Client: Mac OS X 10.5.5 (OpenSSL 0.9.8g 19 Oct 2007)
Server: Astaro Security Gateway (with self-signed certificate)
Background:
This broke months ago and I have never been able to figure out where
the problem is. The problem started when I was upgrading this
appliance from Version 6 to Version 7 so it was probably coincident
with a change to the self-signed certificate.
Description:
When I use a browser or s_client to connect to this security
appliance's https management port at 192.168.223.1:4444 from ANY host/
account other than my home desktop, everything works as expected.
When I try from the shell in the problem account, I get this:
$ openssl s_client -connect 192.168.223.1:4444
CONNECTED(00000003)
33303:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:
Firefox 3 reports this:
Data Transfer Interrupted
The connection to 192.168.223.1:4444 was interrupted while the page
was loading.
The browser connected successfully, but the connection was
interrupted while transferring information.
Please try again.
* Are you unable to browse other sites? Check the computer's
network connection.
* Still having trouble? Consult your network administrator or
Internet provider for assistance.
Safari reports this:
Safari can’t open the page.
Safari can’t open the page “https://192.168.223.1:4444/” because it
couldn’t establish a secure connection to the server “192.168.223.1”.
This only happens when connecting from my account on my host. All
other accounts on the problem host can connect just fine. It's as
though there's something cached somewhere that is preventing the
handshake from succeeding. I don't know if it's in Apple's keychain,
though I've tried purging all keychains from this account to no avail.
Is there another per-user certificate cache (or some other server
status) somewhere that OpenSSL might be keeping?
I'd love to get this fixed. Having to switch accounts to make changes
to the device is pretty inconvenient.
Thanks for any insight.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]