Thank you it is a powerful tools to debug (redirect, etc)
I send to you the response I get, I am not capable to analyse the SSL sequence.
Is it a normal sequence ?
Seeing this can we deduce the session cache work fine ?
In this example, I have only ask for one page, I have not browsed into my site so can we deduce anything from this example ?
Is it possible to browse into a site with ssl_client (see cookie and session pb) ?
thank you
--xj
CONNECTED(00000003)
---
Certificate chain
0 s:/C=FR/O=CNRS/OU=UPS836/CN=intranet.stic.cnrs.fr/[EMAIL PROTECTED]
i:/C=FR/O=CNRS/CN=CNRS-Standard
1 s:/C=FR/O=CNRS/CN=CNRS-Standard
i:/C=FR/O=CNRS/CN=CNRS
2 s:/C=FR/O=CNRS/CN=CNRS
i:/C=FR/O=CNRS/CN=CNRS
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEfzCCA2egAwIBAgICAvUwDQYJKoZIhvcNAQEEBQAwNDELMAkGA1UEBhMCRlIx
DTALBgNVBAoTBENOUlMxFjAUBgNVBAMTDUNOUlMtU3RhbmRhcmQwHhcNMDIwNjI0
MDcwODIyWhcNMDQwNjI0MDcwODIyWjB5MQswCQYDVQQGEwJGUjENMAsGA1UEChME
-- zip --
p1vfh+sI/gmyoV5Fpx3cQ1ZhS6PsFxHmhe6bnQSbyOJjVmtvR7qx7iAZuo3+NE8o
bNsDnc7NQrDxOts5mYQugiPpNwW+CS7Yj8uuXFPkF/G4pBPBRooiwoJ6o5X6CZi5
uYKp
-----END CERTIFICATE-----
subject=/C=FR/O=CNRS/OU=UPS836/CN=intranet.stic.cnrs.fr/[EMAIL PROTECTED]
issuer=/C=FR/O=CNRS/CN=CNRS-Standard
---
Acceptable client certificate CA names
/C=FR/O=CNRS/CN=SSI
/C=FR/O=CNRS/CN=CNRS
/C=FR/O=CNRS/CN=Datagrid-fr
/C=FR/O=CNRS/CN=CNRS-Projets
/C=FR/O=CNRS/CN=CNRS-Standard
/[EMAIL PROTECTED]/CN=CNRS-Test/OU=UREC/O=CNRS/C=FR
/C=FR/O=CNRS/CN=CNRS-Plus
---
SSL handshake has read 3873 bytes and written 3551 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 279FCDC4C400A75AE70E85755781EAA6F39429D8FC22AE69B6F95D982020F5DFAD6DF5B552DF21FE7DB23CC7FC09EE1A
Key-Arg : None
Start Time: 1067509174
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 0F8D50DBEAE85A067D6A631609D5728CE9AA91F7052E39115481D6787478124CC43B290C4D164F858FBC2F44103F8C2A
Key-Arg : None
Start Time: 1067509174
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key: C04F385EFFBC7FE29AB3503C3A55F264D5EB42D33F5AD15D988E7E030E3E2D0A61BBF9540CD2CDFEF139A23F23656E42
Key-Arg : None
Start Time: 1067509174
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 0FBF55C5A75525AC4DE0A508D984DAAFD046C38C251744F4546358747FFD7527BD88A6F5B5B2258DD8D99BD4F04D6227
Key-Arg : None
Start Time: 1067509174
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 1FA07645E42886ED343D5C7B7BA722675B35E298AC48791D981784FFE2F640914D7BDBE0ADD184DEE104C4BDDC251494
Key-Arg : None
Start Time: 1067509174
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
drop connection and then reconnect
CONNECTED(00000003)
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 72B0D603F01C3416E2B39C650E7359B1123E959F49D54EB4654A9F26CF666089DDB071D305CF267FDB95E6B3210DD9B3
Key-Arg : None
Start Time: 1067509174
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Bienvenue sur l'Intranet du département STIC du CNRS</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1170" name=GENERATOR>
<link rel="stylesheet" href="" type="text/css">
</HEAD>
<BODY bgColor=#ffffff leftMargin=0 topMargin=0 MARGINHEIGHT="0" MARGINWIDTH="0">
My HTML page
</BODY></HTML>closed
Mads Toftum a écrit:
On Thu, Oct 30, 2003 at 09:24:04AM +0100, xavier jeannin wrote:24359:error:14094413:SSL routines:SSL3_READ_BYTES:sslv3 alert unsupported certificate:s3_pkt.c:1031:SSL alert number 43 24359:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:514:I am sorry but I do not understand the response. I am sure that my cert is valid, my private key too, and my cafile too. Do you know where I can read documentation that explain the error message ? perhaps it is a bad used of openssl client.openssl s_client expects the certificate and key to be in PEM format - openssl x509 -in cert.crt -inform DER -out cert.pem -outform PEM vh Mads Toftum
-- _____________________________________________________________________________________________ Xavier Jeannin UREC/CNRS Université P. & M. Curie, Courrier : case 171, 4 place Jussieu 75252 PARIS CEDEX 05 Tél : 01 44 27 42 59 - Fax : 01 44 27 42 61 - Courriel : [EMAIL PROTECTED]