yes i can correctly verify the certificate of the client on the client's browser. Furthermore, i've managed to connect successfully to an apache 1.3.23 with the same client certificate. i guess it's best to ask modssl-users. thank you for your interest Michael. mahmut.
-----Original Message----- From: Michael Bell [mailto:[EMAIL PROTECTED] Sent: Thursday, March 04, 2004 1:50 PM To: [EMAIL PROTECTED] Subject: Re: [Openca-Users] SSLVerifyClient error Hi, first the best thing is to write to OpenSSL-users or modssl-users. They are much more familiar with the common apache problems. Mahmut Eren wrote: > If I turn off the SSLVerifyClient parameter everything works fine. But > when I turn on SSLVerifyClient as "SSLVerifyClient require" , the client > (IE,mozilla) can not connect to server. > and apache logs the following for every attempt: > [Wed Mar 03 12:57:37 2004] [notice] child pid 22462 exit signal Segmentation > fault (11) Looks like a software bug because of the segfault. A segfault is a good reason to contact the developers of mod_ssl. BTW does you installed the client certificate and the complete chain on the client's browser and can you correctly verify the certificate of the client on the client's browser? > [Wed Mar 03 13:06:18 2004] [debug] ssl_engine_io.c(1495): OpenSSL: I/O error, 5 > bytes expected to read on BIO#82e1738 [mem: 82d2530] > [Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1803): OpenSSL: Exit: error > in SSLv3 read client certificate A > [Wed Mar 03 13:06:18 2004] [debug] ssl_engine_kernel.c(1803): OpenSSL: Exit: error > in SSLv3 read client certificate A > [Wed Mar 03 13:06:18 2004] [info] (70014)End of file found: SSL handshake > interrupted by system [Hint: Stop button pressed in browser?!] This is the end of the stopped connection. After this a new (successful?) handshake starts. Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users ==========================================================- Bu e-posta sadece yukarida isimleri belirtilen kisiler arasinda özel haberlesme amacini tasimaktadir. Size yanlislikla ulasmissa lütfen gönderen kisiyi bilgilendiriniz ve mesaji sisteminizden siliniz. Turkiye Cumhuriyet Merkez Bankasi A.S. bu mesajin icerigi ile ilgili olarak hicbir hukuksal sorumlulugu kabul etmez. This e-mail communication is intended for the private use of the people named above. If you received this message in error, please immediately notify the sender and delete it from your system. The Central Bank of The Republic of Turkey does not accept legal responsibility for the contents of this message. ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
