'b-etch: =?koi8-r?b?18/T0NLPydrXxcTFzsnFINDSz8LMxc3Z?= (fwd)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    b-etch: =?koi8-r?b?18/T0NLPydrXxcTFzsnFINDSz8LMxc3Z?= (fwd)
From:       Dmitry Belyavsky <beldmit () cryptocom ! ru>
Date:       2005-11-29 14:32:45
Message-ID: Pine.LNX.4.62.0511291723260.23108 () manul ! lan ! cryptocom ! ru
[Download RAW message or body]

Greetings!

We use openssl 0.9.8a, apache 1.3.34 with mod_ssl 2.8.25 (Debian etch).
The URL we request requires client certificate.

The command is:

zsh% openssl s_client -cipher DHE-DSS-AES256-SHA -cert U_x_dsa_dsaparams.pem/cert.pem \
-key U_x_dsa_dsaparams.pem/seckey.pem -CAfile ca_dsa.pem -connect \
b-etch.vm.cryptocom.ru:444 -ign_eof

The result is:

CONNECTED(00000003)
depth=1 /C=RU/L=Moscow/CN=DSA Test CA/O=Cryptocom/OU=OpenSSL \
CA/emailAddress=vitus@cryptocom.ru verify return:1
depth=0 /C=RU/O=Cryptocom/OU=OpenSSL \
team/CN=b-etch.vm.cryptocom.ru/emailAddress=vitus@cryptocom.ru verify return:1
---
Certificate chain
 0 s:/C=RU/O=Cryptocom/OU=OpenSSL \
team/CN=b-etch.vm.cryptocom.ru/emailAddress=vitus@cryptocom.ru  \
i:/C=RU/L=Moscow/CN=DSA Test CA/O=Cryptocom/OU=OpenSSL \
CA/emailAddress=vitus@cryptocom.ru  1 s:/C=RU/L=Moscow/CN=DSA Test \
CA/O=Cryptocom/OU=OpenSSL CA/emailAddress=vitus@cryptocom.ru  i:/C=RU/L=Moscow/CN=DSA \
                Test CA/O=Cryptocom/OU=OpenSSL CA/emailAddress=vitus@cryptocom.ru
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDMDCCAvCgAwIBAgICAPYwCQYHKoZIzjgEAzCBgDELMAkGA1UEBhMCUlUxDzAN
BgNVBAcTBk1vc2NvdzEUMBIGA1UEAxMLRFNBIFRlc3QgQ0ExEjAQBgNVBAoTCUNy
eXB0b2NvbTETMBEGA1UECxMKT3BlblNTTCBDQTEhMB8GCSqGSIb3DQEJARYSdml0
dXNAY3J5cHRvY29tLnJ1MB4XDTA1MTEyODEzMzUxNVoXDTA2MTEyODEzMzUxNVow
fDELMAkGA1UEBhMCUlUxEjAQBgNVBAoTCUNyeXB0b2NvbTEVMBMGA1UECxMMT3Bl
blNTTCB0ZWFtMR8wHQYDVQQDExZiLWV0Y2gudm0uY3J5cHRvY29tLnJ1MSEwHwYJ
KoZIhvcNAQkBFhJ2aXR1c0BjcnlwdG9jb20ucnUwggG3MIIBLAYHKoZIzjgEATCC
AR8CgYEAyBVEivTrdfcSjI7eva1z9iuzeJphZ3BCkvR3HIEAiDHDZrMLqTjTs/cn
UbfzVsTELUE+OHp6k+GCa1ejqnHEvA2TlofU3kY2KnvCDsbOZkkL1EltnT/Tvrpm
gtMDWZqlJNKTEun5Y7+rvZ7c7WKcd/WDTfNxwQVlczoB+hnkozUCFQCiqb/SJFJ5
CykhPPOQ4eyXad4eTwKBgQCtzKpmgy6+4NEAaVt5qP0CaqqysBTslwdiyzJ7iuc/
SCBpzd2tur4ntBg6X3vPkU7nckJluXUudwc+wvCoXzE6cKAZkUdxEUwVTg8NW2dD
B7FXgMglr0gCWb373wc+f9xlX6zk8g1rKKmgouxk2Cq180Kpqevhk3RV9hWw66bP
bQOBhAACgYAxvt282siMxPPNIJzK/tN8qG11PFfnYLkH94GjKSS30NY8zwnK0W+s
VrsHNyComxnp3MqHLVq+KH/6WAGETwCLtH5FepcRxp+hwib6wki7Kklj1xXx24Kr
Nd0iLSLJovOBrXfWFJrEK31YU/qp7ROS/hSdGORMvc3+9IlUye2LJjAJBgcqhkjO
OAQDAy8AMCwCFCPEhKtJ35S1RhKscutAmmrVSX40AhQEZKhZG1Pg6mTP8kO4CHet
cr4jhA==
-----END CERTIFICATE-----
subject=/C=RU/O=Cryptocom/OU=OpenSSL \
team/CN=b-etch.vm.cryptocom.ru/emailAddress=vitus@cryptocom.ru \
issuer=/C=RU/L=Moscow/CN=DSA Test CA/O=Cryptocom/OU=OpenSSL \
                CA/emailAddress=vitus@cryptocom.ru
---
No client certificate CA names sent
---
SSL handshake has read 2126 bytes and written 247 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-DSS-AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-DSS-AES256-SHA
    Session-ID: E3EAF6401AF1F8157A2653118728FE9A15322C97FDCC8AFCB084326CE1C9C227
    Session-ID-ctx:
    Master-Key: DABB6DC00DA8A621316F9711263F13D9ED8DE59CC6A5F33800A4D7DCE0135132FF8D30148363A33CDF1C978CD4B974E2
  Key-Arg   : None
    Start Time: 1133270656
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
GET /ssl_auth_test.html
depth=1 /C=RU/L=Moscow/CN=DSA Test CA/O=Cryptocom/OU=OpenSSL \
CA/emailAddress=vitus@cryptocom.ru verify return:1
depth=0 /C=RU/O=Cryptocom/OU=OpenSSL \
team/CN=b-etch.vm.cryptocom.ru/emailAddress=vitus@cryptocom.ru verify return:1
4119:error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record \
mac:s3_pkt.c:426:

The bug is reproduced about 4 times from 5.

When I add -ssl3 key to command line, I successfully get the page I
request.

openssl-0.9.7 s_client doesn't get an error anyway.

What's wrong?

Thank you!

--
SY, Dmitry Belyavsky (ICQ UIN 11116575)


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic