I've have problem with apache with mod_ssl:
The server contributed to openssl accepts
my certifikat that is signed with SHA1 RSA.
Using Apache 1.3.12 with mod_ssl
my client certificate is not accepted
with the comment wrong Messagest digest
in client certificate.
Here the information in more detail:
===================================
Here is the logfile of ssl-engine:
[20/Jul/2000 11:03:13 10703] [debug] OpenSSL: write 7/7 bytes to BIO#08257D10
[mem: 0826A8E0] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 15 03 00 00 02 02 28 ......( |
+-------------------------------------------------------------------------+
[20/Jul/2000 11:03:13 10703] [trace] OpenSSL: Write: SSLv3 read client
certificate B
[20/Jul/2000 11:03:13 10703] [trace] OpenSSL: Exit: error in SSLv3 read client
certificate B
[20/Jul/2000 11:03:13 10703] [trace] OpenSSL: Exit: error in SSLv3 read client
certificate B
[20/Jul/2000 11:03:13 10703] [error] SSL handshake failed (server
blue.kobil.de:443, client 192.168.1.12) (OpenSSL lib
[20/Jul/2000 11:03:13 10703] [error] OpenSSL: error:0D07908D:asn1 encoding
routines:ASN1_verify:unknown message digest
[20/Jul/2000 11:03:13 10703] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate r
~
Here is my cert:
Certificate:
The probleb is the sha1WithRSA
Data:
Version: 3 (0x2)
Serial Number:
46:6c:65:78:69:54:72:75:73:74:20:44:65:6d:6f:20:23:30
Signature Algorithm: sha1WithRSA
Issuer: CN=TestCA, O=DD, C=DE
Validity
Not Before: Jul 20 08:41:42 2000 GMT
Not After : Aug 21 08:41:42 2001 GMT
Subject: C=DE, O=TU Darmstadt, CN=user1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:d2:b8:3c:21:b3:3d:86:d7:0b:0d:20:db:ed:77:
3c:c7:c4:41:f4:5d:3a:dc:77:5c:79:e5:58:ad:df:
63:4a:fe:e1:43:09:c8:61:30:67:ab:5b:83:90:f0:
bb:24:12:a1:8b:e0:10:86:60:d9:9e:eb:04:83:be:
e4:80:68:b9:df
Exponent: 11 (0xb)
X509v3 extensions:
Netscape Cert Type:
SSL Client, SSL Server, S/MIME, Object Signing
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment, Data
Encipherment, Key Agreement
Netscape Comment:
This certificate was issued using FlexiTrustCA. See
www.lidia-ca.cdc.informatik.tu-darmstadt.de
Signature Algorithm: sha1WithRSA
96:6a:e3:3b:04:3d:7e:8c:de:3b:39:2e:79:b4:b7:60:25:ba:
04:87:bd:ac:8f:10:a3:dd:ed:47:f4:19:18:96:c6:e7:07:b4:
ac:4b:c5:ef:dc:a5:73:99:b8:0f:ba:56:63:18:5d:97:57:50:
fc:21:cb:60:7c:5d:91:18:6d:5f:0e:bc:69:ba:e8:19:f8:d1:
d2:c6:56:c2:4b:23:b3:39:79:89:b8:3d:4e:88:9e:06:52:bc:
dd:38:76:f3:83:ef:14:66:ce:30:0d:93:00:2c:6c:90:60:75:
aa:b3:10:37:01:64:9a:4c:5f:fe:43:98:dd:ec:c4:df:18:4f:
68:58
-----BEGIN CERTIFICATE-----
MIICLTCCAZqgAwIBAgISRmxleGlUcnVzdCBEZW1vICMwMAkGBSsOAwIdBQAwKzEP
MA0GA1UEAxMGVGVzdENBMQswCQYDVQQKEwJERDELMAkGA1UEBhMCREUwHhcNMDAw
NzIwMDg0MTQyWhcNMDEwODIxMDg0MTQyWjA0MQswCQYDVQQGEwJERTEVMBMGA1UE
ChMMVFUgRGFybXN0YWR0MQ4wDAYDVQQDEwV1c2VyMTBaMA0GCSqGSIb3DQEBAQUA
A0kAMEYCQQDSuDwhsz2G1wsNINvtdzzHxEH0XTrcd1x55Vit32NK/uFDCchhMGer
W4OQ8LskEqGL4BCGYNme6wSDvuSAaLnfAgELo4GUMIGRMBEGCWCGSAGG+EIBAQQE
AwIA8DAMBgNVHQ8EBQMDB/gAMG4GCWCGSAGG+EIBDQRhFl9UaGlzIGNlcnRpZmlj
YXRlIHdhcyBpc3N1ZWQgdXNpbmcgRmxleGlUcnVzdENBLiBTZWUgd3d3LmxpZGlh
LWNhLmNkYy5pbmZvcm1hdGlrLnR1LWRhcm1zdGFkdC5kZTAJBgUrDgMCHQUAA4GB
AJZq4zsEPX6M3js5Lnm0t2AlugSHvayPEKPd7Uf0GRiWxucHtKxLxe/cpXOZuA+6
VmMYXZdXUPwhy2B8XZEYbV8OvGm66Bn40dLGVsJLI7M5eYm4PU6IngZSvN04dvOD
7xRmzjANkwAsbJBgdaqzEDcBZJpMX/5DmN3sxN8YT2hY
-----END CERTIFICATE-----
Best Regards
Emre Binisik
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
