Re: Certificate Verification: Error (7): certificate signature failure

Wed, 08 Jul 2009 06:53:17 -0700 

Further information:
I have disabled the ssl session cache and keepalives and am now able to trigger this issue within a few page calls. I have also set the apache log to debug and this is what is recorded from the server side. 


At this point, considering I am seeing this across multiple types of 
server hardware (AMD and Intel), client programs (IE and openssl 
s_client), and Linux distributions (Gentoo and Debain), I believe the 
fault is either openssl or apache - perhaps because they are compiled 64 
bit.  I will set up a 32 bit install with everything else identical and 
see if I can duplicate the issue in a 32 bit environment.


Server log failed:


[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_kernel.c(1190): 
Certificate Verification: depth: 1, subject: <additional text deleted>
[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_kernel.c(1190): 
Certificate Verification: depth: 0, subject: <additional text deleted>
[Wed Jul 08 08:42:20 2009] [error] Certificate Verification: Error (7): 
certificate signature failure
[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_kernel.c(1770): OpenSSL: 
Write: SSLv3 read client certificate B
[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_kernel.c(1789): OpenSSL: 
Exit: error in SSLv3 read client certificate B
[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_kernel.c(1789): OpenSSL: 
Exit: error in SSLv3 read client certificate B
[Wed Jul 08 08:42:20 2009] [info] [client 10.10.10.31] SSL library error 
1 in handshake (server 10.10.10.4:443)
[Wed Jul 08 08:42:20 2009] [info] SSL Library Error: 218910881 
error:0D0C50A1:lib(13):func(197):reason(161)
[Wed Jul 08 08:42:20 2009] [info] SSL Library Error: 336105650 
error:140890B2:lib(20):func(137):reason(178)
[Wed Jul 08 08:42:20 2009] [info] [client 10.10.10.31] Connection closed 
to child 0 with abortive shutdown (server 10.10.10.4:443)


Server log working:


[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_kernel.c(1190): 
Certificate Verification: depth: 1, subject: <additional text deleted>
[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_kernel.c(1190): 
Certificate Verification: depth: 0, subject: <additional text deleted>
[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: 
Loop: SSLv3 read client certificate A
[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: 
Loop: SSLv3 read client key exchange A
[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: 
Loop: SSLv3 read certificate verify A
[Wed Jul 08 08:42:20 2009] [debug] ssl_engine_io.c(1817): OpenSSL: read 
5/5 bytes from BIO#a65240 [mem: a52de0] (BIO dump follows)


Jon
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to