Mailing List Archive: Apache: Bugs

[Bug 48107] Mutual Authentication: Order in ca-bundle influences if a client certificate is accepted or not

Index | Next | Previous | View Threaded

bugzilla at apache

Nov 2, 2009, 12:05 PM

Post #1 of 6 (292 views)
Permalink

[Bug 48107] Mutual Authentication: Order in ca-bundle influences if a client certificate is accepted or not

https://issues.apache.org/bugzilla/show_bug.cgi?id=48107

Ruediger Pluem <rpluem[at]apache.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO

--- Comment #1 from Ruediger Pluem <rpluem[at]apache.org> 2009-11-02 13:05:02 CET ---
Please set the loglevel to debug and provide the output of the error log during
such a failed handshake.
Does it start working when you reduce your ca-bundle.crt file to just the
certificate blocks (It currently contains comments, clear text certificate data
and further stuff)?
What version of openssl are you using?

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org

bugzilla at apache

Nov 2, 2009, 12:11 PM

Post #2 of 6 (269 views)
Permalink

[Bug 48107] Mutual Authentication: Order in ca-bundle influences if a client certificate is accepted or not [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=48107

--- Comment #2 from Joe Orton <jorton[at]redhat.com> 2009-11-02 12:11:57 UTC ---
This could be bug 46952.

Can you fetch http://people.apache.org/~jorton/pr46952.diff - then

$ patch modules/ssl/ssl_engine_io.c < pr46952.diff

and rebuild?

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org

bugzilla at apache

Nov 3, 2009, 7:21 AM

Post #3 of 6 (260 views)
Permalink

[Bug 48107] Mutual Authentication: Order in ca-bundle influences if a client certificate is accepted or not [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=48107

--- Comment #3 from Wolfgang Draskovic <woldra[at]gmx.de> 2009-11-03 07:21:01 UTC ---
(In reply to comment #1)
> Please set the loglevel to debug and provide the output of the error log during
> such a failed handshake.

see attached error_log

> Does it start working when you reduce your ca-bundle.crt file to just the
> certificate blocks (It currently contains comments, clear text certificate data
> and further stuff)?
We already tried that before but it makes no difference.

> What version of openssl are you using?

openssl version used by apache is 0.9.8f

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org

bugzilla at apache

Nov 3, 2009, 7:22 AM

Post #4 of 6 (259 views)
Permalink

[Bug 48107] Mutual Authentication: Order in ca-bundle influences if a client certificate is accepted or not [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=48107

--- Comment #4 from Wolfgang Draskovic <woldra[at]gmx.de> 2009-11-03 07:22:12 UTC ---
Created an attachment (id=24466)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=24466)
log with failed ssl handshake

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org

bugzilla at apache

Nov 3, 2009, 7:44 AM

Post #5 of 6 (258 views)
Permalink

[Bug 48107] Mutual Authentication: Order in ca-bundle influences if a client certificate is accepted or not [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=48107

Wolfgang Draskovic <woldra[at]gmx.de> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |NEW

--- Comment #5 from Wolfgang Draskovic <woldra[at]gmx.de> 2009-11-03 07:44:00 UTC ---
(In reply to comment #2)
> This could be bug 46952.
>
> Can you fetch http://people.apache.org/~jorton/pr46952.diff - then
>
> $ patch modules/ssl/ssl_engine_io.c < pr46952.diff
>
> and rebuild?

patched and rebuilt apache - no difference.

Regards

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org

bugzilla at apache

Nov 5, 2009, 6:22 AM

Post #6 of 6 (245 views)
Permalink

[Bug 48107] Mutual Authentication: Order in ca-bundle influences if a client certificate is accepted or not [In reply to]

https://issues.apache.org/bugzilla/show_bug.cgi?id=48107

Wolfgang Draskovic <woldra[at]gmx.de> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |woldra[at]gmx.de

--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe[at]httpd.apache.org
For additional commands, e-mail: bugs-help[at]httpd.apache.org

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com