Not sure if the problem I had it is the same as yours, but I meant 0.9.8k ( not 7k ).
I first verified my setup was working ( certs were correct, etc. ) by setting up client-side SSL for the whole VirtualHost once that worked, I changed it to be only for a specific location where it had to renegotiate and it failed ( until switching to 0.9.8k ). I don't know what your server application does, but maybe you could do something similar where you could verify the everything without renegotiation ... just to narrow down that it is the renegotiation causing a problem and not the rest of the setup ? -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Adam Grossman Sent: Wednesday, January 27, 2010 9:37 PM To: openssl-users@openssl.org Subject: RE: renegotiation with client certificate i just tried 0.9.7m, and to no avail. i double checked my certs, i made sure my CA cert on the server is correct, and i am still getting the same error on the server and the browser is giving to "Peer does not recognize and trust the CA that issued your certificate." thanks, -=- adam grossman On Wed, 2010-01-27 at 17:53 -0500, Brett Schoppert wrote: > I recently had the same issue that was resolved when I changed Apache to use > 0.9.7k. > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Adam Grossman > Sent: Wednesday, January 27, 2010 5:01 PM > To: openssl-users@openssl.org > Subject: renegotiation with client certificate > > hello. > > I am having trouble getting my server renegotiation working with client > certificates. Without certificates, it works fine. The one thing is > that the server initially does not need a client cert, but it does > during renegotiation (a requirement i have that is out of my hands). > > i am using 0.9.7d. > > The server talks to a web browser. This is what i am doing (leaving out > the error handling): > > SSL_set_verify(ssl, SSL_VERIFY_PEER |SSL_VERIFY_FAIL_IF_NO_PEER_CERT , > NULL); > SSL_renegotiate(ssl); > SSL_do_handshake(ssl); > ssl->state=SSL_ST_ACCEPT; > SSL_do_handshake(ssl); > > when it renegotiates, the browser says "The site requested you to > identify yourself with a certificate". but then the 2nd handshake gives > the error: > > 1780:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no > certificate returned:s3_srvr.c:2010: > > i even looked at mod_ssl, and it seems to be doing the samething. what > am i missing? > > thanks everyone once again, > -=- adam grossman > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
