Perhaps someone can help me now. I tried a couple of things last week to
solve my problem, but none of them worked. Now I am running SSL in
debug-mode, so here is a little bit more of the error (this is just a small
extract out of the log-file, the logging goes further, but i think here is
the main
Okay, my certs are looking okay now (if i want to believe "openssl verify").
But still no chance to get in. Now it says after "GET /demo/index.html
HTTP/1.0":
SSL_connect:SSL renegotiate ciphers
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1
/C=DE/ST=test/L=
On Thu, Apr 28, 2005, Sven Löschner wrote:
> Okay, first I changed the ns-entries with keyusage, then i put them in both.
> None of these works:
>
> Server:
>
> X509v3 extensions:
> X509v3 Basic Constraints:
> CA:FALSE
> Netscape Cert Type:
> SSL
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David C. Partridge
Sent: Donnerstag, 28. April 2005 18:04
To: openssl-users@openssl.org
Subject: RE: SSLVerifyClient
Also I'm surprised to see V3 cert with no KeyUsage section ...
It would also would be more normal t
D] On Behalf Of Sven Löschner
Sent: 28 April 2005 16:26
To: openssl-users@openssl.org
Subject: RE: SSLVerifyClient
> If you can post the output of:
>
> openssl x509 -in cert.pem -text -noout
Okay, this comes out with the server.pem (I shortend the Algorithm-Tables
with "...":
Type:
SSL Client, SSL Server, S/MIME
Netscape Comment:
OpenSSL Generated Certificate
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sven Löschner
Sent: 28 April 2005 16:26
To: openssl-users@openssl.org
Subject: RE
> If you can post the output of:
>
> openssl x509 -in cert.pem -text -noout
Okay, this comes out with the server.pem (I shortend the Algorithm-Tables
with "...":
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4 (0x4)
Signature Algorithm: md5WithRSAEncryption
On Thu, Apr 28, 2005, Sven Löschner wrote:
> > could you verify this with
> > openssl verify -CAfile cacert.pem -purpose sslserver server.pem and while
> you at it:
> > openssl verify -CAfile cacert.pem -purpose sslclient user.pem
>
>
> I guess i should look at my Server-Cert, because with "open
> could you verify this with
> openssl verify -CAfile cacert.pem -purpose sslserver server.pem and while
you at it:
> openssl verify -CAfile cacert.pem -purpose sslclient user.pem
I guess i should look at my Server-Cert, because with "openssl verify
-CAfile cacert.pem -purpose sslserver server.pe
Sven Löschner wrote:
What result do you get by an
openssl s_client -connect test.net:443 \
-CAfile cacert.pem -verify 5 \
-cert user.pem -key user.key \
-reconnect -showcerts -state -bugs
?
with a input
GET /demo/index.html HTTP/1.0
I get:
SSL_connect:SSL renegotiate
> What result do you get by an
> openssl s_client -connect test.net:443 \
> -CAfile cacert.pem -verify 5 \
> -cert user.pem -key user.key \
> -reconnect -showcerts -state -bugs
>
> ?
>
> with a input
> GET /demo/index.html HTTP/1.0
I get:
SSL_connect:SSL rene
Sven Löschner wrote:
You set this with SSLCACertificateFile...
Sorry, but didn't help.
Hm.
What result do you get by an
openssl s_client -connect test.net:443 \
-CAfile cacert.pem -verify 5 \
-cert user.pem -key user.key \
-reconnect -showcerts -state -bugs
?
with a i
> You set this with SSLCACertificateFile...
Sorry, but didn't help.
Sven
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated
Sven Löschner wrote:
Hello,
I am using openSSL 0.9.7b on a SuSE 9.0 machine.
I try to configure a site using Client-Verify. But in IE I get an endless
loop, and in Firefox I get "Error -8101". The Log-File says
[error] Re-negotiation handshake failed: Not accepted by client!?
chid pid 10800 exi
14 matches
Mail list logo
