the mod_ssl x log_config extension
I am encountering the following problem with using the %{variable}x LogFormat extension from mod_ssl-2.2.2-1.3.4. When the variable is not defined, for example %{SSL_CLIENT_S_DN}x for an SSL connection that is not authenticated with a client certificate, nothing is printed in the logfile. But on the other hand, when directives, such as %b (number of bytes sent) or %{Referer}i (the refer(r)er field) have no value, Apache prints a - sign. Is this also possible with "x"? Roman Maeder __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: the mod_ssl x log_config extension
On Thu, Feb 18, 1999, Roman Maeder wrote: I am encountering the following problem with using the %{variable}x LogFormat extension from mod_ssl-2.2.2-1.3.4. When the variable is not defined, for example %{SSL_CLIENT_S_DN}x for an SSL connection that is not authenticated with a client certificate, nothing is printed in the logfile. But on the other hand, when directives, such as %b (number of bytes sent) or %{Referer}i (the refer(r)er field) have no value, Apache prints a - sign. Is this also possible with "x"? Yes, you're right, my ssl_lookup_variable() function has a reasonable if (result == NULL) result = ""; at the end which I overlooked when I implemented the extension for mod_log_config (which wants a NULL to indicate an empty expension). So, to let not available variables expand to "-" instead of "", you've to apply the following patch which I'll commit for mod_ssl 2.2.3: Index: ssl_engine_ext.c === RCS file: /e/apache/SSL/REPOS/mod_ssl/pkg.apache/src/modules/ssl/ssl_engine_ext.c,v retrieving revision 1.14 diff -u -r1.14 ssl_engine_ext.c --- ssl_engine_ext.c1999/01/21 14:21:59 1.14 +++ ssl_engine_ext.c1999/02/19 10:17:31 @@ -161,6 +161,8 @@ result = NULL; if (ap_ctx_get(r-connection-client-ctx, "ssl") != NULL) result = ssl_var_lookup(r-pool, r-server, r-connection, r, a); +if (result != NULL result[0] == NUL) +result = NULL; return result; } Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [BugDB] Personal Certificate Cache Problems (PR#107)
I'm having a similar problem. I hope I could explain it. Sorry for the long message. I want to require client certificates only under /cgi-bin. So I place this in my httpd.conf Location /cgi-bin SSLVerifyClient require SSLVerifyDepth 1 /Location With this in place, Netscape keeps asking me for my client certificate each time I click Reload on /cgi-bin/printenv, for example. With SSLLogLevel trace, the ssl_engine_log is pretty large, but I think is useful to include it here. Pointing Navigator to https://my.server:8443/cgi-bin/printenv for the first time, the following appers in the log. [19/Feb/1999 10:36:46] [info] Connection to child 1 established (server thor.intranet.bancorio.com.ar:8443) [19/Feb/1999 10:36:46] [trace] Seeding PRNG with 1032 bytes of entropy [19/Feb/1999 10:36:46] [trace] SSLeay: Handshake: start [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: before SSL initalisation [19/Feb/1999 10:36:46] [trace] Inter-Process Session Cache: request=GET status=FOUND id=644607CD6BB682E78127BF233CB9E0227034FF42B6CE33FDEB949368D24F3905 (session reuse) [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 read client hello A [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 write server hello A [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 write change cipher spec A [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 write finished A [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 flush data [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 read finished A [19/Feb/1999 10:36:46] [trace] SSLeay: Handshake: done [19/Feb/1999 10:36:46] [info] Connection: Client IP: 172.18.230.12, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [19/Feb/1999 10:36:46] [info] Requesting connection re-negotiation [19/Feb/1999 10:36:46] [trace] SSLeay: Handshake: start [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSL renegotiate ciphers [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 write hello request A [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 flush data [19/Feb/1999 10:36:46] [info] Awaiting re-negotiation handshake [19/Feb/1999 10:36:46] [trace] SSLeay: Handshake: start [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: before accept initalisation [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 read client hello A [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 write server hello A [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 write certificate A [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 write certificate request A [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 write server done A [19/Feb/1999 10:36:46] [trace] SSLeay: Loop: SSLv3 flush data Here Netscape is asking me for a certificate, when I click Continue in the "Select a certificate" the following appears: [19/Feb/1999 10:40:11] [trace] Certificate Verification: depth: 1, subject: /C=AR/O=Banco Rio de la Plata S.A./CN=Autoridad de Certificacion RioEDI, issuer: /C=AR/O=Banco Rio de la Plata S.A./CN=Autoridad de Certificacion RioEDI [19/Feb/1999 10:40:11] [trace] Certificate Verification: depth: 0, subject: /C=AR/O=Banco Rio de la Plata S.A./UID=pinela/CN=Dario [EMAIL PROTECTED], issuer: /C=AR/O=Banco Rio de la Plata S.A./CN=Autoridad de Certificacion RioEDI [19/Feb/1999 10:40:11] [trace] SSLeay: Loop: SSLv3 read client certificate A [19/Feb/1999 10:40:11] [trace] SSLeay: Loop: SSLv3 read client key exchange A [19/Feb/1999 10:40:11] [trace] SSLeay: Loop: SSLv3 read certificate verify A [19/Feb/1999 10:40:11] [trace] SSLeay: Loop: SSLv3 read finished A [19/Feb/1999 10:40:11] [trace] SSLeay: Loop: SSLv3 write change cipher spec A [19/Feb/1999 10:40:11] [trace] SSLeay: Loop: SSLv3 write finished A [19/Feb/1999 10:40:11] [trace] SSLeay: Loop: SSLv3 flush data [19/Feb/1999 10:40:11] [trace] Inter-Process Session Cache: request=SET id=5080C88552F24FA5D2F292412066E77B319DFC0BEE61D568303990A48A50370C timeout=2795s (session caching) [19/Feb/1999 10:40:11] [trace] SSLeay: Handshake: done [19/Feb/1999 10:40:11] [info] Connection: Client IP: 172.18.230.12, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [19/Feb/1999 10:40:11] [info] Connection to child 1 closed (server thor.intranet.bancorio.com.ar:8443) When I click reload, the following happens: [19/Feb/1999 10:41:06] [info] Connection to child 0 established (server thor.intranet.bancorio.com.ar:8443) [19/Feb/1999 10:41:06] [trace] Seeding PRNG with 1032 bytes of entropy [19/Feb/1999 10:41:06] [trace] SSLeay: Handshake: start [19/Feb/1999 10:41:06] [trace] SSLeay: Loop: before SSL initalisation [19/Feb/1999 10:41:06] [trace] Inter-Process Session Cache: request=GET status=FOUND id=5080C88552F24FA5D2F292412066E77B319DFC0BEE61D568303990A48A50370C (session reuse) [19/Feb/1999 10:41:06] [trace] SSLeay: Loop: SSLv3 read client hello A [19/Feb/1999 10:41:06] [trace] SSLeay: Loop: SSLv3 write server hello A [19/Feb/1999 10:41:06] [trace] SSLeay: Loop: SSLv3 write change cipher spec A [19/Feb/1999 10:41:06] [trace] SSLeay: Loop: SSLv3 write finished A [19/Feb/1999 10:41:06] [trace] SSLeay:
Re: [BugDB] Personal Certificate Cache Problems (PR#107)
On Fri, Feb 19, 1999, [EMAIL PROTECTED] wrote: [...] Wait! That's still not clear enough, sorry. Do you mean that after 3) Apache asks for the client cert on _every_ request? I think no, so what makes you actually think that your sessions are no longer cached after 3)? Or in other Thats the problem, after 3) Apache asks for the client cert on every request. Ops, then this is some sort of a bug. But perhaps it's the same as described in the other reply on this thread? Is your client authentication configured on a per-directory basis? words: After you restarted Apache how did you discovered that your sessions are now _again_ cached? Usually (I assume you've an enabled session cache: SSLSessionCache!) restarting Apache should make no real difference according to cached sessions. After Apache restarted, client certificate is asked at begining and when we reach timeout. SSLSessionCache is enabled. Hmmm that's crazy. I currently cannot image what happens for you, except that storing the session keys into the DBM file might fail. There are no error messages in the mod_ssl logfile? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Addtl Info:
On Fri, Feb 19, 1999, Taylor Blackwell wrote: [...] means your apache_1.3.4/src/Configuration.tmpl doesn't contain a "Rule SSL_SDBM=default" line. Check this, mod_ssl's configure script should have added this line together with some other SSL_xxx stuff. I guess you messed Here's what I got in the SSL Support, which is the second commented section of Configuration.tmpl. #SSL_BASE=/usr/local/ssl #RSA_BASE=/usr/local/rsa Rule SSL_COMPAT=yes That's it. Also, I noticed a module at the end that is commented out. [...] Then this isn't mod_ssl 2.2.x IMO. Then you're using an older version where no SSL_SDBM is at all ;-) For mod_ssl 2.2.x the above part reads: #SSL_BASE=/usr/local/ssl #RSA_BASE=/usr/local/rsa Rule SSL_COMPAT=yes Rule SSL_SDBM=default Rule SSL_EXPERIMENTAL=no Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [BugDB] Personal Certificate Cache Problems (PR#107)
- Mensagem original - De: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] Enviada em: Friday, February 19, 1999 2:10 PM Para: [EMAIL PROTECTED] Assunto: Re: [BugDB] Personal Certificate Cache Problems (PR#107) On Fri, Feb 19, 1999, [EMAIL PROTECTED] wrote: [...] Wait! That's still not clear enough, sorry. Do you mean that after 3) Apache asks for the client cert on _every_ request? I think no, so what makes you actually think that your sessions are no longer cached after 3)? Or in other Thats the problem, after 3) Apache asks for the client cert on every request. Ops, then this is some sort of a bug. But perhaps it's the same as described in the other reply on this thread? Is your client authentication configured on a per-directory basis? My client authentication is not configured on a per-directory basis. I could try mod_ssl 2.1.8 to see if this error has something to do with per-directory authentication adition. words: After you restarted Apache how did you discovered that your sessions are now _again_ cached? Usually (I assume you've an enabled session cache: SSLSessionCache!) restarting Apache should make no real difference according to cached sessions. After Apache restarted, client certificate is asked at begining and when we reach timeout. SSLSessionCache is enabled. Hmmm that's crazy. I currently cannot image what happens for you, except that storing the session keys into the DBM file might fail. There are no error messages in the mod_ssl logfile? Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com Why session keys storage fail for Netscape and not for MSIE ? I don't know if this helps, but i'm sending to you the differences in ssl_engine_log between MSIE connections and Netscape connections. José Carlos Leite Log with MSIE connections [19/Feb/1999 15:10:12] [info] Connection to child 2 established (server 195.138 .0.81:8443) [19/Feb/1999 15:10:12] [info] Connection: Client IP: 195.138.6.212, Protocol: S SLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [19/Feb/1999 15:10:32] [info] Connection to child 2 closed (server 195.138.0.81 :8443) [19/Feb/1999 15:11:06] [info] Connection to child 0 established (server 195.138 .0.81:8443) [19/Feb/1999 15:11:07] [info] Connection: Client IP: 195.138.6.212, Protocol: S SLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [19/Feb/1999 15:11:24] [info] Connection to child 0 closed (server 195.138.0.81 :8443) [19/Feb/1999 15:11:32] [info] Connection to child 9 established (server 195.138 .0.81:8443) [19/Feb/1999 15:11:32] [info] Connection: Client IP: 195.138.6.212, Protocol: S SLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [19/Feb/1999 15:12:28] [info] Connection to child 9 closed (server 195.138.0.81 :8443) [19/Feb/1999 15:12:36] [info] Connection to child 7 closed (server 195.138.0.81 :8443) Log with Netscape connections [19/Feb/1999 15:19:27] [info] Connection to child 1 established (server 195.138 .0.81:8443) [19/Feb/1999 15:19:52] [info] SSL handshake stopped: connection was closed [19/Feb/1999 15:19:52] [info] Connection to child 1 closed (server 195.138.0.81 :8443) [19/Feb/1999 15:19:54] [info] Connection to child 8 established (server 195.138 .0.81:8443) [19/Feb/1999 15:19:59] [info] Connection: Client IP: 195.138.6.212, Protocol: S SLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [19/Feb/1999 15:20:07] [info] Connection to child 4 established (server 195.138 .0.81:8443) [19/Feb/1999 15:20:07] [info] Connection to child 3 established (server 195.138 .0.81:8443) [19/Feb/1999 15:20:07] [info] Connection to child 5 established (server 195.138 .0.81:8443) [19/Feb/1999 15:20:09] [info] Connection to child 8 closed (server 195.138.0.81 :8443) [19/Feb/1999 15:20:10] [info] Connection to child 6 established (server 195.138 .0.81:8443) [19/Feb/1999 15:20:13] [info] Connection: Client IP: 195.138.6.212, Protocol: S SLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [19/Feb/1999 15:20:14] [info] Connection: Client IP: 195.138.6.212, Protocol: S SLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [19/Feb/1999 15:20:15] [info] Connection: Client IP: 195.138.6.212, Protocol: S SLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [19/Feb/1999 15:20:15] [info] Connection: Client IP: 195.138.6.212, Protocol: S SLv3, Cipher: EXP-RC4-MD5 (40/128 bits) [19/Feb/1999 15:20:32] [info] Connection to child 3 closed (server 195.138.0.81 :8443) [19/Feb/1999 15:20:32] [info] Connection to child 4 closed (server 195.138.0.81 :8443) [19/Feb/1999 15:20:32] [info] Connection to child 6 closed (server 195.138.0.81 :8443) [19/Feb/1999 15:20:34] [info] Connection to child 5 closed (server 195.138.0.81 :8443) [19/Feb/1999 15:20:39] [info] Connection to child 2 established (server 195.138 .0.81:8443) [19/Feb/1999 15:20:47] [info] Connection: Client IP: 195.138.6.212, Protocol: S SLv3, Cipher: EXP-RC4-MD5
RE: [BugDB] Personal Certificate Cache Problems (PR#107)
- Mensagem original - De: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] Enviada em: Friday, February 19, 1999 4:38 PM Para: [EMAIL PROTECTED] Assunto: RE: [BugDB] Personal Certificate Cache Problems (PR#107) - Mensagem original - De: [EMAIL PROTECTED] [SMTP:owner-sw-mod-ssl@engels chall.com] Enviada em: Friday, February 19, 1999 2:10 PM Para: [EMAIL PROTECTED] Assunto: Re: [BugDB] Personal Certificate Cache Problems (PR#107) On Fri, Feb 19, 1999, [EMAIL PROTECTED] wrote: [...] Wait! That's still not clear enough, sorry. Do you mean that after 3) Apache asks for the client cert on _every_ request? I think no, so what ma kes you actually think that your sessions are no longer cached after 3)? Or in other Thats the problem, after 3) Apache asks for the client cert on every request. Ops, then this is some sort of a bug. But perhaps it's the same as desc ribed in the other reply on this thread? Is your client authentication config ured on a per-directory basis? My client authentication is not configured on a per-directory basis. I could try mod_ssl 2.1.8 to see if this error has something to do with p er-directory authentication adition. With mod_ssl 2.1.8 everything is working fine. MSIE and Netscape. José Carlos Leite __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [BugDB] Personal Certificate Cache Problems (PR#107)
- Mensagem original - De: jose carlos Enviada em: Friday, February 19, 1999 4:57 PM Para: '[EMAIL PROTECTED]' Assunto: RE: [BugDB] Personal Certificate Cache Problems (PR#107) - Mensagem original - De: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]] Enviada em: Friday, February 19, 1999 4:38 PM Para: [EMAIL PROTECTED] Assunto: RE: [BugDB] Personal Certificate Cache Problems (PR#107) - Mensagem original - De: [EMAIL PROTECTED] [SMTP:owner-sw-mod-ssl@engels chall.com] Enviada em: Friday, February 19, 1999 2:10 PM Para: [EMAIL PROTECTED] Assunto: Re: [BugDB] Personal Certificate Cache Problems (PR#107) On Fri, Feb 19, 1999, [EMAIL PROTECTED] wrote: [...] Wait! That's still not clear enough, sorry. Do you mean that after 3) Apache asks for the client cert on _every_ request? I think no, so what ma kes you actually think that your sessions are no longer cached after 3)? Or in other Thats the problem, after 3) Apache asks for the client cert on every request. Ops, then this is some sort of a bug. But perhaps it's the same as desc ribed in the other reply on this thread? Is your client authentication config ured on a per-directory basis? My client authentication is not configured on a per-directory basis. I could try mod_ssl 2.1.8 to see if this error has something to do with p er-directory authentication adition. With mod_ssl 2.1.8 everything is working fine. MSIE and Netscape. José Carlos Leite Sorry, my mistake i tested only the first time. In the second time that i accessed the system it asked for my client certificate in every request. José Carlos Leite __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Addtl Info: WAHOO!
"Ralf S. Engelschall" wrote: Then this isn't mod_ssl 2.2.x IMO. Then you're using I promise! www:~/mod_ssl-2.2.2-1.3.4 pwd /usr/home/taylorb/mod_ssl-2.2.2-1.3.4 And then... 562433 Feb 8 09:57 mod_ssl-2.2.2-1.3.4.tar.gz hehe, I think I'm weird. I'm gonna try manually hoarking those lines in. Any ideas as to who/whatsits making my life strange like this? 10 minutes later... BLAMMO! it works! So, something is goofy here in the patching? I wish I could help more for your sake, but I really think something was missed in my installation that you may be interested in. THANKS AGAIN! you've been a great help. I'll stay on the list for a while, see how this runs for a bit. -- Taylor Blackwell - Network Engineer - Aidan Internet Solutions http://www.aidan.net - The BEST in Commercial Internet Consulting "God, root, what is difference?" - Pitr from UserFriendly at http://www.userfriendly.org __ Apache Interface to SSLeay (mod_ssl) www.engelschall.com/sw/mod_ssl/ Official Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: [BugDB] Personal Certificate Cache Problems (PR#107)
I don't know if this detailed log helps. Look at id 8EFF9FF9FE371731A20EE860E66594986C01DD70ECC2678A40C707E0EA0C5C5B . Why is declared as MISSED when in 1 minute before this id was found ? Why this works fine MSIE 4.x ? SSCacheTimeout=300 Thank you in advance José Carlos Leite [19/Feb/1999 17:30:40] [info] Init: 1st startup round (still not detached) [19/Feb/1999 17:30:40] [info] Init: Initializing OpenSSL library [19/Feb/1999 17:30:40] [info] Init: Loading certificate private key of SSL-aware server 195.138.0.81:8443 [19/Feb/1999 17:30:40] [trace] Init: (195.138.0.81:8443) unencrypted private key - pass phrase not required [19/Feb/1999 17:30:40] [info] Init: 2nd startup round (already detached) [19/Feb/1999 17:30:40] [info] Init: Initializing OpenSSL library [19/Feb/1999 17:30:40] [info] Init: Generating temporary (512 bit) RSA private key [19/Feb/1999 17:30:45] [info] Init: Initializing (virtual) servers for SSL [19/Feb/1999 17:30:45] [info] Init: Configuring server 195.138.0.81:8443 for SSL protocol [19/Feb/1999 17:30:45] [trace] Init: (195.138.0.81:8443) Creating new SSL context [19/Feb/1999 17:30:45] [trace] Init: (195.138.0.81:8443) Configuring permitted SSL ciphers [19/Feb/1999 17:30:45] [trace] Init: (195.138.0.81:8443) Configuring client authentication [19/Feb/1999 17:30:45] [trace] CA certificate: /C=PT/ST=LISBOA/L=LISBOA/O=Catalogo Electre [EMAIL PROTECTED] [19/Feb/1999 17:30:45] [trace] CA certificate: /C=PT/ST=LISBOA/L=LISBOA/O=Catalogo Electronico de [EMAIL PROTECTED] [19/Feb/1999 17:30:45] [trace] CA certificate: [EMAIL PROTECTED] [19/Feb/1999 17:30:45] [trace] CA certificate: /C=ES/ST=Madrid/O=ACE/OU=Clase 1/CN=ACE Clientes1 [19/Feb/1999 17:30:45] [trace] Init: (195.138.0.81:8443) Configuring server certificate [19/Feb/1999 17:30:45] [trace] Init: (195.138.0.81:8443) Configuring server private key [19/Feb/1999 17:30:54] [info] Connection to child 0 established (server 195.138.0.81:8443) [19/Feb/1999 17:30:54] [trace] OpenSSL: Handshake: start [19/Feb/1999 17:30:54] [trace] OpenSSL: Loop: before SSL initialization [19/Feb/1999 17:30:54] [trace] OpenSSL: Loop: SSLv3 read client hello A [19/Feb/1999 17:30:54] [trace] OpenSSL: Loop: SSLv3 write server hello A [19/Feb/1999 17:30:54] [trace] OpenSSL: Loop: SSLv3 write certificate A [19/Feb/1999 17:30:54] [trace] OpenSSL: Loop: SSLv3 write key exchange A [19/Feb/1999 17:30:54] [trace] OpenSSL: Loop: SSLv3 write certificate request A [19/Feb/1999 17:30:54] [trace] OpenSSL: Loop: SSLv3 write server done A [19/Feb/1999 17:30:54] [trace] OpenSSL: Loop: SSLv3 flush data [19/Feb/1999 17:31:09] [trace] OpenSSL: Read: SSLv3 read client certificate A [19/Feb/1999 17:31:09] [trace] OpenSSL: Exit: failed in SSLv3 read client certificate A [19/Feb/1999 17:31:09] [info] SSL handshake stopped: connection was closed [19/Feb/1999 17:31:09] [info] Connection to child 0 closed (server 195.138.0.81:8443) [19/Feb/1999 17:31:17] [info] Connection to child 1 established (server 195.138.0.81:8443) [19/Feb/1999 17:31:17] [trace] OpenSSL: Handshake: start [19/Feb/1999 17:31:17] [trace] OpenSSL: Loop: before SSL initialization [19/Feb/1999 17:31:17] [trace] OpenSSL: Loop: SSLv3 read client hello A [19/Feb/1999 17:31:17] [trace] OpenSSL: Loop: SSLv3 write server hello A [19/Feb/1999 17:31:17] [trace] OpenSSL: Loop: SSLv3 write certificate A [19/Feb/1999 17:31:17] [trace] OpenSSL: Loop: SSLv3 write key exchange A [19/Feb/1999 17:31:17] [trace] OpenSSL: Loop: SSLv3 write certificate request A [19/Feb/1999 17:31:17] [trace] OpenSSL: Loop: SSLv3 write server done A [19/Feb/1999 17:31:17] [trace] OpenSSL: Loop: SSLv3 flush data [19/Feb/1999 17:31:22] [trace] Certificate Verification: depth: 1, subject: /C=PT/ST=LISBOA/L=LISBOA/O=Catalogo Electronico de [EMAIL PROTECTED], issuer: /C=PT/ST=LISBOA/L=LISBOA/O=Catalogo Electronico de [EMAIL PROTECTED] [19/Feb/1999 17:31:22] [trace] Certificate Verification: depth: 0, subject: /C=PT/ST=LISBOA/L=LISBOA/O=Catalogo Electronico de Produtos/OU=Catalogo Electronico de [EMAIL PROTECTED], issuer: /C=PT/ST=LISBOA/L=LISBOA/O=Catalogo Electronico de [EMAIL PROTECTED] [19/Feb/1999 17:31:22] [trace] OpenSSL: Loop: SSLv3 read client certificate A [19/Feb/1999 17:31:23] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [19/Feb/1999 17:31:23] [trace] OpenSSL: Loop: SSLv3 read certificate verify A [19/Feb/1999 17:31:23] [trace] OpenSSL: Loop: SSLv3 read finished A [19/Feb/1999 17:31:23] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [19/Feb/1999 17:31:23] [trace] OpenSSL: Loop: SSLv3 write finished A [19/Feb/1999 17:31:23] [trace] OpenSSL: Loop: SSLv3 flush data [19/Feb/1999 17:31:23] [trace] Inter-Process Session Cache: request=SET id=AD1830BB23D5F664FBE629CD61771BBA6975CD3B5F53313F074CB6EFA263DE37 timeout=294s (session caching) [19/Feb/1999 17:31:23] [trace] OpenSSL: Handshake: done [19/Feb/1999 17:31:23] [info] Connection: Client IP: 195.138.6.212, Protocol: SSLv3, Cipher: