httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: SSL deadlock after SSLv3 key exchange A?
Date Thu, 22 Sep 2005 16:03:34 GMT
On Thu, Sep 22, 2005 at 04:07:06PM +0200, Martin Kraemer wrote:
> I have an Apache-2.3 (HEAD revision) server with SSL, and was testing
> a configuration with
>  SSLVerifyClient require
> switched on.
> 
> As long as the SSLCACertificateFile file contained only the cert
> of my own CA, everything was fine:

I can't reproduce any issues with large CA bundles configured here using 
the trunk.  The larger the set of CA roots configured the larger the set 
of names sent in the certificate request, so it's conceivable that this 
triggers some IO handling issue somewhere.

>   % strace /usr/local/apache2/bin/httpd -X
>   ...
>   write(10, "[Thu Sep 22 15:36:01 2005] [debu"..., 94) = 94
>   poll(<>
> 
>  and at the client side:
> 
>   % strace openssl s_client -CAfile ssl.crt/ca-bundle.crt -cert ssl.crt/server.crt -key
ssl.key/server.key -connect mch00bcm:8443

You do mean to pass the server keypair for client authentication, right?

What is the output with -debug passed to s_client?

joe

Mime
View raw message