Hi,
I'm running mod_ssl-2.6.4-1.3.12, and trying to do SSLV3 client
authentication. I got this message in the logs:-
[29/Jun/2000 12:58:14 14675] [trace] Certificate Verification: depth: 0,
subject: /C=MY/G=Shaharir/S=Syahrul Sazli
/UID=\x13\x0C740627105505/CN=Syahrul Sazli Bin
[EMAIL PROTECTED]/SN=6034201300000933,
issuer: /C=MY/O=Digicert Sdn Bhd/CN=DIGISIGN iVEST BASIC V1
[29/Jun/2000 12:58:14 14675] [error] Certificate Verification: Error
(26): unsupported certificate purpose
[29/Jun/2000 12:58:14 14675] [trace] OpenSSL: Write: SSLv3 read client
certificate B
[29/Jun/2000 12:58:14 14675] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate B
[29/Jun/2000 12:58:14 14675] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate B
[29/Jun/2000 12:58:14 14675] [error] SSL handshake failed (server
webmail.mimos.my:443, client 192.228.129.17) (OpenSSL library error
follows)
[29/Jun/2000 12:58:14 14675] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
Relevant configs:-
SSLCertificateFile /mimosmail/httpd/ssl.crt/Webmail.crt
SSLCertificateKeyFile /mimosmail/httpd/ssl.key/server.key
SSLCACertificateFile /mimosmail/httpd/ssl.crt/ivest.crt
SSLVerifyClient optional
SSLVerifyDepth 10
Running openssl x509 -text -in on the CA certificate looks fine (CA has
CA:TRUE, pathlen:0 in the x509v3 basic constraints section). Would
appreciate any pointers.
Thanks! :)
--sazli
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
