On Thu, Jun 14, 2007, Jan F. Schnellbaecher wrote: > Hello, > > When I use my browser to go to https://creditportal.bankofamerica.com/ I am > redirected to a page telling me that there is something wrong with my client > certificate (the fact is that I don't have one). > > But when I am looking at a tcp dump I cannot find that the server asks for a > client certificate. > > When using "openssl s_client -connect creditportal.bankofamerica.com:443" I > get > > --- > No client certificate CA names sent > --- > > What exactly does this mean? Is it: > 1) The server does no ask for a client certificate > 2) The server ask but did not sent a list of accepted client certificate > issuers? > 3) Something different > > My main concern is: Does the sever ask for a client certificate or is the html > error message misleading? >
Servers can renegotate an SSL connection and request a client certificate later. This might be due to a script or clcking on a "login" link for example. If you want to analyze this you can try using the -prexit switch to s_client but you also have to manually type in the command to pull the page requesting a client certificate. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
