Chinaunix首页 | 论坛 | 博客
  • 博客访问: 7740171
  • 博文数量: 637
  • 博客积分: 10265
  • 博客等级: 上将
  • 技术积分: 6165
  • 用 户 组: 普通用户
  • 注册时间: 2004-12-12 22:00
文章分类

全部博文(637)

文章存档

2011年(1)

2010年(1)

2009年(3)

2008年(12)

2007年(44)

2006年(156)

2005年(419)

2004年(1)

分类: 系统运维

2005-05-24 20:10:38

CA验证的,当初找到的文章

Mario Truyens wrote:
>
> Hi,
>
> I have a problem using SSLCACertificatePath.
>
> I have a PEM encoded CA certificate in directory /certs, called class1.pem.
> When I use 'SSLCACertificateFile /certs/class1.pem' everything works fine
> and client authentication is possible.
>
> However, when I do the following:
> $ cd /certs
> $ ssleay x509 -noout -hash < class1.pem
> 12345678
> $ ln -s class1.pem 12345678.0
> and remove 'SSLCACertificateFile ...' and add
> 'SSLCACertificatePath /certs', client authentication fails?
>
> I get this message in the error_log:
> [Tue Nov 10 16:28:31 1998] [error] verify error:num=19:self signed certificate in certificate chain
> [Tue Nov 10 16:28:31 1998] [error] SSL_accept failed
> [Tue Nov 10 16:28:31 1998] [error] error:140890B1:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned
>
> I use both Server and Client authentication. Note that the server certificate is self signed
> which may explain the first message. The CA certificate though is a valid one.
> The same for the client certificate.
> Versions are apache_1.3.3+ssl_1.28 and SSLeay-0.9.0b. Platform is Solaris 2.5.1.
>
> Has anyone a clue what's going on?

Yes - we've looked into this and it appears to be related to the way the
newer browsers handle client certificate passing - Ben is currently
working on a fix which should take care of it.

Apologies for not replying to all the postings on this subject direct,
as I know there have been a couple - this is just the one that came to
hand...

> P.S.: I know I can concatenate multiple CA certificates into one file,
> but I prefer the hash method.

This is the workaround for now.

Cheers,
Adam
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Digital Ltd. Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage
London W4 4GB
UNITED KINGDOM PGP key on keyservers
阅读(2482) | 评论(0) | 转发(0) |
0

上一篇:Filesystem Tuning Options

下一篇:ssl.crt/Makefile

给主人留下些什么吧!~~