Hi Again.,
This is what I found from the log file you sent..is this pointing to the
same CA cert itcilo-ca.crt, I put it in ssl.crt ?
debug] ssl_engine_init.c(1112): CA certificate:
/C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO
CA/[EMAIL PROTECTED]
[Wed Jul 13 11:48:34 2005] [debug]
Hey can you try setting verify depth to Zero and not pointing to any CA cert
i.e SSLCACertificatePath pointing to null?
Thanks
--Gayathri
Hi Again.,
This is what I found from the log file you sent..is this pointing to the
same CA cert itcilo-ca.crt, I put it in ssl.crt ?
debug]
The above indicates that. Make sure client cert
processing is done correctly on the server side. If it
is a program failure, then you need to get the
programmer to debug the program.
Thank you for your answer. I'm not sure what you intend with program
failure: the pages served by this
Hi.
Have you imported the CA of the client cert on the server side?
A verify depth of 1 has been set, which could mean that the client
cert is self signed? Can you set it to some higher value and try?
Also can you check whether the option SSL_VERIFY_FAIL_IF_NO_PEER_CERT?
It looks to me a
Hi all,
I'm trying to configure client authentication for one of my sites
(SuSe 9.0, apache 2.0.48, openssl-0.9.7b-133 distribution's rpm).
You will find below the steps I'm following, the problem I have is
that, when I go to the page, it first asks me to accept the server's
certificate, then ask
Looks to me that client authentication failed. And
this is most likely due to client cert processing on
the server side:
[notice] child pid 9192 exit signal Segmentation fault
(11)
The above indicates that. Make sure client cert
processing is done correctly on the server side. If it
is a
Eric Rescorla wrote:
Götz Babin-Ebell [EMAIL PROTECTED] writes:
And how gets he the connection IP-Address - FQDN ?
-He uses DNS.
I think you need to reread his message since that's not
what he says.
Hm:
snip
client authentication. After a successful SSL_accept() I have some
logic that
Eric Rescorla wrote:
There are a number of situations where one wishes to authenticate
clients based on their DNS names:
(1) SMTP/TLS.
(2) Secure remote backup.
In such cases the clients often (though not always) have fixed IPs.
Well, I'll be happy when IPv6 is ubiquitous (coming any
Eric Rescorla wrote:
Götz Babin-Ebell [EMAIL PROTECTED] writes:
[1 text/plain; us-ascii (7bit)]
Don Zick wrote:
Hello Don,
I'm not actually using DNS at all. For the application I'm working with
the TLS clients and servers must be statically configured with a Fully
Michael Sierchio [EMAIL PROTECTED] writes:
Eric Rescorla wrote:
There are a number of situations where one wishes to authenticate
clients based on their DNS names:
(1) SMTP/TLS.
(2) Secure remote backup.
In such cases the clients often (though not always) have fixed IPs.
Götz Babin-Ebell [EMAIL PROTECTED] writes:
And how gets he the connection IP-Address - FQDN ?
-He uses DNS.
I think you need to reread his message since that's not
what he says.
If he wants to allow user XYZ presenting certificate C_XYZ to
do some things, all he has to do is look in an
On Wed, 26 Sep 2001 09:43:02 -0700, Michael Sierchio wrote:
Don Zick wrote:
I have recently started using OpenSSL. (I have found the SSL and TLS
book by Eric Rescorla to be invaluable.) I am having a problem with
client authentication. After a successful SSL_accept() I have some logic
that
Don Zick wrote:
Hello Don,
I'm not actually using DNS at all. For the application I'm working with
the TLS clients and servers must be statically configured with a Fully
Qualified Domain Name. I match up the statically configured FQDN for a
client with the DNS name from the client's
David Schwartz wrote:
Sufficient for what? I may not want to send my credit card information to
anyone who has a Verisign certificate, but I might be willing to send it to
someone who has a Verisign certificate for 'www.amazon.com' or has that
listed as one of the alternate names.
On Wed, 26 Sep 2001 15:21:09 -0700, Michael Sierchio wrote:
David Schwartz wrote:
Sufficient for what? I may not want to send my credit card
information to anyone who has a Verisign certificate, but I might be
willing to send it to someone who has a Verisign certificate for
15 matches
Mail list logo
