem.
- The problem also appeared for a service I am working on (SMTP with TLS),
  so it might be combined with the underlying OpenSSL library. I don't think
  it is a problem of mod_ssl alone.
- I have setup test certificates and Nelson B. Bolyard ([EMAIL PROTECTED])
  tried to reproduce the problem in the netscape.dev.ssl newsgroup:
  His experience was:
 Using the cert you sent me, I accessed the page bearing my name with
 Communicator 4.5 and also with 4.7 (which is not yet released).

 4.5 crashed when I attempted to access your site.  (sigh.)
 4.7 did client auth and accessed the page without any problem.

 I'd file a bug against 4.5, but it appears to already be "fixed in the next
 release".
  I have filed a bug report anyway. (This passage cited as it is not from
  personal mail but from the public netscape.dev.ssl newsgroup, thread:
  "Client certificate problem with Win32")
- I tested by sniffing during the negotiation and my experience is, that
  once the server asked for the cert and the client asks the user for the
  password, the client PC will not send out packages to the server anymore
  (with my SMTP server and TCP protocol).

So much for my actual knowledge,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Problems with client certificates (was: Bug in Apache/mod_ssl ?)

Re: Problems with client certificates (was: Bug in Apache/mod_ssl ?)

2 matches

Site Navigation

Mail list logo

Footer information