ok I think I figured out one problem - the client side was using a cert signed with a password protected key, which my script was unable to deal with. Having fixed that, I am now getting error
140890B2 : SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned on the server side. and error: 14094418 : SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca on the client side. Looking at the Net::SSLeay module, it seems to fail on the 'get_peer_certificate' line. I'm presuming that it has a list of known CA's somewhere, and hence there must be some way of adding another CA to it. Does anyone know if there is a function to do this? is it Net::SSLeay::CTX_set_client_CA_list() by any chance? I can't seem to find any examples for this, could someone point me in the right direction? thanks Lutz for letting me know about the 'openssl errstr' command by the way, it's quite useful! Thanks, Stella On Wed, Nov 12, 2003 at 12:51:58PM +0100, Lutz Jaenicke wrote: > On Wed, Nov 12, 2003 at 10:53:58AM +0000, Stella Power wrote: > > I was wondering if anyone on this list could help me. I'm trying to use the > > post_https() function in Net::SSLeay to post to a website that needs a valid > > client certificate. > ... > > However, the server fails to validate my cert. I'm not sure if it is the > > module or my actual cert which is wrong. > > > I then used the path to newcert.pem for $cert_path above, and the path to > > newreq.pem as the $key_path above (post_https() line). > > > > I get the following errors in /var/log/httpd/error_log > > mod_ssl: SSL handshake failed (server renegade.dev.ie.alphyra.com:443, client > > 192.168.1.146) (OpenSSL library error follows) > > [error] OpenSSL: error:140890C7:lib(20):func(137):reason(199) > > [EMAIL PROTECTED]:~/cc/openssl-0.9.7-stable/ssl$ openssl errstr 140890C7 > error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a > certificate > > Your client does not send a certificate, even though requested. > So the problem is on the client side. > > Best regards, > Lutz > -- > Lutz Jaenicke [EMAIL PROTECTED] > http://www.aet.TU-Cottbus.DE/personen/jaenicke/ > BTU Cottbus, Allgemeine Elektrotechnik > Universitaetsplatz 3-4, D-03044 Cottbus > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
