I've checked out the archives and seen some things that sounded similar
but nothing quite exactly like what I'm experiencing. My set up is:
apache - 1.3.9
mod_ssl - 2.4.7
openssl - 0.9.4
php - 3.0.12
I am currently trying to use a dummy certificate.
I compiled and installed just like the instructions at the end of the
mod_ssl/INSTALL doc. Standard http is served just fine, but when trying
to make a secure connection Netscape returns:
"SSL has received an error from the server indicating an incorrect
Message Authentication Code. This code indicate a network error, a bad
server implementation, or a security violation."
I've set my SSLLogLevel equal to trace and here is the output (time is
squished to make it a bit more readable).
[info] Server: Apache/1.3.9, Interface: mod_ssl/2.4.7, Library:
OpenSSL/0.9.4
[info] Init: 1st startup round (still not detached)
[info] Init: Initializing OpenSSL library
[info] Init: Loading certificate & private key of SSL-aware server
entropy.valinux.com:443
[trace] Init: (foobar.valinux.com:443) unencrypted RSA private key -
pass phrase not required
[info] Init: 2nd startup round (already detached)
[info] Init: Reinitializing OpenSSL library
[trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0,
removed: 0
[info] Init: Seeding PRNG with 8 bytes of entropy
[info] Init: Generating temporary RSA private keys (512/1024 bits)
[info] Init: Configuring temporary DH parameters (512/1024 bits)
[info] Init: Initializing (virtual) servers for SSL
[info] Init: Configuring server foobar.valinux.com:443 for SSL protocol
[trace] Init: (foobar.valinux.com:443) Creating new SSL context
(protocols: SSLv2, SSLv3, TLSv1)
[trace] Init: (foobar.valinux.com:443) Configuring RSA server
certificate
[warn] Init: (foobar.valinux.com:443) RSA server certificate CommonName
(CN) `www.snakeoil.dom' does NOT match server name!?
[trace] Init: (foobar.valinux.com:443) Configuring RSA server private
key
[info] Connection to child 1 established (server
foobar.valinux.com:443, client 209.81.8.137)
[trace] Seeding PRNG with 1032 bytes of entropy
[trace] OpenSSL: Handshake: start
[trace] OpenSSL: Loop: before/accept initialization
[trace] OpenSSL: Loop: SSLv3 read client hello A
[trace] OpenSSL: Loop: SSLv3 write server hello A
[trace] OpenSSL: Loop: SSLv3 write certificate A
[trace] OpenSSL: Loop: SSLv3 write server done A
[trace] OpenSSL: Loop: SSLv3 flush data
[trace] OpenSSL: Loop: SSLv3 read client key exchange A
[trace] OpenSSL: Write: SSLv3 read certificate verify A
[trace] OpenSSL: Exit: error in SSLv3 read certificate verify A
[trace] OpenSSL: Exit: error in SSLv3 read certificate verify A
[error] SSL handshake failed (server foobar.valinux.com:443, client
209.81.8.137) (OpenSSL library error follows)
[error] OpenSSL: error:0407106B:rsa
routines:RSA_padding_check_PKCS1_type_2:block type is not 02
[error] OpenSSL: error:04065072:rsa
routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed
[error] OpenSSL: error:1408F071:SSL routines:SSL3_GET_RECORD:bad mac
decode
If anyone has any thoughts or tips on the matter I'd greatly appreciate
them. I've not had this problem before, but I've never used this
combination of versions either. I'm I just missing something stupid or
is a genuine problem?
Robert
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
