I recently had the same issue that was resolved when I changed Apache to use 0.9.7k.
-----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Adam Grossman Sent: Wednesday, January 27, 2010 5:01 PM To: openssl-users@openssl.org Subject: renegotiation with client certificate hello. I am having trouble getting my server renegotiation working with client certificates. Without certificates, it works fine. The one thing is that the server initially does not need a client cert, but it does during renegotiation (a requirement i have that is out of my hands). i am using 0.9.7d. The server talks to a web browser. This is what i am doing (leaving out the error handling): SSL_set_verify(ssl, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT , NULL); SSL_renegotiate(ssl); SSL_do_handshake(ssl); ssl->state=SSL_ST_ACCEPT; SSL_do_handshake(ssl); when it renegotiates, the browser says "The site requested you to identify yourself with a certificate". but then the 2nd handshake gives the error: 1780:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2010: i even looked at mod_ssl, and it seems to be doing the samething. what am i missing? thanks everyone once again, -=- adam grossman ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
