Return-Path: 
 <bugs-return-3495-apmail-httpd-bugs-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-bugs-archive@httpd.apache.org
Received: (qmail 56832 invoked by uid 500); 9 Oct 2002 08:58:21 -0000
Mailing-List: contact bugs-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:bugs@httpd.apache.org>
List-Help: <mailto:bugs-help@httpd.apache.org>
List-Unsubscribe: <mailto:bugs-unsubscribe@httpd.apache.org>
List-Subscribe: <mailto:bugs-subscribe@httpd.apache.org>
Reply-To: "Apache HTTPD Bugs Notification List" <bugs@httpd.apache.org>
Delivered-To: mailing list bugs@httpd.apache.org
Received: (qmail 56821 invoked from network); 9 Oct 2002 08:58:20 -0000
Date: 9 Oct 2002 08:59:16 -0000
Message-ID: <20021009085916.24794.qmail@nagoya.betaversion.org>
From: bugzilla@apache.org
To: bugs@httpd.apache.org
Cc: 
Subject: DO NOT REPLY [Bug 13444] New:  -
    Cannot display SSL v3 protected page under IE6/Win2000
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13444>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13444

Cannot display SSL v3 protected page under IE6/Win2000

           Summary: Cannot display SSL v3 protected page under IE6/Win2000
           Product: Apache httpd-2.0
           Version: 2.0.42
          Platform: PC
               URL: http://typoon.dyndns.org/manual/
        OS/Version: Windows XP
            Status: NEW
          Severity: Blocker
          Priority: Other
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: typoon@free.fr


Hi,

Having compiled Apache 2.0.43/mod_ssl 2.0.43/OpenSSL 0.9.6g on WinXP and re-
using my old 2.0.40 httpd.conf and ssl.conf.

Trying to access a protected directory (SSLVerifyClient require) with IE6 xpsp1 
on my XP box correctly prompts for the client certificate but doing the same 
with IE6sp1/Win2000 sp3 fails with a 'cannot find server or DNS' page.

Accessing non-protected directory (with just SSL server auth, not client) works 
fine.

Debug logs says (important entries) :
[debug] ssl_engine_kernel.c(553): Changed client verification type will force 
renegotiation
[info] Requesting connection re-negotiation
[debug] ssl_engine_kernel.c(781): Performing full renegotiation: complete 
handshake protocol
...
[info] Awaiting re-negotiation handshake
...
[debug] ssl_engine_kernel.c(1878): OpenSSL: Exit: failed in SSLv3 read client 
certificate A
[error] Re-negotiation handshake failed: Not accepted by client!?

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org