After all the discussion, and rereading documentation and config files
and the bug report several times over, I noticed that my apache server
config file used the SSLVerifyClient Directive at level "optional" and
that the documentation states, "In practice only levels 'none' and
'require' are really interesting, because level 'optional' doesn't work
with all browsers". I was also using the SSLVerifyDepth Directive at a
depth number of 1.
By commenting out these two directives (the default level for the first
is none), I solved the problem.
When I remarked earlier that client certificates were not involved at
all, I mistakenly considered only what was going on with the client,
failing to consider client certificate directives on the server.
Apologies if I should have thought of that sooner, and thanks for all
the helpful replies.
Hope this helps some other folks.
-Kevin
