You dont need the hash link for the SSLCACertificateFile just put the real filename in.
Also are you using a root and intermediate cert, then add "SSLVerifyDepth 2". Upgrading may be a good idea but I have "Apache/2.0.48 (Unix) mod_ssl/2.0.48 OpenSSL/0.9.7c" running with client cert auth. But then thats RH on i386 (custom compile). SSLCACertificateFile /etc/grid-security/certificates/33b4aee4.0 SSLVerifyClient require --- Fulvio LAZ <[EMAIL PROTECTED]> wrote: > > > First of all does it work if you comment the > > "SSLVerifyClient require" > > directive out. Also do you get a core file and > can > > you do a backtrace in gdb (with lib info)? > > > > Regards > > Matt > > > > > Dear Matt, thanks for your reply > > If I set "SSLVerifyClient optional" (or comment it) > apache work but client CA aren't send to my > server (I need client distinguished name) > > If I set "LogLevel debug" and "SSLVerifyClient > require" I can see into "error_log": > > [info] Server built: Mar 16 2004 15:30:28 > [debug] prefork.c(1037): AcceptMutex: pthread > (default: pthread) > [notice] child pid 18934 exit signal Segmentation > fault (11) > > and into "ssl_error_log" > [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: > SSLv3 read client hello A > [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: > SSLv3 write server hello A > [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: > SSLv3 write certificate A > [debug] ssl_engine_kernel.c(1170): handing out > temporary 1024 bit DH key > [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: > SSLv3 write key exchange A > [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: > SSLv3 write certificate request A > [debug] ssl_engine_kernel.c(1786): OpenSSL: Loop: > SSLv3 flush data > [debug] ssl_engine_io.c(1499): OpenSSL: read 5/5 > bytes from BIO#818ab68 [mem: 81921e8] (BIO dump > follows) > > [debug] > ssl_engine_io.c(1446): > +------------------------------+ > > > [debug] ssl_engine_io.c(1471): | 0000: 16 03 00 04 > c9 | > > [debug] > ssl_engine_io.c(1477): > +------------------------------+ > > > [debug] > ssl_engine_io.c(1499): OpenSSL: read 1225/1225 bytes > from BIO#818ab68 [mem: 81921ed] (BI > O dump follows) > ............. > ............. > > > > > > > > ____________________________________________________________ > Yahoo! Companion - Scarica gratis la toolbar di > Ricerca di Yahoo! > http://companion.yahoo.it > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) > www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager > [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
