Lutz,
Thank you for your assistance with
my last problem, which helped me to get past error 19. I am now failing
error 20, as is seen below in the ssl_engine_log output. I do not seem to have
any problem when I use a browser to connect to the site. My problem comes when I
attempt to use OpenSSL on the commandline. The application we are developing
does not use a browser client interface. We need to use the OpenSSL commandline
interface. I am issuing the OpenSSL call for s_client form a second machine on
the local LAN below.
The syntax I am using for the OpenSSL
call is:
openssl s_client -showcerts -connect 10.0.0.210:443
-CAfile ca-bumdle.crt -cert DST_crt.pem -key DST_key.pem -state
-debug
The result from the OpenSSL call fails with
indicating the message below:
SSL_connect:SSLv3 write client key exchange
A
write to 0039F7B8 [008E3A08] (139 bytes => -1
(0xFFFFFFFF))
SSL_connect:error in SSLv3 write change cipher spec
A
SSL_connect:error in SSLv3 write change cipher spec
A
write:errno=10053
The ssl_engine_log output reports this error:
[30/Jul/2002 04:35:28 32764] [info]
Connection to child 1 established (server www.servername.com:443, client
10.0.0.10)
[30/Jul/2002 04:35:28 32764] [info] Seeding PRNG with 1160 bytes of entropy [30/Jul/2002 04:35:30 32764] [error] Certificate Verification: Error (20): unable to get local issuer certificate\ [30/Jul/2002 04:35:30 32764] [error] SSL handshake failed (server www.servername.com:443, client 10.0.0.10) (OpenSSL library error follows) [30/Jul/2002 04:35:30 32764] [error] OpenSSL: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned The ssl_engine_log output with a
browser-based session follows:
[30/Jul/2002 05:17:40 32764] [info] Initial
(No.1) HTTPS request received for child 1 (server www.servername.com:443)
[30/Jul/2002 05:17:40 32764] [info] Connection to child 1 closed with unclean shutdown (server www.servername.com:443, client 10.0.0.10) [30/Jul/2002 05:17:40 32764] [info] Connection to child 1 established (server www.servername.com:443, client 10.0.0.10) [30/Jul/2002 05:17:40 32764] [info] Seeding PRNG with 1160 bytes of entropy [30/Jul/2002 05:17:40 32764] [info] Connection: Client IP: 10.0.0.10, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [30/Jul/2002 05:17:40 32755] [info] Connection: Client IP: 10.0.0.10, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [30/Jul/2002 05:17:40 32755] [info] Initial (No.1) HTTPS request received for child 0 (server www.servername.com:443) [30/Jul/2002 05:17:40 32764] [info] Initial (No.1) HTTPS request received for child 1 (server www.servername.com:443) [30/Jul/2002 05:17:40 32764] [info] Connection to child 1 closed with unclean shutdown (server www.servername.com:443, client 10.0.0.10) [30/Jul/2002 05:17:40 32755] [info] Connection to child 0 closed with unclean shutdown (server www.servername.com:443, client 10.0.0.10) Is the syntax I am using in the OpenSSL call wrong
or is there something else that I may be overlooking? I have tried a varity of
different combinations thus far without any success. Any assistance is very much
appreciated.
Thank You
Jim |