Client SSL authentication on Apache + mod_ssl

2006-06-30 Thread modssl 
I am required to have our apache server using PKI client authentication
by the end of July.

I have set up a test server with the latest and greatest

Apache/2.2.2 (Unix)
mod_ssl/2.2.2
OpenSSL/0.9.7

I have set up a ssl.conf using

SSLVerifyClient require
SSLVerifyDepth  10

and populated a CA certification file and enabled

SSLCACertificateFile /usr/local/apache2/conf/dod_ca_bundle.crt

On start the logs (set to debug) show the dod_ca_bundle.crt file being
read in properly

-- log output begin -
ssl_engine_init.c(405): Creating new SSL context (protocols: SSLv2,
SSLv3, TLSv1)
ssl_engine_init.c(538): Configuring client authentication
ssl_engine_init.c(1113): CA certificate: /C=US/O=U.S.
Government/OU=DoD/OU=PKI/CN=DOD CLASS 3 CA-10
ssl_engine_init.c(1113): CA certificate: /C=US/O=U.S.
Government/OU=DoD/OU=PKI/CN=DoD CLASS 3 Root CA
ssl_engine_init.c(601): Configuring permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
-- log output end -

However, when attempting to connect with IE nothing is returned. The
pertinent log out looks like

-- log output begin -
ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
ssl_engine_io.c(1775): OpenSSL: read 11/11 bytes from BIO#918b100 [mem:
9192780] (BIO dump follows)
:
:
ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A
ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write server hello A
ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write certificate A
ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write certificate
request A
ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data
-- log output end -

Looks like the next line indicates a problem:

-- log output begin -
ssl_engine_io.c(1786): OpenSSL: I/O error, 5 bytes expected to read on
BIO #918b100 [mem: 9192780]
ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client
certificate A
ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv3 read client
certificate A
[client 157.187.160.114] (70014)End of file found: SSL handshake
interrupted by system [Hint: Stop button pressed in browser?!]
-- log output end -

Any help with this problem would be greatly appreciated.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Jean-Pierre Guilloteau est absent.

2006-06-30 Thread jpguilloteau 




Je serai absent(e) du  01/07/2006 au 24/07/2006.

Je répondrai à votre message dès mon retour.
Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88.
Cordialement.

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]