NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Apache and client certificate on NetBSD 5.0.2


I have an Apache that performed client certificate authentication some
time ago. Here is the relevant part of httpd.conf:

SSLCaCertificateFile /etc/openssl/certs/ca.crt 
<Location /test.php>
  SSLVerifyClient require

That used to work, but now the connexion aborts, and Apache logs say:
"Re-negotiation handshake failed: Not accepted by client!?"

It seems it happens for any client: I tried latest Firefox and Safari on
the a MacOS X machine, and wget on the same machine Apache is running

I suspect this is the workaround for the TLS renegociation bug that
turned bad. A search on the web leads to this thread:

And in the thread we get this fix:

I tried applying it to NetBSD-5.0.2 in-tree openssl. It needs a minor
tweaks, but that does not solve the problem: the same problem happens
with the patched libssl.

Any idea, anyone?

Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index