Re: Please help while I still have some hair left :)

Wed, 14 Jul 1999 10:24:46 -0700 

On Mon, Jul 12, 1999, Jeremy Beker wrote:
> 
>       I am at my wits end on this one.  I have been running Apache+mod_ssl
> now for quite a while with no problems.  The version I have been running
> is Apache 1.3.6 with mod_ssl 2.2.6 as well as PHP.  It has been running
> flawlessly with my configuration of several IP based VHosts most of
> which are running SSL alongside standard HTTP.  Two of them are doing
> SSL3 (client auth).
>       Now I recently decided to upgrade to the latest mod_ssl (2.3.5).  The
> compile went fine and I installed the new binary.  But when I start my
> server up, *ONE* (not both) of the SSL3 sites has the following error in
> the log file:
> 
> [warn]  Init: Ops, you want to request client authentication, but no CAs
> are known for verification!? [Hint: SSLCACertificate*]
> 
> ????
> 
>       What is going on here!?!?  The VirtualHost section for this server does
> have a SSLCACertficateFile entry.  And it worked perfectly fine for
> months with mod_ssl version 2.2.6 (and still does when I put the old
> binary back in). I didn't change the httpd.conf one bit.
>       I have tried everything I can think of.  The two SSL3 VirtualHosts have
> exactely the same configs (except for key files, ServerName, etc), yet
> one of them doesn't work.  I have swapped their position in the
> httpd.conf file so order does not appear to matter.  
>       I want to upgrade the server, but I can't do so unless all of the
> VHosts work.  I will be in debt to anyone who can help on this one.

This is a new consistency check. When it fails, it means that mod_ssl has not
CA certificates found. Why, that's the other question. But at least when this
check wouldn't stop your stuff might not work. Actually the check looks at the
CA list stack which was build by ssl_init_FindCAList().  So it seems this
function doesn't find anything for you.  It would be fine when you can trace
down this function and find out why it doesn't why any CA certs for you.

                                       Ralf S. Engelschall
                                       [EMAIL PROTECTED]
                                       www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to