On Tue, 4 Dec 2001, Dario Prester wrote:
> I think that the generation/configuration of certificates should be OK.
Don't _think_ it's okay--VERIFY!!! ("It's not what don't know that hurts
you, but what you _know_ is absolutely for sure true--but it ain't!" Or:
"To assume makes an ass out of u and me.")
> The "verify error" that I get on "openssl s_client" should not stop the
> handshake. It seems a decrypt error
Whoaaa! You skipped over two prior error messages: "unable to get local
issuer certificate", and "certificate not trusted". Do you suppose that
if you couldn't get the thing that was supposed to be decrypted the
decrypt process just might have a tiny little problem? So go back and
figure out why you're getting the _first_ error.
And on what basis do you assume that a verify error "should" (aarrghh!)
not stop the handshake? Consider that part of the handshake just might be
verification of credentials.
You should also consider why you got zero bytes of entropy--read the
documentation.
=== JJ =============================================================
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
