Client: Mac OS X 10.5.5 (OpenSSL 0.9.8g 19 Oct 2007)
Server: Astaro Security Gateway (with self-signed certificate)

Background:
This broke months ago and I have never been able to figure out where the problem is. The problem started when I was upgrading this appliance from Version 6 to Version 7 so it was probably coincident with a change to the self-signed certificate.

Description:
When I use a browser or s_client to connect to this security appliance's https management port at 192.168.223.1:4444 from ANY host/ account other than my home desktop, everything works as expected.

When I try from the shell in the problem account, I get this:

$ openssl s_client -connect 192.168.223.1:4444
CONNECTED(00000003)
33303:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

Firefox 3 reports this:
  Data Transfer Interrupted
The connection to 192.168.223.1:4444 was interrupted while the page was loading. The browser connected successfully, but the connection was interrupted while transferring information.
  Please try again.

* Are you unable to browse other sites? Check the computer's network connection. * Still having trouble? Consult your network administrator or Internet provider for assistance.

Safari reports this:
  Safari can’t open the page.

Safari can’t open the page “https://192.168.223.1:4444/” because it couldn’t establish a secure connection to the server “192.168.223.1”.

This only happens when connecting from my account on my host. All other accounts on the problem host can connect just fine. It's as though there's something cached somewhere that is preventing the handshake from succeeding. I don't know if it's in Apple's keychain, though I've tried purging all keychains from this account to no avail.

Is there another per-user certificate cache (or some other server status) somewhere that OpenSSL might be keeping?

I'd love to get this fixed. Having to switch accounts to make changes to the device is pretty inconvenient.

Thanks for any insight.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to