On Mon, May 21, 2012 at 5:21 AM, Bernhard Thalmayr
<[email protected]> wrote:
> Hi Wan-Teh, Nelson, could it be that this error is also raised by the client
> if the client can not 'participate' in ssl client-auth?
Yes, this is possible.
> Unfortunately I only got a text-output of 'ssldump', not sure if this is
> would be helpful.
>
> The end of the handshake shows ...
>
> 1a0: f3 6e fc 04 ab 79 e1 13 | .n...y..
> 0: 0d 00 2b 36 | ..+6
> type = 13 (certificate_request)
> length = 11062 (0x002b36)
> CertificateRequest {
> certificate types[3] = { 01 02 40 }
> certificate_authorities[11056] = {
>
> <<<<<....List Truncated....>>>>>
>
> }
> }
> 0: 0e 00 00 00 | ....
> type = 14 (server_hello_done)
> length = 0 (0x000000)
> }
> }
> ]
This shows a client certificate was requested.
> --> [
> (7 bytes of 2)
> SSLRecord { [Mon May 14 13:25:27 2012]
> 0: 15 03 00 00 02 | .....
> type = 21 (alert)
> version = { 3,0 }
> length = 2 (0x2)
> fatal: bad_certificate
> 0: 02 2a | .*
> }
The -> arrow is from client to server. As Nelson said, most likely
the public key in the server's certificate is bad.
Wan-Teh
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
