Hello, I already solve the problem, seems that de message debug: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate > returned
is false or incorrect, the correct debug message could be: :sorry I can't verify the client certificate, I do not know the CA. Thanks a lot. Fran O Mér, 2005-07-06 ás 23:57, Joseph Bruni escribiu: > Is your client sending only its certificate, or are you sending the entire > certificate chain? > It looks like your server is unable to rebuild the cert. chain from the > client to the root. > > > > -----Original Message----- > From: "Fco .J. Arias" <[EMAIL PROTECTED]> > Sent: Jul 6, 2005 2:47 PM > To: openssl-users@openssl.org > Subject: Apache 2.0 + ssl + client cert + server cert > > Hello I'm trying to use apache with client auth, but I can't. The > problem is in logs errors: > > . > . > . > before other CA > a, B ,C ,D, E, F are strings > . > [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA > certificate: /C=A/ST=B/L=C/O=D/OU=Webserver > Team/CN=www.foo.com/[EMAIL PROTECTED] > [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA > certificate: /C=A/ST=B/L=C/O=D/OU=Webserver > Team/CN=www.foo.com/[EMAIL PROTECTED] > [Wed Jul 06 21:56:47 2005] [debug] ssl_engine_init.c(1095): CA > certificate: /C=A/ST=B/L=C/O=D/OU=Certificate Authority/CN=F > CA/[EMAIL PROTECTED] > > . > . > . > [Wed Jul 06 21:57:34 2005] [debug] ssl_engine_kernel.c(1210): > Certificate Verification: depth: 0, subject: > /C=A/ST=B/L=C/O=None/OU=None/CN=Fran D, /[EMAIL PROTECTED], > issuer: /C=A/ST=B/L=C/O=D/OU=Certificate Authority/CN=F > CA/[EMAIL PROTECTED] > [Wed Jul 06 21:57:44 2005] [error] Certificate Verification: Error (20): > unable to get local issuer certificate > [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1790): OpenSSL: > Write: SSLv3 read client certificate B > [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: > Exit: error in SSLv3 read client certificate B > [Wed Jul 06 21:57:44 2005] [debug] ssl_engine_kernel.c(1809): OpenSSL: > Exit: error in SSLv3 read client certificate B > [Wed Jul 06 21:57:44 2005] [info] SSL library error 1 in handshake > (server www.foo.com:8443, client 192.168.0.2) > [Wed Jul 06 21:57:44 2005] [info] SSL Library Error: 336105650 > error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate > returned > [Wed Jul 06 21:57:44 2005] [info] Connection to child 2 closed with > abortive shutdown(server www.foo.com:8443, client 192.168.0.2) > > > Anyone know How to solve this problem? > > > > It's posible get datum of certificates(like CN of client or server) into > Apache C API? > > Thanks, Fran. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
