httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 48107] New: Mutual Authentication: Order in ca-bundle influences if a client certificate is accepted or not
Date Mon, 02 Nov 2009 19:14:05 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=48107

           Summary: Mutual Authentication: Order in ca-bundle influences
                    if a client certificate is accepted or not
           Product: Apache httpd-2
           Version: 2.2.14
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: Peter.Pichler@csd.at


Created an attachment (id=24463)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=24463)
ca-bundle.crt

When using the client-cert below in your browser (Tryed with IE and Firefox)
and the attached ca-bundle.crt in your apache... an SSL Error

In Log:
[Mon Nov 02 17:10:49 2009] [error] Certificate Verification: Error (20): unable
to get local issuer certificate

In Firefox an error message containing "ssl_error_bad_cert_alert"

When removing (!) the first certificate of the ca-bundle (which has nothing to
do with the client certificate) it is possible to authenticate using the
client-cert. There are also some other possible changes in the order within
ca-bundle with the same effect.

The problem was detected in apache 2.2.11... but exists still in 2.2.14....

-----BEGIN CERTIFICATE-----
MIIC1jCCAb4CAQIwDQYJKoZIhvcNAQEEBQAwcDEiMCAGA1UEAxMZcG9ydGFsLmxm
cnouYXQgQ2xpZW50LUNBMTENMAsGA1UECBMEV2llbjELMAkGA1UEBhMCQVQxHzAd
BgkqhkiG9w0BCQEWEGhlbHBkZXNrQGxmcnouYXQxDTALBgNVBAoTBExGUlowHhcN
MDgxMDAzMTQ0NDAzWhcNMTMxMDAyMTQ0NDAzWjB2MR4wHAYDVQQDExVDbGllbnQg
Q2VydGlmaWNhdGUgMDIxDTALBgNVBAgTBFdpZW4xCzAJBgNVBAYTAkFUMRAwDgYJ
KoZIhvcNAQkBFgEuMQ0wCwYDVQQKEwRMRlJaMRcwFQYDVQQLEw5wb3J0YWwubGZy
ei5hdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0pF23/iTs1qLxl8gn0wH
01BzHd4eLprbBosy9zvhEmokEuqxZfvl5Ce0F8q7ZqGMFrfRK7ljux6B+Hqh0pDr
2WhssC0sDRzrvya/1IL0QxkGNbPkPk823nn9dYllNu2z8d0T35tLuW/G44xcNFeD
Cv2cRMbS9CUAzAz9ocG81K0CAwEAATANBgkqhkiG9w0BAQQFAAOCAQEAuhXs5i1S
AOCMNUM78TfAPh0lUIenTJB9n/K5wb/LsrkMF+SbXbE4YtRTBHERTCBys46l660K
lJMi1rryNVu+HmKa1SpfMJwPr+EMTLvDKkRghSgtCIGU4L/b05hmU5eFfKPsHXKO
a2MNJR23Rmmiv+r+x0gIRz54dek7zqxpCBf8373kzVR7yNLPaaVxRJ5a6Sm6U53w
QjZHpaZt8izcv1W7xhFCsV/XCauGFKX/qyGtN9oajtJhmEMdganQVCDsnl5YfpRl
sWBr0E3GY4HNRpOm1lFyFqSdnrPriYkypP6gUFs/g92eg4+jiBEku/tVkOMkrBTR
kw3B+c6K0T5Eig==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDSkXbf+JOzWovGXyCfTAfTUHMd3h4umtsGizL3O+ESaiQS6rFl
++XkJ7QXyrtmoYwWt9EruWO7HoH4eqHSkOvZaGywLSwNHOu/Jr/UgvRDGQY1s+Q+
Tzbeef11iWU27bPx3RPfm0u5b8bjjFw0V4MK/ZxExtL0JQDMDP2hwbzUrQIDAQAB
AoGAAZf4PlmzRHg69pVhudLpfD/vnxo/QDsLzVDgYd6iJXGINFxyW0M8yi1Cv6tZ
H725QbLCcoJErvXcJfVHpEBUiJ0ttZuOAQzX5lbAti55QDaV0gw44wbUYuctj5RE
DMZNJ/uYs/S4wfrHD67KARb1wYIkRI/eXoFXXQqCV4se9EECQQDucUStIuif1uCq
lJXWmoe1/M/vivpePgWISn3VMw2/oPvrGvJjtA7ycH7aD9S4t+kDM0Hkl8DZGygt
x9Bmhb03AkEA4hLBjrAOX7AhPrk21e8ODVeFvrR95ONO2K96498LECye2NggGEGg
aCe0QfGY7ddHMTxC0DPIF1HUdCyAFcwPOwJAekWdSQeYsLaY2QB+4eC2bQ1qd9UV
1JQLdDt20YhvqW/dH0/fMl+YNpyXgC0UEXFFzP1Q8e8b1nlFnkxTwu8b+wJARHsB
/sL916Z2q5VXMv6y9v+oF9h8ujTQ0Xp2c0hBBak+hNkS/8YBXQuJ4t/YP1OS0Ss7
4e2NkuLKxFYmhnPFuQJBAK3P4IP/Slv4GnDKPZwfZ3Hj0DEwnObmfRD698eiWlKV
4btnBUUJ1bkctm7fwnOWwNE5MviAf8sGh2bk20Xbu+M=
-----END RSA PRIVATE KEY-----

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message