Hey can you try setting verify depth to Zero and not pointing to any CA cert
i.e SSLCACertificatePath pointing to null?
Thanks
--Gayathri
> Hi Again.,
>
> This is what I found from the "log" file you sent..is this pointing to the
> same CA cert "itcilo-ca.crt, I put it in ssl.crt" ?
>
> debug] ss
Hi Again.,
This is what I found from the "log" file you sent..is this pointing to the
same CA cert "itcilo-ca.crt, I put it in ssl.crt" ?
debug] ssl_engine_init.c(1112): CA certificate:
/C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO
CA/[EMAIL PROTECTED]
[Wed Jul 13 11:48:34 2005] [debug] ssl
Hi.
Have you imported the CA of the client cert on the server side?
A verify depth of 1 has been set, which could mean that the client
cert is self signed? Can you set it to some higher value and try?
Also can you check whether the option "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"?
It looks to me a defini
> The above indicates that. Make sure client cert
> processing is done correctly on the server side. If it
> is a program failure, then you need to get the
> programmer to debug the program.
>
Thank you for your answer. I'm not sure what you intend with "program
failure": the pages served by th
Looks to me that client authentication failed. And
this is most likely due to client cert processing on
the server side:
[notice] child pid 9192 exit signal Segmentation fault
(11)
The above indicates that. Make sure client cert
processing is done correctly on the server side. If it
is a progr
Hi all,
I'm trying to configure client authentication for one of my sites
(SuSe 9.0, apache 2.0.48, openssl-0.9.7b-133 distribution's rpm).
You will find below the steps I'm following, the problem I have is
that, when I go to the page, it first asks me to accept the server's
certificate, then ask
Eric Rescorla wrote:
>
> Götz Babin-Ebell <[EMAIL PROTECTED]> writes:
> > And how gets he the connection IP-Address <-> FQDN ?
> > ->He uses DNS.
> I think you need to reread his message since that's not
> what he says.
Hm:
client authentication. After a successful SSL_accept() I have some
lo
On Wed, 26 Sep 2001 15:21:09 -0700, Michael Sierchio wrote:
>David Schwartz wrote:
>> Sufficient for what? I may not want to send my credit card
>>information to anyone who has a Verisign certificate, but I might be
>>willing to send it to someone who has a Verisign certificate for
>>'www.
David Schwartz wrote:
> Sufficient for what? I may not want to send my credit card information to
> anyone who has a Verisign certificate, but I might be willing to send it to
> someone who has a Verisign certificate for 'www.amazon.com' or has that
> listed as one of the alternate names.
Don Zick wrote:
Hello Don,
> I'm not actually using DNS at all. For the application I'm working with
> the TLS clients and servers must be statically configured with a Fully
> Qualified Domain Name. I match up the statically configured FQDN for a
> client with the DNS name from the client's ce
On Wed, 26 Sep 2001 09:43:02 -0700, Michael Sierchio wrote:
>Don Zick wrote:
>> I have recently started using OpenSSL. (I have found the "SSL and TLS"
>>book by Eric Rescorla to be invaluable.) I am having a problem with
>>client authentication. After a successful SSL_accept() I have some lo
Götz Babin-Ebell <[EMAIL PROTECTED]> writes:
> And how gets he the connection IP-Address <-> FQDN ?
> ->He uses DNS.
I think you need to reread his message since that's not
what he says.
> If he wants to allow user XYZ presenting certificate C_XYZ to
> do some things, all he has to do is look in
Michael Sierchio <[EMAIL PROTECTED]> writes:
> Eric Rescorla wrote:
>
> > There are a number of situations where one wishes to authenticate
> > clients based on their DNS names:
> >
> > (1) SMTP/TLS.
> > (2) Secure remote backup.
> >
> > In such cases the clients often (though not always) have
Eric Rescorla wrote:
>
> Götz Babin-Ebell <[EMAIL PROTECTED]> writes:
>
> > [1 ]
> > Don Zick wrote:
> >
> > Hello Don,
> >
> > > I'm not actually using DNS at all. For the application I'm working with
> > > the TLS clients and servers must be statically configured with a Fully
> > > Qualified
Eric Rescorla wrote:
> There are a number of situations where one wishes to authenticate
> clients based on their DNS names:
>
> (1) SMTP/TLS.
> (2) Secure remote backup.
>
> In such cases the clients often (though not always) have fixed IPs.
Well, I'll be happy when IPv6 is ubiquitous (coming
15 matches
Mail list logo
