Ok Sorry I correct my mistake so now I  can connect  with SSL Client and get my HTML Page.
Thank you it is a powerful tools to debug (redirect, etc)

I send to you the response I get, I am not capable to analyse the SSL sequence.
Is it a normal sequence ?
Seeing this can we deduce the session cache work fine ?
In this example, I have only ask for one page, I have not browsed into my site so can we deduce anything from this example ?
Is  it possible to browse into a site with ssl_client (see cookie and session pb) ?

thank you
--xj
 
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=FR/O=CNRS/OU=UPS836/CN=intranet.stic.cnrs.fr/[EMAIL PROTECTED]
   i:/C=FR/O=CNRS/CN=CNRS-Standard
 1 s:/C=FR/O=CNRS/CN=CNRS-Standard
   i:/C=FR/O=CNRS/CN=CNRS
 2 s:/C=FR/O=CNRS/CN=CNRS
   i:/C=FR/O=CNRS/CN=CNRS
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEfzCCA2egAwIBAgICAvUwDQYJKoZIhvcNAQEEBQAwNDELMAkGA1UEBhMCRlIx
DTALBgNVBAoTBENOUlMxFjAUBgNVBAMTDUNOUlMtU3RhbmRhcmQwHhcNMDIwNjI0
MDcwODIyWhcNMDQwNjI0MDcwODIyWjB5MQswCQYDVQQGEwJGUjENMAsGA1UEChME
-- zip --
p1vfh+sI/gmyoV5Fpx3cQ1ZhS6PsFxHmhe6bnQSbyOJjVmtvR7qx7iAZuo3+NE8o
bNsDnc7NQrDxOts5mYQugiPpNwW+CS7Yj8uuXFPkF/G4pBPBRooiwoJ6o5X6CZi5
uYKp
-----END CERTIFICATE-----
subject=/C=FR/O=CNRS/OU=UPS836/CN=intranet.stic.cnrs.fr/[EMAIL PROTECTED]
issuer=/C=FR/O=CNRS/CN=CNRS-Standard
---
Acceptable client certificate CA names
/C=FR/O=CNRS/CN=SSI
/C=FR/O=CNRS/CN=CNRS
/C=FR/O=CNRS/CN=Datagrid-fr
/C=FR/O=CNRS/CN=CNRS-Projets
/C=FR/O=CNRS/CN=CNRS-Standard
/[EMAIL PROTECTED]/CN=CNRS-Test/OU=UREC/O=CNRS/C=FR
/C=FR/O=CNRS/CN=CNRS-Plus
---
SSL handshake has read 3873 bytes and written 3551 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 279FCDC4C400A75AE70E85755781EAA6F39429D8FC22AE69B6F95D982020F5DFAD6DF5B552DF21FE7DB23CC7FC09EE1A
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 0F8D50DBEAE85A067D6A631609D5728CE9AA91F7052E39115481D6787478124CC43B290C4D164F858FBC2F44103F8C2A
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: C04F385EFFBC7FE29AB3503C3A55F264D5EB42D33F5AD15D988E7E030E3E2D0A61BBF9540CD2CDFEF139A23F23656E42
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 0FBF55C5A75525AC4DE0A508D984DAAFD046C38C251744F4546358747FFD7527BD88A6F5B5B2258DD8D99BD4F04D6227
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 1FA07645E42886ED343D5C7B7BA722675B35E298AC48791D981784FFE2F640914D7BDBE0ADD184DEE104C4BDDC251494
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID:
    Session-ID-ctx:
    Master-Key: 72B0D603F01C3416E2B39C650E7359B1123E959F49D54EB4654A9F26CF666089DDB071D305CF267FDB95E6B3210DD9B3
    Key-Arg   : None
    Start Time: 1067509174
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Bienvenue sur l'Intranet du département STIC du CNRS</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1170" name=GENERATOR>
<link rel="stylesheet" href="" type="text/css">
</HEAD>
<BODY bgColor=#ffffff leftMargin=0 topMargin=0 MARGINHEIGHT="0" MARGINWIDTH="0">
My HTML page
</BODY></HTML>closed



Mads Toftum a écrit:
On Thu, Oct 30, 2003 at 09:24:04AM +0100, xavier jeannin wrote:
  
24359:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert 
unsupported certificate:s3_pkt.c:1031:SSL alert number 43
24359:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake 
failure:s3_pkt.c:514:

I am sorry but I do not understand the response. I am sure that my cert 
is valid, my private key too, and my cafile too.
Do you know where I can read documentation that explain the error 
message ? perhaps it is a bad used of openssl client.
    

openssl s_client expects the certificate and key to be in PEM format -

openssl x509 -in cert.crt -inform DER -out cert.pem -outform PEM

vh

Mads Toftum
  

-- 
_____________________________________________________________________________________________
Xavier Jeannin
UREC/CNRS Université P. & M. Curie, Courrier : case 171, 4 place Jussieu 75252 PARIS CEDEX 05
Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 - Courriel : [EMAIL PROTECTED]

Reply via email to