[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: mod_ssl - client certificates broken after yum update of openssl
From: Nelson <reply2nelson () yahoo ! com>
Date: 2014-06-18 19:20:54
Message-ID: 1403119254.15472.YahooMailBasic () web161301 ! mail ! bf1 ! yahoo ! com
[Download RAW message or body]
--------------------------------------------
On Wed, 6/18/14, Viktor Dukhovni <openssl-users@dukhovni.org> wrote:
Subject: Re: mod_ssl - client certificates broken after yum update of openssl
To: openssl-users@openssl.org
Date: Wednesday, June 18, 2014, 11:08 AM
On Wed, Jun 18, 2014 at
07:07:25AM -0700, Nelson wrote:
> Apache was upgraded with openssl as well
as mod_ssl.
You need to
read the documentation, release notes, ... and determine
any changes in policy or supported algorithms
in the updated release.
My
best guess is that this release objects to MD5 signatures
in
certificates. Another possibility is
that using a FIPS-capable
OpenSSL in FIPS
mode (this too disables MD5 I think...).
> Haven't ever tested a certificate
before, but I tried:
>
> openssl s_server -accept 7569
-cert /home/ssl/client-cert.pem -key
/home/ssl/client-key.pem -CAfile /home/ssl/ca_master
You need to use either the
"-verify" or the "-Verify" option to
request or demand client certificates. The
sever should be using
the server
certificate, not the client certificate.
Then use s_client with a suitable
certificate.
>
Signature Algorithm: md5WithRSAEncryption
MD5 could be the issue.
--
VIktor.
Viktor,
I wanted to thank you for your help. Amazon updated their respository once they \
realized they broke everyone.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic