123931 – openssl: After upgrading from 0.97e to 0.97i SSLVerifyClient in mod_ssl fails

Bug 123931 - openssl: After upgrading from 0.97e to 0.97i SSLVerifyClient in mod_ssl fails

Summary: openssl: After upgrading from 0.97e to 0.97i SSLVerifyClient in mod_ssl fails

Status:	RESOLVED DUPLICATE of bug 114610

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Apache Team - Bugzilla Reports

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-02-24 06:39 UTC by Martin Lesser
Modified:	2007-02-03 10:33 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Lesser 2006-02-24 06:39:58 UTC

Connections to virtual hosts with SSLVerifyClient other than "none" are no longer possible. Tried connections to apache with s_client, curl and konqueror (all of them having an appropriate client-cert installed).

apache's ssl-error.log (with LogLevel debug) says:

[Fri Feb 24 15:27:26 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Loop: SSLv3 write hello request C
[Fri Feb 24 15:27:26 2006] [info] Awaiting re-negotiation handshake
[Fri Feb 24 15:27:26 2006] [debug] ssl_engine_kernel.c(1779): OpenSSL: Handshake: start
[Fri Feb 24 15:27:26 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Loop: before accept initialization
...
[Fri Feb 24 15:27:26 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Loop: SSLv3 read client hello A
[Fri Feb 24 15:27:26 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Loop: SSLv3 write server hello A
[Fri Feb 24 15:27:26 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Loop: SSLv3 write certificate A
[Fri Feb 24 15:27:26 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Loop: SSLv3 write certificate request A
[Fri Feb 24 15:27:26 2006] [debug] ssl_engine_kernel.c(1787): OpenSSL: Loop: SSLv3 flush data
[Fri Feb 24 15:32:26 2006] [debug] ssl_engine_kernel.c(1816): OpenSSL: Exit: error in SSLv3 read client certificate A
[Fri Feb 24 15:32:26 2006] [error] Re-negotiation handshake failed: Not accepted by client!?


The certs used at server and client were verified with openssl verify (and worked until the update 3 days ago without any problems). A re-emerge of apache (and mod_ssl) did not solve the problem.

Comment 1 Michael Stewart (vericgar) (RETIRED) gentoo-dev

2006-03-05 19:05:06 UTC

Please rebuild apr, apr-util, apache, and all add-on modules and see if the problem goes away.

Comment 2 Martin Lesser 2006-03-07 01:34:40 UTC

Rebuilding apr, apr-util, apache2, all modules and restarting apache2 did not fix it.

[Tue Mar 07 10:21:24 2006] [info] Initial (No.1) HTTPS request received for child 7 (server xxxxxx.xxxxxxxxx.xx:443)
[Tue Mar 07 10:21:24 2006] [info] Requesting connection re-negotiation
[Tue Mar 07 10:21:24 2006] [info] Awaiting re-negotiation handshake
[Tue Mar 07 10:22:23 2006] [error] Re-negotiation handshake failed: Not accepted by client!?

Comment 3 Michael Stewart (vericgar) (RETIRED) gentoo-dev

2006-06-04 21:16:31 UTC

Possible duplicate of bug 114610.

Comment 4 Jakub Moc (RETIRED) gentoo-dev

2007-02-03 10:33:25 UTC


*** This bug has been marked as a duplicate of bug 114610 ***