i just tried 0.9.7m, and to no avail. i double checked my certs, i made sure my CA cert on the server is correct, and i am still getting the same error on the server and the browser is giving to "Peer does not recognize and trust the CA that issued your certificate."
thanks, -=- adam grossman On Wed, 2010-01-27 at 17:53 -0500, Brett Schoppert wrote: > I recently had the same issue that was resolved when I changed Apache to use > 0.9.7k. > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Adam Grossman > Sent: Wednesday, January 27, 2010 5:01 PM > To: openssl-users@openssl.org > Subject: renegotiation with client certificate > > hello. > > I am having trouble getting my server renegotiation working with client > certificates. Without certificates, it works fine. The one thing is > that the server initially does not need a client cert, but it does > during renegotiation (a requirement i have that is out of my hands). > > i am using 0.9.7d. > > The server talks to a web browser. This is what i am doing (leaving out > the error handling): > > SSL_set_verify(ssl, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT , > NULL); > SSL_renegotiate(ssl); > SSL_do_handshake(ssl); > ssl->state=SSL_ST_ACCEPT; > SSL_do_handshake(ssl); > > when it renegotiates, the browser says "The site requested you to > identify yourself with a certificate". but then the 2nd handshake gives > the error: > > 1780:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no > certificate returned:s3_srvr.c:2010: > > i even looked at mod_ssl, and it seems to be doing the samething. what > am i missing? > > thanks everyone once again, > -=- adam grossman > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
