Apache and client certificate on NetBSD 5.0.2

To: netbsd-users%netbsd.org@localhost
Subject: Apache and client certificate on NetBSD 5.0.2
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Sun, 27 Jun 2010 12:00:35 +0200

Hello

I have an Apache that performed client certificate authentication some
time ago. Here is the relevant part of httpd.conf:

SSLCaCertificateFile /etc/openssl/certs/ca.crt 
<Location /test.php>
  SSLVerifyClient require
  SSLUserName SSL_CLIENT_S_DN
</Location>

That used to work, but now the connexion aborts, and Apache logs say:
"Re-negotiation handshake failed: Not accepted by client!?"

It seems it happens for any client: I tried latest Firefox and Safari on
the a MacOS X machine, and wget on the same machine Apache is running
on.

I suspect this is the workaround for the TLS renegociation bug that
turned bad. A search on the web leads to this thread:
http://www.mail-archive.com/openssl-users%openssl.org@localhost/msg59997.html

And in the thread we get this fix:
http://cvs.openssl.org/chngview?cn=19145

I tried applying it to NetBSD-5.0.2 in-tree openssl. It needs a minor
tweaks, but that does not solve the problem: the same problem happens
with the patched libssl.

Any idea, anyone?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Prev by Date: fuse-afpfs-ng: Could not find /dev/fuse0
Next by Date: Samba Performance problem
Previous by Thread: fuse-afpfs-ng: Could not find /dev/fuse0
Next by Thread: Samba Performance problem
Indexes:

Home | Main Index | Thread Index | Old Index