httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <mar...@apache.org>
Subject Re: SSL deadlock after SSLv3 key exchange A?
Date Thu, 22 Sep 2005 16:37:48 GMT
On Thu, Sep 22, 2005 at 06:24:05PM +0200, Martin Kraemer wrote:
> > What is the output with -debug passed to s_client?
> (appended. Used with the original setup:
>   * global "SSLVerifyClient require"
>   * 4000+ line ca-bundle file
>   * client invocation:
>     % openssl s_client -debug -CAfile ssl.crt/ca-bundle.crt -cert ~/martin+sslclient@mch00bcm.mch.fsc.net-cert.pem
-key ~/martin+sslclient@mch00bcm.mch.fsc.net-key.pem -connect mch00bcm:8443
>     <<bigbundle.txt>>
> )

bigbundle.txt was incomplete because of the missing fflush -- it
ended in:

> 0b10 - 16 06 03 55 04 0a 13 0f-47 54 45 20 43 6f 72 70   ...U....GTE Corp
> 0b20 - 6f 72 61 74 69 6f 6e 31-27 30 25 06 03 55 04 0b   oration1'0%..U..
> 0b30 - 13 1e 47 54 45 20 43 79-62 65 72 54 72 75 73 74   ..GTE CyberTrust
> 0b40 - 20 53 6f 6c 75 74 69 6f-6e 73 2c 20 49 6e 63

When debugging to stdout, the missing end looks something like this:
0d20 - 13 1c 28 63 29 20 31 39-39 39 20 45 6e 74 72 75   ..(c) 1999 Entru
0d30 - 73 74 2e 6e 65 74 20 4c-69 6d 69 74 65 64 31 3a   st.net Limited1:
0d40 - 30 38 06 03 55 04 03 13-31 45 6e 74 72 75 73 74   08..U...1Entrust
0d50 - 2e 6e 65 74 20 53 65 63-75 72 65 20 53 65 72 76   .net Secure Serv
0d60 - 65 72 20 43                                       er C
read from 080AFCB8 [080EC461] (5558 bytes => 0 (0x0))
1282:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:

so there are no more trace data being exchanged after the CA cert
exchange.

  Martin
-- 
<Martin.Kraemer@Fujitsu-Siemens.com>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-48332 | 81730  Munich,  Germany

Mime
View raw message