Hello, > > We have developed an application that joins with a TPV, > but when the TPV invoke a URL under https, the apache shows an error. > > If we access to the same URL with a browser, we haven’t got any > problem. We have put SSLLogLevel to debug and we have made same tests > to access to the same URL under https. Here, we show some fragments of > ssl_engine_log. > > > > 1. When the TPV access to the application > > > > [26/Nov/2007 13:58:35 05083] [info] Connection to child 11 > established (server www.dipuleon.es:443, client 195.76.9.182) > > [26/Nov/2007 13:58:35 05083] [info] Seeding PRNG with 1164 bytes of > entropy > > [26/Nov/2007 13:58:35 05083] [trace] OpenSSL: Handshake: start > > [26/Nov/2007 13:58:35 05083] [trace] OpenSSL: Loop: before/accept > initialization > > [26/Nov/2007 13:58:35 05083] [debug] OpenSSL: read 11/11 bytes from > BIO#006CAE60 [mem: 006D07C0] (BIO dump follows) > > +-------------------------------------------------------------------------+ > > Binario > > +-------------------------------------------------------------------------+ > > [26/Nov/2007 13:58:35 05083] [debug] OpenSSL: read 99/99 bytes from > BIO#006CAE60 [mem: 006D07CB] (BIO dump follows) > > +-------------------------------------------------------------------------+ > > Binario > > +-------------------------------------------------------------------------+ > > [26/Nov/2007 13:58:35 05083] [trace] OpenSSL: Loop: SSLv3 read client > hello A > > [26/Nov/2007 13:58:35 05083] [trace] OpenSSL: Loop: SSLv3 write server > hello A > > [26/Nov/2007 13:58:35 05083] [trace] OpenSSL: Loop: SSLv3 write > certificate A > > [26/Nov/2007 13:58:35 05083] [trace] OpenSSL: Loop: SSLv3 write server > done A > > [26/Nov/2007 13:58:35 05083] [debug] OpenSSL: write 3990/3990 bytes to > BIO#006CAE60 [mem: 006DE9B0] (BIO dump follows) > > +-------------------------------------------------------------------------+ > > Binario > > +-------------------------------------------------------------------------+ > > [26/Nov/2007 13:58:35 05083] [trace] OpenSSL: Loop: SSLv3 flush data > > [26/Nov/2007 13:58:35 05083] [debug] OpenSSL: read 5/5 bytes from > BIO#006CAE60 [mem: 006D07C0] (BIO dump follows) > > +-------------------------------------------------------------------------+ > > | 0000: 15 03 00 00 02 ..... > | > > +-------------------------------------------------------------------------+ > > [26/Nov/2007 13:58:35 05083] [debug] OpenSSL: read 2/2 bytes from > BIO#006CAE60 [mem: 006D07C5] (BIO dump follows) > > +-------------------------------------------------------------------------+ > > | 0000: 02 2a .* > | > > +-------------------------------------------------------------------------+ > > [26/Nov/2007 13:58:35 05083] [trace] OpenSSL: Read: SSLv3 read client > certificate A > > [26/Nov/2007 13:58:35 05083] [trace] OpenSSL: Exit: failed in SSLv3 > read client certificate A > > [26/Nov/2007 13:58:35 05083] [error] SSL handshake failed (server > www.dipuleon.es:443, client 195.76.9.182) (OpenSSL library error > follows) > > [26/Nov/2007 13:58:35 05083] [error] OpenSSL: error:14094412:SSL > routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN > in certificate not server name or identical to CA!?] This looks like your application (TPV) is not accepting server certificate. Server is not requesting client (TPV) certificate. You should look at client side and check why server certificate is not accepted (lack of CA cert, unsupported public keys in server cert, certificate expired, ...)
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
