SSL3_GET_CLIENT_CERTIFICATE:no certificate returned : ERROR HELP

[Hisham Aziz]

From: "Hisham Aziz" <[EMAIL PROTECTED]>
Reply-To: openssl-dev@openssl.org
To: openssl-dev@openssl.org
Subject: OpenVPN with Aladdin smartcards
Date: Thu, 17 May 2007 13:27:54 -0400


OK having a problem with the vpn tunnel with double authentication. It seems 
that the server is not getting the client certificate somehow.

This is what is on the E-token
*************************************************
C:\PKI\WC\NSIS>openvpn --show-pkcs11-objects eTpkcs11.dll 0
PIN:
Token Information:
       label:          eToken
       manufacturerID: Aladdin Knowledge Systems Ltd.
       model:          eToken CardOS/M4
       serialNumber:   46fbd014
       flags:          0000000d

You can access this token using
--pkcs11-slot-type "label" --pkcs11-slot "eToken" options.

The following objects are available for use with this token.
Each object shown below may be used as a parameter to
--pkcs11-id-type and --pkcs11-id options.

Object
       Type:                   Private Key
       CKA_ID:
               06
       CKA_LABEL:              Default
       CKA_SIGN:               TRUE
       CKA_SIGN_RECOVER:       TRUE
Object
       Type:                   Certificate
       CKA_ID:
               06
       CKA_LABEL:
       subject:                /CN=Hisham 
Aziz/OU=CNS/O=UTORCertAuth/L=TO/ST=ON
/C=CA
       serialNumber:           0F
       notBefore:              070510134745Z

***********************************

AND this is my client config file.
;pull
client

dev tun
proto udp

remote 128.100.103.211

port 1194
resolv-retry infinite

nobind

;persist-key
;persist-tun
;ns-cert-type server


;comp-lzo
verb 3


ca "C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt"

pkcs11-providers "C:\\PKI\\WC\\NSIS\\eTpkcs11.dll"
pkcs11-slot-type id
pkcs11-slot 06
pkcs11-id-type id
pkcs11-id 06

***********************************************************

Now I tried sending just the certificate as well with the id-type as the 
subject of the cert. Same result. The resulting error message is
SSL3_GET_CLIENT_CERTIFICATE:no certificate returned

_________________________________________________________________
Windows Live Hotmail is the next generation of MSN Hotmail.  It’s fast, 
simple, and safer than ever and best of all – it’s still free. Try it today! 
www.newhotmail.ca?icid=WLHMENCA146

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           [EMAIL PROTECTED]