[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-ssl
Subject: RE: [apache-ssl] MSIE fail in SSLV3 connection with trusted inter
From: "Slawinski, Robert" <SlawinsR () ncr ! disa ! mil>
Date: 2002-10-04 16:40:23
[Download RAW message or body]
Not to be cold, but this is the Apache-ssl mailing list, not mod-ssl.
So you may not find your answer here that you are looking for. However,
not to be too harsh, I would say to verify IE is correctly set up and
patched as well.
Good Luck
-----Original Message-----
From: Olivier.Baulier@reuters.com [mailto:Olivier.Baulier@reuters.com]
Sent: Friday, October 04, 2002 12:08 PM
To: apache-ssl@lists.aldigital.co.uk
Subject: [apache-ssl] MSIE fail in SSLV3 connection with trusted
intermediate authority.
Apache: httpd-2.0.40
OPenssl: openssl-0.9.6g
With same HTTPS server and same client certificates, all connections from
MSIE have failed, but all NS connections are issued properly.
MSIE with same client certificate, and same trusted intermediate authority
one HTTPS Iplanet server 4 connect properly.
I use SSLV3 Protocol to protect a sub-directory with this setting:
<Location "/cert">
SSLVerifyDepth 2
SSLVerifyClient require
SSLCACertificateFile R:\PDCI\dciweb\Apache2\dciwebca.crt
SSLOptions +ExportCertData +OptRenegotiate
</Location>
Log file with debug setting gives:
God connection with NSE V4.7
[Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1294): Certificate
Verification: depth: 1, subject:
/C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters
Financial SoftWare test authority/Email=catest@reuters.com, issuer:
/C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters
Financial SoftWare test authority/Email=catest@reuters.com
[Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1294): Certificate
Verification: depth: 0, subject:
/C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=RCF
User Authority/Email=rcf-user-ca@reuters.com, issuer:
/C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters
Financial SoftWare test authority/Email=catest@reuters.com
[Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop:
SSLv3 read client certificate A
[Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop:
SSLv3 read client key exchange A
[Mon Sep 30 14:39:24 2002] [debug] ssl_engine_kernel.c(1854): OpenSSL: Loop:
SSLv3 read certificate verify A
Bad connection vith MSIE 6
[Mon Sep 30 14:55:01 2002] [debug] ssl_engine_kernel.c(1294): Certificate
Verification: depth: 1, subject:
/C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=RCF
User Authority/Email=rcf-user-ca@reuters.com, issuer:
/C=FR/ST=France/L=Puteaux/O=Reuters/OU=Reuters Financial SoftWare/CN=Reuters
Financial SoftWare test authority/Email=catest@reuters.com
[Mon Sep 30 14:55:01 2002] [error] Certificate Verification: Error (24):
invalid CA certificate
[Mon Sep 30 14:55:01 2002] [debug] ssl_engine_kernel.c(1864): OpenSSL:
Write: SSLv3 read client certificate B
[Mon Sep 30 14:55:01 2002] [debug] ssl_engine_kernel.c(1883): OpenSSL: Exit:
error in SSLv3 read client certificate B
Best regards
olivier.baulier@reuters.con<Olivier Baulier>
------------------------------------------------------------- ---
Visit our Internet site at http://www.reuters.com
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Reuters Ltd.
----------------------------------------------------------------------------
-------
to unsubscribe, send a blank email to:
apache-ssl-unsubscribe@lists.aldigital.co.uk
-----------------------------------------------------------------------------------
to unsubscribe, send a blank email to: apache-ssl-unsubscribe@lists.aldigital.co.uk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic