Ok, got past that one.. OpenSSL was looking for the certs.pem file where
it didn't exist.. copied that over to the proper location and this
problem was fixed.. Now I have hit an even uglier snag..
I am using the same script and now when I run it on the Solaris box all
of the SSL handshake completes properly, including the client
certitficate parts but the socket seems to be closed by my side before
any response can be sent back from the server. Has anyone else seen this?
Here is the output I get now when running the below script on the
Solaris 8 box..
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
SSL_connect:SSL renegotiate ciphers
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
500 (Internal Server Error) read failed:
Net::SSL::die_with_error('Net::SSL=GLOB(0x356870)', 'read failed')
called at /usr/local/lib/perl5/site_perl/5.6.0/sun4-solaris/Net/SSL.pm line
211
Net::SSL::read('Net::SSL=GLOB(0x356870)', '', 4096, 0) called at
/usr/local/lib/perl5/site_perl/5.6.0/LWP/Protocol/http.pm line 193
LWP::Protocol::http::request('LWP::Protocol::https=HASH(0xf713c)',
'HTTP::Request=HASH(0xf5cb0)', undef, undef, undef, 180) called at
/usr/local/lib/perl5/site_perl/5.6.0/LWP/UserAgent.pm line 212
require 0 called at
/usr/local/lib/perl5/site_perl/5.6.0/LWP/UserAgent.pm line 211
LWP::UserAgent::simple_request('LWP::UserAgent=HASH(0x2227bc)',
'HTTP::Request=HASH(0xf5cb0)', undef, undef) called at
/usr/local/lib/perl5/site_perl/5.6.0/LWP/UserAgent.pm line 249
LWP::UserAgent::request('LWP::UserAgent=HASH(0x2227bc)',
'HTTP::Request=HASH(0xf5cb0)') called at ./dammit line 32
Client-Date: Thu, 04 Oct 2001 15:27:56 GM
-Del
Del Simmons wrote:
> Hey everyone..
>
> I am using the following:
>
> machine 1: Linux 2.4.8 (RedHat 7.1 with new kernel)
> machine 2: Solaris 8
>
> packages on both machines:
> openssl version 0.9.6
> perl 5.6.0
> Crypt::SSLeay 0.31
> LWP 5.53
>
> And I have the following code in a script:
> --------------------------------------------------------------
> #!/usr/bin/perl
> use strict;
>
> $ENV{HTTPS_CERT_FILE} = 'certs/clcert.pem';
> $ENV{HTTPS_KEY_FILE} = 'certs/key.pem';
>
> $ENV{HTTPS_CA_FILE} = 'certs/cacerts.pem';
> $ENV{HTTPS_CA_DIR} = '/usr/share/ssl/';
>
> $ENV{HTTPS_VERSION} = '3';
> $ENV{_SSL_DEBUG} = '1';
> $ENV{SSL_DEBUG} = '1';
> $ENV{HTTPS_DEBUG} = '1';
>
>
> use HTTP::Request::Common qw(POST);
> use LWP::UserAgent;
>
> my $ua = LWP::UserAgent->new;
> my $req = POST 'https://secure.server.name.net',
> [param => 'value'];
>
> my $res = $ua->request($req);
> ----------------------------------------------------------------
>
> When I run this on machine 1 I get the following:
>
> ----------------------------------------------------------------
> [del@Rhino rioport]$ ./cert_test
> SSL_connect:before/connect initialization
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server key exchange A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL_connect:SSLv3 read finished A
> SSL_connect:SSL renegotiate ciphers
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL_connect:SSLv3 read server certificate A
> SSL_connect:SSLv3 read server key exchange A
> SSL_connect:SSLv3 read server certificate request A
> SSL_connect:SSLv3 read server done A
> SSL_connect:SSLv3 write client certificate A
> SSL_connect:SSLv3 write client key exchange A
> SSL_connect:SSLv3 write certificate verify A
> SSL_connect:SSLv3 write change cipher spec A
> SSL_connect:SSLv3 write finished A
> SSL_connect:SSLv3 flush data
> SSL_connect:SSLv3 read finished A
> SSL3 alert read:warning:close notify
> [del@Rhino rioport]$
>
>
>--------------------------------------------------------------------------------------
>
>
>
> So everything looks good under linux.. When I run it on the Solaris
> machine I get this:
>
>
>--------------------------------------------------------------------------------------
>
>
> SSL_connect:before/connect initialization
> SSL_connect:SSLv3 write client hello A
> SSL_connect:SSLv3 read server hello A
> SSL3 alert write:fatal:bad certificate
> SSL_connect:error in SSLv3 read server certificate B
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2 write client hello A
> SSL_connect:error in SSLv2 read server hello B
> 500 (Internal Server Error) SSL negotiation failed: error:1407E086:SSL
> routines:SSL2_SET_CERTIFICATE:certificate verify failed ; at
> /usr/local/lib/perl5/site_perl/5.6.0/sun4-solaris/Net/SSL.pm line 139.
> Client-Date: Wed, 03 Oct 2001 15:38:46 GMT
>
>---------------------------------------------------------------------------------------------------------------
>
>
>
> What would cause it to fail with "SSL3 alert write:fatal:bad
> certificate" on Solaris? Any ideas?
>
> -Del
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
