On Jun 5, 2005, at 10:19 PM, Dar Scott wrote:
I wonder if what you are seeing is not your error, but the server's
error. The server might be expecting a certificate from the client.
That would be reasonable in a situation like yours where you are using
post. However, I don't think Revolution can supply a certificate to a
server, yet. I don't know how to specify it if the ability is there.
That is, maybe the server wants to know you are who you say you are,
too.
That is, it looks like a problem in the local lookup, but "local" to
whom?
Maybe you can sneak up on this. Try getting a simple https page from
a popular server. Then try getting a page from the server in
question. If that fails, try it with a web browser; maybe the sever
has a bad cert. Try a post with some other tool. Maybe then you have
learned what you need to do the post.
I hope you get this solved before RevCon. I can then pass all the
hard SSL questions on to you!
Dar
Dar,
I begun to wonder the same thing also, but I discovered that it's not a
server error message it is actually a openssl error message, trying to
connect to the secure server using openssl command line tool yelded the
following response (quoted from a much bigger output):
---
No client certificate CA names sent
---
SSL handshake has read 2202 bytes and written 340 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID:
DCB5B184CA7F0BC6D5D005543789AC455B27C951ED28322D5B5126292F1964B8
Session-ID-ctx:
Master-Key:
4CB07308E672F65381DDABF8F4386DED97CC1482C3E8A25BE362157D01B1806395F07107
697074B96D87316E937F3F59
Key-Arg : None
Start Time: 1118014043
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
the server connects and I am able to use HTTP commands to it, it
appears that while the openssl commandline tool don't think that this
error is a show stopper, Rev in the other hand will refuse to go
forward. I checked bugzilla and saw that there was a thread that
apparently asked for this behaviour saying that if the cert cannot be
verified, rev should stop. I'd like to go like the open secure socket
command where I can simply choose to ignore verification.
it will be a long night trying to solve this...
thanks
andre
--
Andre Alves Garzia 2004
Soap Dog Studios - BRAZIL
http://studio.soapdog.org
_______________________________________________
use-revolution mailing list
[email protected]
http://lists.runrev.com/mailman/listinfo/use-revolution
