Re: [apache-ssl] no client certificate ??

To: apache-ssl@lists.aldigital.co.uk
Subject: Re: [apache-ssl] no client certificate ??
From: Ben Laurie <ben@algroup.co.uk>
Date: Wed, 02 Sep 1998 12:08:32 +0100
Delivered-To: mailing list apache-ssl@lists.aldigital.co.uk
Mailing-List: contact apache-ssl-help@lists.aldigital.co.uk; run by ezmlm
Organization: http://www.apache-ssl.org
Organization: A.L. Group plc
References: <35ED0F6A.E8070C4D@secude.com>
Reply-To: apache-ssl@lists.aldigital.co.uk

Michael Voucko wrote:
> 
> Hi *,
> 
> I have a little problem :
> We are running apache1.2 with ssleay 0.8.0. In the httpds.conf the
> directive
>     SSLVerifyClient    2
> is set so no connection should be possible if the client delivers no
> certificate or the server is unable to verify the certificate against a
> trusted CA.
> Now to the strange thing, when I connect with Communicator to the server
> all works fine, the browser shows me a secure connection the way it
> should be. But now what the logfiles talk about this connections
> 
> access_log :
> 141.12.207.13 - - [02/Sep/1998:10:49:12 +0200] "GET / HTTP/1.0" 200 1976
> 
> 141.12.207.13 - - [02/Sep/1998:10:49:14 +0200] "GET /links.JPG HTTP/1.0"
> 200 11225
> 141.12.207.13 - - [02/Sep/1998:10:49:14 +0200] "GET /info.gif HTTP/1.0"
> 200 2745
> 141.12.207.13 - - [02/Sep/1998:10:49:14 +0200] "GET /email.gif HTTP/1.0"
> 200 211
> 141.12.207.13 - - [02/Sep/1998:10:49:14 +0200] "GET /support.gif
> HTTP/1.0" 200 264247
> 141.12.207.13 - - [02/Sep/1998:10:49:14 +0200] "GET /gmbh.JPG HTTP/1.0"
> 200 5799
> 141.12.207.13 - - [02/Sep/1998:10:49:18 +0200] "GET /products.JPG
> HTTP/1.0" 200 3809
> 141.12.207.13 - - [02/Sep/1998:10:49:19 +0200] "GET /secude-gmbh-89a.gif
> HTTP/1.0" 200 2017
> 141.12.207.13 - - [02/Sep/1998:10:49:19 +0200] "GET /partner.JPG
> HTTP/1.0" 200 3782
> 
> ssl_log :
> [02/Sep/1998:10:49:12 +0200] 3 EXP-RC4-MD5
> [02/Sep/1998:10:49:14 +0200] 3 EXP-RC4-MD5
> [02/Sep/1998:10:49:14 +0200] 3 EXP-RC4-MD5
> [02/Sep/1998:10:49:14 +0200] 3 EXP-RC4-MD5
> [02/Sep/1998:10:49:14 +0200] 3 EXP-RC4-MD5
> [02/Sep/1998:10:49:14 +0200] 3 EXP-RC4-MD5
> [02/Sep/1998:10:49:18 +0200] 3 EXP-RC4-MD5
> [02/Sep/1998:10:49:19 +0200] 3 EXP-RC4-MD5
> [02/Sep/1998:10:49:19 +0200] 3 EXP-RC4-MD5
> 
> error_log :
> [Wed Sep  2 10:49:12 1998] No client certificate
> [Wed Sep  2 10:49:18 1998] No client certificate
> [Wed Sep  2 10:49:19 1998] No client certificate
> [Wed Sep  2 10:49:19 1998] No client certificate
> 
> My Problem is the "no client certificate" in the errorlog.
> How could this happen when the SSLVerifyClient directive is set to 2 ?
> Or is the logging not correct ?

Have you got the browser set to prompt for a cert? Could it be that it
tries once without a cert and then again with?

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
and Technical Director|Email: ben@algroup.co.uk |
A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/

WE'RE RECRUITING! http://www.aldigital.co.uk/

Follow-Ups:
- Re: [apache-ssl] no client certificate ??
  - From: Michael Voucko <voucko@secude.com>

References:
- no client certificate ??
  - From: Michael Voucko <voucko@secude.com>

Prev by Date: no client certificate ??
Next by Date: Re: [apache-ssl] no client certificate ??
Prev by thread: no client certificate ??
Next by thread: Re: [apache-ssl] no client certificate ??
Index(es):
- Date
- Thread