[BugDB] client authentication (PR#567)

modssl-bugdb Thu, 24 May 2001 13:31:14 -0700
Full_Name: R.Chu
Version: mod_ssl-2.7.1-1.3.14
OS: Redhat Linux 7.0
Submission from: (NULL) (61.187.56.10)


I have installed mod_ssl-2.7.1-1.3.14 with apache_1.3.14 and 
openssl-0.9.6a successfully. Now I want to get client authentication,
I modified the httpd.conf as this:

SSLVerifyClient require
SSLVerifyDepth  1
SSLCACertificatePath /usr/apache-ssl/conf/ssl.crt
SSLCACertificateFile /usr/apache-ssl/conf/ssl.crt/ca.crt

Of course, I have made a personal certificate(.p12) and put it into 
my Internet Explorer, the certificate of my own CA is also available.
But when I test it, the connection interrupt after I choose the personal
certificate from IE.
This is my log file of apache:

[root@grid96 logs]# more ssl_engine_log
......
[22/May/2001 10:26:05 27437] [info]  Connection to child 0 established (server
grid96:443, client 172.26.20.187)
[22/May/2001 10:26:05 27437] [info]  Seeding PRNG with 1160 bytes of entropy
[22/May/2001 10:26:05 27437] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?] (OpenSSL library error follows)
[22/May/2001 10:26:05 27437] [info]  OpenSSL: error:0200100D:system
library:fopen:Permission denied
[22/May/2001 10:26:05 27437] [info]  OpenSSL: error:20074002:BIO
routines:FILE_CTRL:system lib
[22/May/2001 10:26:05 27437] [info]  OpenSSL: error:0B06F002:x509 certificate
routines:X509_load_cert_file:system lib
[22/May/2001 10:26:07 27441] [info]  Connection to child 4 established (server
grid96:443, client 172.26.20.187)
[22/May/2001 10:26:07 27441] [info]  Seeding PRNG with 1160 bytes of entropy
[22/May/2001 10:26:07 27441] [error] Certificate Verification: Error (26):
unsupported certificate purpose
[22/May/2001 10:26:07 27441] [info]  Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?] (OpenSSL library error follows)
[22/May/2001 10:26:07 27441] [info]  OpenSSL: error:0200100D:system
library:fopen:Permission denied
[22/May/2001 10:26:07 27441] [info]  OpenSSL: error:20074002:BIO
routines:FILE_CTRL:system lib
[22/May/2001 10:26:07 27441] [info]  OpenSSL: error:0B06F002:x509 certificate
routines:X509_load_cert_file:system lib
[22/May/2001 10:26:07 27441] [info]  OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

I do not know what's the wrong with it, would you please tell me? Thanks a lot!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
[BugDB] client authentication (PR#567)

Reply via email to
