Nelson B wrote:
Steve Parkinson wrote:
To verify this, you might want to turn on SSL Tracing. Use a debug build
of NSS, and then run with the env variable SSLTRACE set to, say 100. It
will spit out tons of debug info - search for the string
'Request-Certificate', which indicates the server is asking for the
client's certificate.
I think a much simpler initial step is to use ssltap to capture the
connections and their SSL handshakes. Most of the time that will show
an obvious problem with the request coming from the server. In the case
where it seems the server did well, and the mystery is why the client
didn't respond to it, then it may be time to try SSLTRACE. But that's
not the first tool I'd use.
My reasoning was that if the server WAS sending the Request-Certificate
message, that might be encrypted, and thus not visible to ssltap, so
Mike might wrongly conclude that the server was misconfigured.
Its certainly good to be familiar with all these methods for debugging.
Steve
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
