Re: ssl3_get_client_certificate: no certificate returned
Dr. Stephen Henson wrote:
On Tue, Nov 15, 2011, Tobias Nissen wrote:
Dr. Stephen Henson wrote:
On Tue, Nov 15, 2011, Tobias Nissen wrote:
I'm indirectly using OpenSSL through Net::SSLeay¹, which I use
through AnyEvent::TLS². AnyEvent::TLS provides the means to
define a custom verification mechanism by setting verify_cb³.
Here's an example (keys included):
http://paste.scsys.co.uk/159837
If the custom verification callback decides a peer is bad, it
shall return 0 and return 1 otherwise. If 0 is returned, this
warning is produced:
ssl3_get_client_certificate: no certificate returned
[...]
The warning isn't printed by OpenSSL it is an error code. So
perhaps the wrapper is printing the error?
I didn't find it in either of the wrapper modules, but I did in
OpenSSL:
tobi@hal:~/src/openssl-1.0.0e$ rgrep no certificate returned *
doc/ssleay.txt:Error because no certificate returned.
ssl/ssl_err.c:{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),no
certificate returned},
Yes but that's a textual version of the error. OpenSSL does not print
it out: an application call is needed to do that.
Ah OK. However, I checked with AnyEvent::TLS and Net::SSLeay, neither
of those seems to emit this error message. SSLeay, which is what
AnyEvent::TLS uses, imports a lot of OpenSSL macros, but not
SSL_R_NO_CERTIFICATE_RETURNED. My guess is, that the error is put there
by ssl/s3_srvr.c (line 2990, version 1.0.0e) and printed out by SSLeay.
Can you confirm this? If that's the case, I'd like to know, how this
warning is produced. AFAICS my custom verification callback breaks
the verification chain, because of
ssl_verify_cert_chain(s,sk) = 0
I still don't quite understand the meaning of the warning message. Can/
should I just live with it or does it indicate a bug (in either OpenSSL,
Net::SSLeay or AnyEvent::TLS)?
signature.asc
Description: PGP signature
Re: ssl3_get_client_certificate: no certificate returned
Dr. Stephen Henson wrote:
On Tue, Nov 15, 2011, Tobias Nissen wrote:
Dr. Stephen Henson wrote:
On Tue, Nov 15, 2011, Tobias Nissen wrote:
I'm indirectly using OpenSSL through Net::SSLeay¹, which I use
through AnyEvent::TLS². AnyEvent::TLS provides the means to
define a custom verification mechanism by setting verify_cb³.
Here's an example (keys included):
http://paste.scsys.co.uk/159837
If the custom verification callback decides a peer is bad, it
shall return 0 and return 1 otherwise. If 0 is returned, this
warning is produced:
ssl3_get_client_certificate: no certificate returned
[...]
The warning isn't printed by OpenSSL it is an error code. So
perhaps the wrapper is printing the error?
I didn't find it in either of the wrapper modules, but I did in
OpenSSL:
tobi@hal:~/src/openssl-1.0.0e$ rgrep no certificate returned *
doc/ssleay.txt:Error because no certificate returned.
ssl/ssl_err.c:{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),no
certificate returned},
Yes but that's a textual version of the error. OpenSSL does not print
it out: an application call is needed to do that.
Ah OK. However, I checked with AnyEvent::TLS and Net::SSLeay, neither
of those seems to emit this error message. SSLeay, which is what
AnyEvent::TLS uses, imports a lot of OpenSSL macros, but not
SSL_R_NO_CERTIFICATE_RETURNED. My guess is, that the error is put there
by ssl/s3_srvr.c (line 2990, version 1.0.0e) and printed out by SSLeay.
Can you confirm this? If that's the case, I'd like to know, how this
warning is produced. AFAICS my custom verification callback breaks
the verification chain, because of
ssl_verify_cert_chain(s,sk) = 0
I still don't quite understand the meaning of the warning message. Can
I just live with it or does it indicate a bug (in either OpenSSL,
Net::SSLeay or AnyEvent::TLS)?
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
ssl3_get_client_certificate: no certificate returned
Hi, I'm indirectly using OpenSSL through Net::SSLeay¹, which I use through AnyEvent::TLS². AnyEvent::TLS provides the means to define a custom verification mechanism by setting verify_cb³. Here's an example (keys included): http://paste.scsys.co.uk/159837 If the custom verification callback decides a peer is bad, it shall return 0 and return 1 otherwise. If 0 is returned, this warning is produced: ssl3_get_client_certificate: no certificate returned It's only a warning which does not seem to impair functionality; no warning is printed if 1 is returned. I've already asked on the AnyEvent mailing list⁴, but the author of AnyEvent::TLS couldn't really nail it down either. Can you help me? Why is this warning printed and what could be done to eliminate the problem? TIA, Tobias ¹ http://search.cpan.org/~mikem/Net-SSLeay-1.42/lib/Net/SSLeay.pm ² http://search.cpan.org/~mlehmann/AnyEvent-6.1/lib/AnyEvent/TLS.pm which I use through AnyEvent::MPRPC, but that shouldn't matter :-) ³ http://search.cpan.org/~mlehmann/AnyEvent-6.1/lib/AnyEvent/TLS.pm#verify_cb ⁴ http://lists.schmorp.de/pipermail/anyevent/2011q4/000203.html signature.asc Description: PGP signature
Re: ssl3_get_client_certificate: no certificate returned
Dr. Stephen Henson wrote:
On Tue, Nov 15, 2011, Tobias Nissen wrote:
I'm indirectly using OpenSSL through Net::SSLeay¹, which I use
through AnyEvent::TLS². AnyEvent::TLS provides the means to define
a custom verification mechanism by setting verify_cb³. Here's an
example (keys included):
http://paste.scsys.co.uk/159837
If the custom verification callback decides a peer is bad, it shall
return 0 and return 1 otherwise. If 0 is returned, this warning is
produced:
ssl3_get_client_certificate: no certificate returned
It's only a warning which does not seem to impair functionality; no
warning is printed if 1 is returned.
I've already asked on the AnyEvent mailing list???, but the author
of AnyEvent::TLS couldn't really nail it down either. Can you help
me? Why is this warning printed and what could be done to eliminate
the problem?
The warning isn't printed by OpenSSL it is an error code. So perhaps
the wrapper is printing the error?
I didn't find it in either of the wrapper modules, but I did in OpenSSL:
tobi@hal:~/src/openssl-1.0.0e$ rgrep no certificate returned *
doc/ssleay.txt:Error because no certificate returned.
ssl/ssl_err.c:{ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED),no certificate
returned},
signature.asc
Description: PGP signature
