In my opinion there is a bug in s_server.c line 508 (linux build).
The function SSL_CTX_set_client_CA_list(ctx,
SSL_load_client_CA_file(s_cert_file)) should not be adding the server cert
to the CA list it should be called with the CA cert as follows:
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
I hope this helps solve your problem.
Endre.
> -----Original Message-----
> From: member U-0176 [SMTP:[EMAIL PROTECTED]]
> Sent: Saturday, May 30, 1998 1:37 AM
> To: [EMAIL PROTECTED]
> Subject: [ssl-users] IE does not want to connect to my server
>
> Hi
>
> I made my own CA using SSLeay 0.9.0, I signed a certificate with it.
> Then I use this cert to run a server. Before connecting I loaded the CA
> cert in the CA cert list of Netscape Trusted CA list and I did the same
> with Internet Explorer 3.0.
>
> When I connect with Netscape everything's OK.
>
> When I try with IE it says me "could not connect to the server"
> If try s_server with the same cert it returns the following error
> message:
> 1240:error:140780E1:SSL routines:SSL23_READ:ssl handshake
> failure:s23_lib.c:190:
>
> Apparently IE does not accept the cert of the server, but I can see the
> CA in the IE list of CA.
>
> Is this normal? Would a higher version of IE (4.x for instance) react
> the same? Did I forgot something?
>
> Thanks for your help.
>
> Eric D.
> +-------------------------------------------------------------------------
> +
> | Administrative requests should be sent to [EMAIL PROTECTED]
> |
> | List service provided by Open Software Associates, http://www.osa.com/
> |
> +-------------------------------------------------------------------------
> +
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
