Hello,
In a host where client certificate is optional and in some directories
requirement. Server is SNI, and this configuration works fine before
SNI.
VirtualHost *:443
SSLVerifyClient optional
Location /certrequirement
SSLVerifyClient require
/Location
...
I use SNI client (firefox) with client certificate that works on optional
locations but do not in certrequirement location.
[info] Initial (No.1) HTTPS request received for child 5 (server
www.1pc.es:443)
[debug] ssl_engine_kernel.c(487): [client 192.168.1.40] Changed client
verification type will force renegotiation, referer: http:
[info] [client 192.168.1.40] Requesting connection re-negotiation, referer:
http://www.1pc.es/
[debug] ssl_engine_kernel.c(724): [client 192.168.1.40] Performing full
renegotiation: complete handshake protocol, referer: http
[debug] ssl_engine_kernel.c(1861): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSL renegotiate ciphers
[debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 write hello request A
[debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 flush data
[debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: SSLv3 write hello request C
[info] [client 192.168.1.40] Awaiting re-negotiation handshake, referer:
http://www.1pc.es/
[debug] ssl_engine_kernel.c(1861): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1869): OpenSSL: Loop: before accept initialization
[debug] ssl_engine_io.c(1873): OpenSSL: read 5/5 bytes from BIO#7f4325589ef0
[mem: 7f4325577083] (BIO dump follows)
[debug] ssl_engine_kernel.c(1874): OpenSSL: Read: SSLv3 read client hello B
[debug] ssl_engine_kernel.c(1893): OpenSSL: Exit: failed in SSLv3 read client
hello B
[error] [client 192.168.1.40] Re-negotiation handshake failed: Not accepted
by client!?, referer: http://www.1pc.es/
openssl-1.0.0-0.13.beta4.fc12.x86_64
httpd-2.2.14-1.fc12.x86_64
mod_ssl-2.2.14-1.fc12.x86_64
Anyone knows where is the problem?
Why do not work in required, and do the job in optional?
--
http://www.1pc.es/
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Managermajord...@modssl.org