Hello!
I've got a virtual host with SSL. The document root of this server
is configured to do not verify client certificate (SSLVerifyClient none).
But inside this server I've got a directory which requires client
verification (SSLVerifyClient require). When browser requests document
from this directory the connection hangs waiting for reply. In logs I
have:
ssl_log:
[12/Sep/1999 19:34:04] [info] Connection to child 0 established (server
wasyl.dom.pl:443)
[12/Sep/1999 19:34:04] [trace] Seeding PRNG with 1024 bytes of entropy
[12/Sep/1999 19:34:04] [trace] OpenSSL: Handshake: start
[12/Sep/1999 19:34:04] [trace] OpenSSL: Loop: before/accept initialization
[12/Sep/1999 19:34:04] [trace] Inter-Process Session Cache: request=GET status=MISSED
id=5459E553AC1DA8B971D3DB19DCABC6C8 (session renewal)
[12/Sep/1999 19:34:04] [trace] OpenSSL: Loop: SSLv2 read client hello A
[12/Sep/1999 19:34:04] [trace] OpenSSL: Loop: SSLv2 write server hello A
[12/Sep/1999 19:34:04] [trace] OpenSSL: Loop: SSLv2 read client master key A
[12/Sep/1999 19:34:04] [trace] OpenSSL: Loop: SSLv2 server start encryption
[12/Sep/1999 19:34:04] [trace] OpenSSL: Loop: SSLv2 write server verify A
[12/Sep/1999 19:34:04] [trace] OpenSSL: Loop: SSLv2 read client finished A
[12/Sep/1999 19:34:04] [trace] OpenSSL: Loop: SSLv2 write request certificate A
[12/Sep/1999 19:34:04] [trace] OpenSSL: Loop: SSLv2 write server finished A
[12/Sep/1999 19:34:04] [trace] Inter-Process Session Cache: request=SET status=BAD
id=734C6549CCD7E2250B9DB2578337C039 timeout=100s (session caching)
[12/Sep/1999 19:34:04] [trace] OpenSSL: Handshake: done
[12/Sep/1999 19:34:04] [info] Connection: Client IP: 192.168.0.1, Protocol: SSLv2,
Cipher: EXP-RC4-MD5 (40/128 bits)
[12/Sep/1999 19:34:04] [info] Initial (No.1) HTTPS request received for child 0
(server wasyl.dom.pl:443)
[12/Sep/1999 19:34:04] [trace] Changed client verification type will force
renegotiation
[12/Sep/1999 19:34:04] [info] Requesting connection re-negotiation
[12/Sep/1999 19:34:04] [trace] Performing full renegotiation: complete handshake
protocol
[12/Sep/1999 19:34:04] [info] Awaiting re-negotiation handshake
[12/Sep/1999 19:34:04] [trace] OpenSSL: Handshake: start
[12/Sep/1999 19:34:04] [trace] OpenSSL: Loop: before accept initialization
...and when I press stop in the browser:
[12/Sep/1999 19:34:15] [trace] OpenSSL: Exit: failed in SSLv2 read client hello B
[12/Sep/1999 19:34:15] [error] Re-negotiation handshake failed: Not accepted by
client!?
[12/Sep/1999 19:34:15] [trace] OpenSSL: Exit: failed in SSLv2 read client hello B
[12/Sep/1999 19:34:15] [error] SSL error on writing data (OpenSSL library error
follows)
[12/Sep/1999 19:34:15] [error] OpenSSL: error:1407F0E5:SSL routines:SSL2_WRITE:ssl
handshake failure
[12/Sep/1999 19:34:15] [info] Connection to child 0 closed with standard shutdown
(server wasyl.dom.pl:443)
error_log:
[Sun Sep 12 19:34:15 1999] [error] mod_ssl: Re-negotiation handshake failed: Not
accepted by client!?
[Sun Sep 12 19:34:15 1999] [error] mod_ssl: SSL error on writing data (OpenSSL library
error follows)
[Sun Sep 12 19:34:15 1999] [error] OpenSSL: error:1407F0E5:SSL routines:SSL2_WRITE:ssl
handshake failure
Why this doesn't work?
Cheers,
--
[X] Jakub Wasielewski * GB/CA d- s+:+ a23 C++ UBLOC+++ P+ L+++ W++ [X]
[X] aka Wasyl * E--- N++ o? K? w !O !M !V PS+ PE+ Y+ PGP+ [X]
[X] [EMAIL PROTECTED] * t+ 5? X++ R tv- b++ DI? D+ G++ e h r- !z+ [X]
[X][X] http://figaro.ae.katowice.pl/~wasielew [X] Up the Linux ! [X][X]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
