Re-negotiation handshake failed: Not accepted by cient!?

Tue, 07 May 2002 10:35:30 -0700 

Hi, I had instaled apache with openssl, modssl and php the  last two as
modules of apache, I had created my own CA certificate, Server
certificate and User certificate, using openssl functions, and i'm
trying to use it for test my server with SSL and i'm loosing hair
rapidly.

I had some problems with the handsake secuence, at first when i load my
secure site everything work, but i been asked for two times for my user
certificate, i don't know for what but if the second time i cancel the
presentation of certificate some of the images of my site don't load. My
page use frames, and everything is keeped in the same page, my images
are simple gifts and there's no diferrence aparently between the images
that load or the ones that not.

I think this could be a problem with the SSL Cache but i had it
activated in my httpd.conf

    SSLSessionCache         dbm:/opt/apache1.3.22/logs/ssl_scache
    SSLSessionCacheTimeout  300

when i start apache i get the two files ssl_cache.dir and ssl_cache.pag,
but i still had to presentate my user certificate for every link that i
use in my site, and every time that i use it. Sometimes witouth aparent
relation with the operations that i had made my netscape closes and i
get in my error_log the next:

[Tue May  7 17:42:39 2002] [error] mod_ssl: Re-negotiation handshake
failed: Not accepted by client!?
[Tue May  7 17:42:39 2002] [error] mod_ssl: SSL error on writing data
(OpenSSL library error follows)
[Tue May  7 17:42:39 2002] [error] OpenSSL: error:1408F071:SSL
routines:SSL3_GET_RECORD:bad mac decode [Hint: Browser still remembered
details of a re-created server certificate?]

I don't know what to do, I'm using SSL_Require sentencies and maybe the
problem be there, I don't know I use the next sintax an i think it's ok

<Directory /opt/apache1.3.22/htdocs>
                SSLVerifyClient require
                SSLVerifyDepth 5
                SSLOptions           +FakeBasicAuth
                SSLRequireSSL
                SSLRequire ( %{SSL_CLIENT_S_DN_O} in {"TEST"} )
</Directory>

Help please, and sorry for the English ...

                    Pako.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to