Return-Path: 
 <users-return-91412-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 10858 invoked from network); 29 Oct 2009 15:25:08 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 29 Oct 2009 15:25:08 -0000
Received: (qmail 26025 invoked by uid 500); 29 Oct 2009 15:25:03 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 25981 invoked by uid 500); 29 Oct 2009 15:25:03 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 25969 invoked by uid 99); 29 Oct 2009 15:25:03 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Oct 2009 15:25:03 +0000
X-ASF-Spam-Status: No, hits=-6.0 required=5.0
	tests=AWL,BAYES_00,RCVD_IN_DNSWL_MED,WEIRD_PORT
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: local policy)
Received: from [15.192.0.45] (HELO g5t0008.atlanta.hp.com) (15.192.0.45)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 29 Oct 2009 15:24:57 +0000
Received: from G3W0631.americas.hpqcorp.net (g3w0631.americas.hpqcorp.net
 [16.233.59.15])
	(using TLSv1 with cipher RC4-MD5 (128/128 bits))
	(No client certificate requested)
	by g5t0008.atlanta.hp.com (Postfix) with ESMTPS id B70A124240
	for <users@httpd.apache.org>; Thu, 29 Oct 2009 15:24:35 +0000 (UTC)
Received: from G5W0325.americas.hpqcorp.net (16.228.8.67) by
 G3W0631.americas.hpqcorp.net (16.233.59.15) with Microsoft SMTP Server (TLS)
 id 8.2.176.0; Thu, 29 Oct 2009 15:23:47 +0000
Received: from GVW0670EXC.americas.hpqcorp.net ([16.230.34.2]) by
 G5W0325.americas.hpqcorp.net ([16.228.8.67]) with mapi; Thu, 29 Oct 2009
 15:23:46 +0000
From: "Berube, Steve (HP Software)" <steve.berube@hp.com>
To: "users@httpd.apache.org" <users@httpd.apache.org>
Date: Thu, 29 Oct 2009 15:23:37 +0000
Thread-Topic: [users@httpd] Requesting help with Smart Card Client
 Certificate 	Authentication issue.
Thread-Index: AcpXEXyOPNSywGt0QuqnkakCexrqZAAAAzkgAAAbx7AAZgwCgAAASZ9w
Message-ID: 
 <0DB0A9658DAFEF4E80391E813663D73456EFC93EB2@GVW0670EXC.americas.hpqcorp.net>
References: 
 <0DB0A9658DAFEF4E80391E813663D73456EFA5D473@GVW0670EXC.americas.hpqcorp.net>
	 <1404e5910910270717k526d7558t721fd684647ab362@mail.gmail.com>
	 <0DB0A9658DAFEF4E80391E813663D73456EFA5D60D@GVW0670EXC.americas.hpqcorp.net>
 <1404e5910910270726q15754228n7b6fb338ab776444@mail.gmail.com>
 <0DB0A9658DAFEF4E80391E813663D73456EFA5D629@GVW0670EXC.americas.hpqcorp.net>
 <0DB0A9658DAFEF4E80391E813663D73456EFA5D62D@GVW0670EXC.americas.hpqcorp.net>
 <0DB0A9658DAFEF4E80391E813663D73456EFC93E92@GVW0670EXC.americas.hpqcorp.net>
In-Reply-To: 
 <0DB0A9658DAFEF4E80391E813663D73456EFC93E92@GVW0670EXC.americas.hpqcorp.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-cr-puzzleid: {D052FBE7-2F95-4FD2-AC6E-1950A99117BE}
x-cr-hashedpuzzle: AIrV AuQ/ A56E Cj5p C1g4 EPtZ E7HO Hc/m HvAa HxZw Hybe
 ILMK IeW0 JM9o J2To
 J4OE;1;dQBzAGUAcgBzAEAAaAB0AHQAcABkAC4AYQBwAGEAYwBoAGUALgBvAHIAZwA=;Sosha1_v1;7;{D052FBE7-2F95-4FD2-AC6E-1950A99117BE};cwB0AGUAdgBlAC4AYgBlAHIAdQBiAGUAQABoAHAALgBjAG8AbQA=;Thu,
 29 Oct 2009 15:23:37
 GMT;UgBFADoAIABbAHUAcwBlAHIAcwBAAGgAdAB0AHAAZABdACAAUgBlAHEAdQBlAHMAdABpAG4AZwAgAGgAZQBsAHAAIAB3AGkAdABoACAAUwBtAGEAcgB0ACAAQwBhAHIAZAAgAEMAbABpAGUAbgB0ACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAACQBBAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AIABpAHMAcwB1AGUALgA=
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: RE: [users@httpd] Requesting help with Smart Card Client
 Certificate 	Authentication issue.

For what it is worth:
Here are the apache logs relating to this issue:

I've XX'ed out IP + YY host name info


Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL: Hands=
hake: start
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: before/accept initialization
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 11/=
11 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 16 03 01 =
00 99 01 00 00-95 03 01                 ...........      |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 147=
/147 bytes from BIO#fd56b0 [mem: fdcc6b] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 4a e9 b2 =
a0 04 fb f1 8e-a3 9c 02 80 3a bc 75 7f  J...........:.u. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0010: 49 18 c8 =
c9 40 f6 44 1c-e6 fc cb 68 52 33 95 ec  I...@.D....hR3.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0020: 20 1c ed =
fc 78 e4 2d dd-9c 30 e6 4e b0 7f c2 5b   ...x.-..0.N...[ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0030: be b2 57 =
e5 0d f2 3b 11-b5 c0 1f f0 a6 5b b1 b5  ..W...;......[.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0040: fb 00 18 =
00 2f 00 35 00-05 00 0a c0 09 c0 0a c0  ..../.5......... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0050: 13 c0 14 =
00 32 00 38 00-13 00 04 01 00 00 34 00  ....2.8.......4. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0060: 00 00 15 =
00 13 00 00 10-72 64 2d 64 62 2e 63 6e  ........rd-db.cn |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0070: 64 2e XX =
XX 2e 63 6f 6d-00 05 00 05 01 00 00 00  d.XX.com........ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0080: 00 00 0a =
00 08 00 06 00-17 00 18 00 19 00 0b 00  ................ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0090: 02 01    =
                                        ..               |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1834): | 0147 - <SPACES/=
NULS>
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(393): ssl_scache_shmc=
b_retrieve (0x1c -> subcache 28)
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(708): shmcb_subcache_=
retrieve found no match
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(408): leaving ssl_sca=
che_shmcb_retrieve successfully
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1721): Inter-Process=
 Session Cache: request=3DGET status=3DMISSED id=3D1CEDFC78E42DDD9C30E64EB0=
7FC25BBEB257E50DF23B11B5C01FF0A65BB1B5FB (session renewal)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1951): [client XX.XX=
.11.89] SSL virtual host for servername rd-db.cnd.YY.com found
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 read client hello A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 write server hello A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 write certificate A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 write server done A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 flush data
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5=
 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 16 03 01 =
00 86                                   .....            |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 134=
/134 bytes from BIO#fd56b0 [mem: fdcc65] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 10 00 00 =
82 00 80 00 c3-88 5e 6d c0 7e cd 4c b7  .........^m.~.L. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0010: 32 11 13 =
05 4c 11 92 b6-84 ce 1d 43 08 ff bf 63  2...L......C...c |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0020: dd 99 89 =
a8 86 5e e5 6f-d2 a7 f4 5a 83 c6 7d 5f  .....^.o...Z..}_ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0030: bc 93 f8 =
bc 11 2e ff fd-79 89 fa a1 70 1d 13 ef  ........y...p... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0040: 88 c5 34 =
62 a3 c5 f3 35-91 0b bf f4 00 0a 25 46  ..4b...5......%F |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0050: f3 01 f0 =
79 ca 67 9f 13-ef 7c 3d 2a 18 b0 3e b1  ...y.g...|=3D*..>. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0060: a2 2c 98 =
b7 c5 d6 07 d1-cf 64 f4 cb a2 81 4f f6  .,.......d....O. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0070: 48 2f d6 =
e6 a0 93 b0 36-46 21 4d 0d cd 7e 89 8b  H/.....6F!M..~.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0080: f2 d0 a8 =
63 fb bf                                ...c..           |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 read client key exchange A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5=
 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 14 03 01 =
00 01                                   .....            |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 1/1=
 bytes from BIO#fd56b0 [mem: fdcc65] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 01       =
                                        .                |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5=
 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 16 03 01 =
00 30                                   ....0            |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 48/=
48 bytes from BIO#fd56b0 [mem: fdcc65] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: ff 25 ef =
55 d3 31 51 f0-0e 6a 9e e4 0e f6 3b 7f  .%.U.1Q..j....;. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0010: fb ec 90 =
52 7a 05 5d 3f-ea a8 72 42 de 2f 9a e7  ...Rz.]?..rB./.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0020: 6c e4 d9 =
8f 8f 63 fc b6-e1 35 b6 e5 14 93 7c ba  l....c...5....|. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 read finished A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 write change cipher spec A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 write finished A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 flush data
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(353): ssl_scache_shmc=
b_store (0xac -> subcache 12)
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(645): insert happened=
 at idx=3D0, data=3D0
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(647): finished insert=
, subcache: idx_pos/idx_used=3D0/1, data_pos/data_used=3D0/168
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(378): leaving ssl_sca=
che_shmcb_store successfully
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1721): Inter-Process=
 Session Cache: request=3DSET status=3DOK id=3DAC94F2DD376455B7FD542C6606D4=
CA30149CFCA32DE4A663D43F63CDA064AB91 timeout=3D300s (session caching)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1879): OpenSSL: Hand=
shake: done
[Thu Oct 29 11:25:03 2009] [info] Connection: Client IP: XX.XX.11.89, Proto=
col: TLSv1, Cipher: AES128-SHA (128/128 bits)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5=
 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 17 03 01 =
06 40                                   ....@            |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 160=
0/1600 bytes from BIO#fd56b0 [mem: fdcc65] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 84 6e 1b =
bb b1 ce 5d 44-d8 bb 36 8f 96 c4 62 d6  .n....]D..6...b. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0010: 15 90 35 =
2f 17 82 3e 9c-20 c5 a6 0d 8e 6f d1 22  ..5/..>. ....o." |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0020: bf da 0f =
43 ef 19 2b 98-66 d5 ec ca 03 9b a9 98  ...C..+.f....... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0030: 45 cc 30 =
49 f3 37 51 d1-98 ab 45 62 12 0e a8 26  E.0I.7Q...Eb...& |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0040: 5b 98 8b =
80 ee 62 b1 f2-19 24 21 51 1a 02 b0 e1  [....b...$!Q.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0050: e4 00 c1 =
e2 53 32 4a 3d-5d ca a2 38 7d a6 e7 36  ....S2J=3D]..8}..6 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0060: f8 f2 6d =
8c fa 2c 9a 78-84 33 0f 3c 6e 29 d1 34  ..m..,.x.3.<n).4 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0070: a5 ff 63 =
76 78 49 5a 4a-14 43 c6 53 f1 fc ad 76  ..cvxIZJ.C.S...v |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0080: 4c de 99 =
85 8a 5b 2e 52-f0 9e 8b b6 d1 9f ca 1b  L....[.R........ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0090: ec 0a c6 =
82 43 fa 1f 04-79 a3 67 54 38 b2 81 e1  ....C...y.gT8... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00a0: 5e 4b 1f =
24 8c db 49 23-9b bf cb 76 46 62 d3 f7  ^K.$..I#...vFb.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00b0: c6 fc 7a =
14 c7 c0 10 e8-15 8e 24 d2 ce 19 b6 df  ..z.......$..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00c0: bb 9f 00 =
03 23 4d b9 ea-60 02 55 b0 75 99 6e 92  ....#M..`.U.u.n. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00d0: 1c 34 a7 =
5a cf f3 65 59-91 23 ae fa ac 58 8d 34  .4.Z..eY.#...X.4 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00e0: 6d c2 ab =
14 26 fe 20 84-65 4f 56 f4 97 c6 d6 61  m...&. .eOV....a |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00f0: 31 c6 26 =
da 2d ac f8 72-81 6d 0c c2 76 33 b2 5d  1.&.-..r.m..v3.] |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0100: 6f f6 5e =
79 57 7f 35 a2-a3 4a ef f8 85 74 6a ae  o.^yW.5..J...tj. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0110: c6 f7 75 =
c5 91 85 84 9b-95 6d 3c 53 87 ff f2 40  ..u......m<S...@ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0120: ae 87 99 =
1d 67 c9 74 04-9f a7 6f cb e2 ea 27 94  ....g.t...o...'. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0130: 26 f9 bf =
76 f5 c2 16 b4-0e 5c 2b 11 9a 77 8e a8  &..v.....\\+..w.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0140: 33 a9 1a =
b7 75 cb 26 ae-ea fb df a2 d6 06 69 ed  3...u.&.......i. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0150: 8e 6e 7b =
8a 8d 2f 67 d0-a6 2d 34 88 a1 d1 c7 4e  .n{../g..-4....N |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0160: 30 e3 10 =
64 0d ab ec e8-db 26 c0 cd 90 6e c2 d1  0..d.....&...n.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0170: 30 f2 f8 =
5e 27 3a 56 86-f7 92 26 16 29 ae a9 49  0..^':V...&.)..I |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0180: c2 37 54 =
2a 40 e8 c3 a5-f9 db f3 0d 9d 4e bf b2  .7T*@........N.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0190: 8b e1 4f =
f8 17 97 20 7d-a5 8b 7a 74 3f fa d5 7a  ..O... }..zt?..z |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01a0: 87 7d a8 =
91 dc 84 5e 72-be a7 b0 e0 7e 9d 33 c1  .}....^r....~.3. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01b0: 0f d5 f7 =
01 62 2d a0 98-77 d2 6e 95 d8 1c ef 4f  ....b-..w.n....O |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01c0: 75 e3 7a =
86 4e 6e fa d5-de f4 54 66 ff db 71 51  u.z.Nn....Tf..qQ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01d0: 7a ed 29 =
cd c2 55 bc a9-53 98 bb 66 35 e6 c5 8d  z.)..U..S..f5... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01e0: 89 51 90 =
95 8c a9 b9 4c-18 44 d0 bf 69 7c 3e ea  .Q.....L.D..i|>. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01f0: b8 47 17 =
ef ff 0c 77 51-92 9a 24 5d b4 38 ea 87  .G....wQ..$].8.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0200: 81 44 b9 =
0a c4 c9 da 17-c9 7f 55 04 e4 ae 84 e5  .D........U..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0210: 47 81 ff =
a1 94 aa c1 13-fc 00 8e c4 17 f7 5c c5  G.............\\. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0220: 9f da ac =
00 67 c8 55 93-28 9e 8c 7e b6 4f bc 1b  ....g.U.(..~.O.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0230: c2 a5 97 =
27 c6 9c bd 52-90 31 20 09 86 48 11 98  ...'...R.1 ..H.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0240: 2c ce fb =
96 8c 2d 89 fd-41 9b ad fb fe fa 61 04  ,....-..A.....a. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0250: cb be 86 =
b5 35 31 fc 91-42 14 48 9f 36 5e f2 69  ....51..B.H.6^.i |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0260: f4 c2 6a =
8d f0 b7 d5 14-e4 ab 17 06 d2 89 e0 6d  ..j............m |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0270: 49 fc 22 =
76 18 82 89 18-ac ff 9f 10 50 98 9f a7  I."v........P... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0280: 1d 30 fd =
c6 f0 1b 50 e7-ba f9 31 23 de 96 ff 63  .0....P...1#...c |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0290: 3d 1f b0 =
4a d3 9b 20 53-c3 dd ab 58 19 07 56 cb  =3D..J.. S...X..V. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02a0: 65 b7 f7 =
1c da e4 64 a0-5f 92 b0 a2 a5 07 de 23  e.....d._......# |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02b0: 0e fc 1a =
48 98 d4 f5 74-fa c7 18 b4 65 82 0f 31  ...H...t....e..1 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02c0: 68 ce 54 =
c0 23 eb ef bc-ac ad f5 b9 36 19 b9 d6  h.T.#.......6... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02d0: ff 8c 02 =
d1 23 90 ce 63-2d 3d 64 63 40 96 8a e0  ....#..c-=3Ddc@... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02e0: f4 70 fa =
b0 dd ef 8a 77-7b ce 3e 32 65 13 c4 5d  .p.....w{.>2e..] |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02f0: bc a8 33 =
0e 80 5c 76 f8-2e ca 67 62 ab f2 86 ee  ..3..\\v...gb.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0300: f7 86 15 =
d3 86 d9 58 35-06 eb 54 4a 28 e2 55 c3  ......X5..TJ(.U. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0310: f6 81 91 =
00 ab 21 bc 75-1d bb 99 a8 9d 90 61 38  .....!.u......a8 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0320: 76 8d 62 =
df 92 cb 27 5b-22 51 9a 98 6f 8e 99 7b  v.b...'["Q..o..{ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0330: f7 6f b6 =
2e 28 ac 7b 74-67 a4 bc 60 a6 18 41 a2  .o..(.{tg..`..A. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0340: 51 78 c2 =
a4 3b 7e 27 9c-28 a0 da 3a b2 02 53 76  Qx..;~'.(..:..Sv |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0350: 36 8f 3d =
34 ec 2f 79 6b-a7 17 d2 ee a7 47 8a 64  6.=3D4./yk.....G.d |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0360: df b5 1a =
90 5e 30 1e d6-64 79 5b 18 d7 99 71 73  ....^0..dy[...qs |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0370: d1 ad e7 =
b6 c0 c0 aa c7-1a 35 9a 54 4b 40 ee 0c  .........5.TK@.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0380: e9 c2 e7 =
9c 1e cc 22 81-ae ae 73 4c 57 32 2d 05  ......"...sLW2-. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0390: e6 c8 34 =
33 11 36 fa 5b-03 c6 28 5f 12 a4 f3 59  ..43.6.[..(_...Y |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03a0: 68 f8 43 =
81 c4 19 d6 0b-9e a9 03 a1 24 c7 b4 b9  h.C.........$... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03b0: 65 35 a1 =
55 13 6f 06 15-6a 8b ed f6 4e a0 28 74  e5.U.o..j...N.(t |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03c0: 93 36 f6 =
9e cb 78 e8 40-e0 93 cc 24 92 7c 30 a2  .6...x.@...$.|0. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03d0: 51 03 c6 =
fa 5b b0 70 34-ef 8e 6d 54 a6 96 d0 b9  Q...[.p4..mT.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03e0: cd bc dd =
41 e2 17 0e d0-c7 3e f7 c9 58 98 23 ec  ...A.....>..X.#. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03f0: 70 b1 76 =
31 b8 02 0d ab-93 0a 79 db 07 d1 f4 a3  p.v1......y..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0400: e1 b7 00 =
e8 a2 62 68 f7-ce b0 f5 21 18 d3 53 48  .....bh....!..SH |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0410: 42 d2 a6 =
4e ce 63 ff bc-dc 83 1f c0 04 5b bd cb  B..N.c.......[.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0420: 93 97 ca =
c2 72 6e 90 c0-9a 07 c3 e2 3c 58 d3 1a  ....rn......<X.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0430: 40 f6 bc =
9b 4c 6c 60 a3-e4 ba 1c 31 c7 8d 84 84  @...Ll`....1.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0440: 99 b6 3f =
7b b2 3c 44 91-7e 51 f3 2b af 41 34 af  ..?{.<D.~Q.+.A4. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0450: a8 97 8e =
9c 1d e2 38 07-6b dd 79 11 16 de a6 b3  ......8.k.y..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0460: e1 a2 f4 =
7f 80 eb 11 74-ff 1e 23 50 8b bf 9c f2  .......t..#P.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0470: 2d 3e a9 =
04 f2 45 96 77-36 93 d1 14 e7 9c 71 f3  ->...E.w6.....q. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0480: 5f d1 7a =
62 19 5b 3b 39-42 46 0e 4d 9f dc a7 dd  _.zb.[;9BF.M.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0490: d1 69 47 =
f3 19 d1 af f4-89 56 b3 30 d3 d7 95 24  .iG......V.0...$ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04a0: b2 7d fc =
5e bf 1b b8 51-86 2e 6e 34 c9 8c 28 a9  .}.^...Q..n4..(. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04b0: 9e 24 75 =
58 35 f5 60 69-fd fd f1 9b bb 68 6c cd  .$uX5.`i.....hl. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04c0: b1 4c 15 =
5f f5 4c fb 7a-47 44 bd 06 4e 19 8a 8e  .L._.L.zGD..N... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04d0: 68 d4 58 =
e4 48 90 47 b8-a5 17 c5 8e 98 ee 07 25  h.X.H.G........% |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04e0: f3 4d c9 =
7e 5f f6 43 1c-4f 3b 9e 28 d7 13 3f 66  .M.~_.C.O;.(..?f |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04f0: b5 fd 89 =
35 6d d6 90 f8-54 cd ea 81 92 de ad 40  ...5m...T......@ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0500: e4 e7 58 =
c9 69 70 be 4f-4c 68 1b de d6 1d e9 f7  ..X.ip.OLh...... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0510: 2b e5 47 =
e3 01 c8 84 4e-44 31 d3 ad 75 92 39 c6  +.G....ND1..u.9. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0520: 05 da 10 =
86 b7 5b 8f e9-b9 93 e7 a8 d2 19 39 84  .....[........9. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0530: 34 50 01 =
21 52 9e f1 b4-94 9b dd cb e6 50 c6 d9  4P.!R........P.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0540: 37 64 01 =
f1 25 cb 81 53-c5 82 a0 0f ec f2 34 01  7d..%..S......4. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0550: cb 32 be =
44 d2 4e 3f 43-81 3c aa 17 2c f5 c4 8c  .2.D.N?C.<..,... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0560: 39 32 e9 =
37 3d c3 11 06-53 f7 31 2e b0 0e 56 5d  92.7=3D...S.1...V] |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0570: e7 e3 88 =
a2 f9 d0 5f 4e-8f 98 c0 39 64 1f 98 6f  ......_N...9d..o |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0580: 95 1e 44 =
ed 20 36 8e cf-b5 69 ee 36 b9 47 cf 13  ..D. 6...i.6.G.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0590: fd 84 82 =
28 08 af 91 ce-95 8e 23 eb 62 72 3f 3d  ...(......#.br?=3D |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05a0: 0b 93 fa =
d9 5e 7d ab c4-b5 2a 7d 29 c8 d5 ce 54  ....^}...*})...T |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05b0: ae 2e 35 =
27 ef 5b 6b 12-3f 09 d9 9b 06 cc 76 72  ..5'.[k.?.....vr |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05c0: ce c8 94 =
ce 7a 8f ae 6a-c6 2c 79 2f a0 3b 7d f9  ....z..j.,y/.;}. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05d0: be 0a 99 =
77 d1 ba e5 e7-16 6c 47 89 c7 c3 b0 aa  ...w.....lG..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05e0: 49 07 f4 =
7c 43 fa cb 42-2e 4d e7 45 26 67 bc 91  I..|C..B.M.E&g.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05f0: 4c 9d 25 =
b7 bb f9 e0 6a-eb 53 eb ae 93 05 33 79  L.%....j.S....3y |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0600: 1b 03 61 =
98 46 84 cc 1b-ed 6e 21 11 2a 8c 4d 99  ..a.F....n!.*.M. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0610: 95 ed ae =
77 be b8 41 46-52 58 2f cc 7a b7 d8 eb  ...w..AFRX/.z... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0620: 9f 1b a6 =
21 c6 79 bf bf-55 2a 11 f5 1d cf 30 9e  ...!.y..U*....0. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0630: 6f e5 4e =
7d 32 0d 16 27-fc 72 cc f2 b2 aa 0d 98  o.N}2..'.r...... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [info] Initial (No.1) HTTPS request received for=
 child 63 (server rd-db.cnd.YY.com:8443)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(487): [client XX.XX.=
11.89] Changed client verification type will force renegotiation
[Thu Oct 29 11:25:03 2009] [info] [client XX.XX.11.89] Requesting connectio=
n re-negotiation
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(724): [client XX.XX.=
11.89] Performing full renegotiation: complete handshake protocol
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL: Hand=
shake: start
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSL renegotiate ciphers
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 write hello request A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 flush data
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 write hello request C
[Thu Oct 29 11:25:03 2009] [info] [client XX.XX.11.89] Awaiting re-negotiat=
ion handshake
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL: Hand=
shake: start
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: before accept initialization
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5=
 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 16 03 01 =
00 90                                   .....            |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 144=
/144 bytes from BIO#fd56b0 [mem: fdcc65] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: fa 50 f4 =
a0 17 63 11 f6-62 3b bb d8 08 22 93 2c  .P...c..b;..."., |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0010: 9d de 9d =
37 8c df 22 7b-40 62 c1 8b db 63 be c1  ...7.."{@b...c.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0020: f3 6b 2b =
6e 72 34 84 0e-da 6c 55 d8 fe 39 69 35  .k+nr4...lU..9i5 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0030: e3 b6 7a =
ff 1c 59 a2 03-aa 5c d1 44 e0 fc f7 b0  ..z..Y...\\.D.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0040: 52 17 cc =
d6 24 2e af 9e-de 6a 83 38 ae ea 5e d8  R...$....j.8..^. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0050: f0 e4 ce =
4b a8 79 c4 a0-9d c0 77 af 7c cb 5c a6  ...K.y....w.|.\\. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0060: 83 16 3c =
61 18 6c 56 ff-88 90 6a f1 c7 93 9b 08  ..<a.lV...j..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0070: c1 a8 ef =
32 26 2b b7 20-b2 d8 4c 00 cd 53 d2 df  ...2&+. ..L..S.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0080: 99 71 d7 =
c2 bc a7 19 72-fd ce 72 b9 d4 10 9f 51  .q.....r..r....Q |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +----------------=
---------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1951): [client XX.XX=
.11.89] SSL virtual host for servername rd-db.cnd.YY.com found
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 read client hello A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 write server hello A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 write certificate A
[Thu Oct 29 11:25:04 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 write certificate request A
[Thu Oct 29 11:25:04 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop=
: SSLv3 flush data
[Thu Oct 29 11:25:04 2009] [debug] ssl_engine_io.c(1869): OpenSSL: I/O erro=
r, 5 bytes expected to read on BIO#fd56b0 [mem: fdcc60]
[Thu Oct 29 11:25:04 2009] [debug] ssl_engine_kernel.c(1912): OpenSSL: Exit=
: error in SSLv3 read client certificate A
[Thu Oct 29 11:25:04 2009] [error] [client XX.XX.11.89] Re-negotiation hand=
shake failed: Not accepted by client!?

-----Original Message-----
From: Berube, Steve (HP Software)
Sent: Thursday, October 29, 2009 11:12 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Requesting help with Smart Card Client Certifica=
te Authentication issue.

Was wondering if anyone else had ideas here. I have a strace (Microsoft too=
l) of the trace, but my expertise in analyzing that is lacking.


-----Original Message-----
From: Berube, Steve (HP Software)
Sent: Tuesday, October 27, 2009 10:31 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Requesting help with Smart Card Client Certifica=
te Authentication issue.

Ok quick update, I did that test and unfortunately no change in behavior. I=
 can't access / now (as expected) but still no prompt for certificate. Othe=
r systems that work continue to work. Firefox no issue, one windows 7 IE sy=
stem, no issue.

I am installing wireshark now.


-----Original Message-----
From: Berube, Steve (HP Software)
Sent: Tuesday, October 27, 2009 10:28 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Requesting help with Smart Card Client Certifica=
te Authentication issue.

So for testing, are you asking I move SSLVerifyClient + SSLVerifyDepth to t=
he entire virtual host directive?

e.g.
<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
ServerName rd-db.cnd.hp.com:443
ServerAdmin admin@rd-db.hp.com
ErrorLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/error.=
log"
TransferLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/acc=
ess.log"

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 10

<Location />
        SSLOptions +StdEnvVars
</location>

-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Tuesday, October 27, 2009 10:26 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Requesting help with Smart Card Client Certifica=
te Authentication issue.

On Tue, Oct 27, 2009 at 10:21 AM, Berube, Steve (HP Software)
<steve.berube@hp.com> wrote:
> My test originally was this
> <Location />
>     SSLVerifyClient require
>
>     SSLVerifyDepth 10
>
>     SSLOptions +StdEnvVars
> </location>
>
> Same issue whether based on a directory or using the root location.
> I'm still trying to figure out why one and only IE works, but no others.
> I've tried HTTP Analyzer plugin for IE which only shows a single error (n=
othing else)
>
> ERROR_INTERNET_SECURITY_CHANNEL_ERROR
>
> Nothing else at all in the trace.
>
> If I go to the root url (which is SSL Enabled, but no client verify)
>
> I will try your suggestion of wireshark.

Putting it in <Location /> is still the more complicated case of:

handshake without request for client authentication
read request
server-driven renegotiation of the handshake with client authentication req=
uest
*hope IE prompts*

SSLVerifyClient is accepted in <VirtualHost> context, which should
cause the initial handshake to ask for a client cert.

>
>
> -----Original Message-----
> From: Eric Covener [mailto:covener@gmail.com]
> Sent: Tuesday, October 27, 2009 10:17 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Requesting help with Smart Card Client Certifi=
cate Authentication issue.
>
> On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
> <steve.berube@hp.com> wrote:
>> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bi=
n">
>>
>>     SSLVerifyClient require
>>
>>     SSLVerifyDepth 10
>>
>>     SSLOptions +StdEnvVars
>>
>> </Directory>
>
>
> Can you simplify your testing by setting this outside of per-directory
> config?  Have you used wireshark to see if Apache is sending the
> proper list of trusted certificates that line up with whoever signed
> your certs in your HW device?
>
> Perhaps http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatec=
hainfile
> or  http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepat=
h
> might help?
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project=
.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project=
.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>



--
Eric Covener
covener@gmail.com

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org