[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: error in SSLv3 read client certificate

To: Tony Novak <noc@cca.cz>
Subject: Re: error in SSLv3 read client certificate
From: Michael Ströder <michael.stroeder@inka.de>
Date: Mon, 21 Feb 2000 11:06:07 +0100
Cc: j_sanchez@stl.es, openldap-software@OpenLDAP.org
Organization: at Home
References: <38B0F6CE.AE85F4E@cca.cz>

These questions are very much OpenSSL/stunnel-related. You should
subscribe to OpenSSL and stunnel mailing lists.

Tony Novak wrote:

> slapd connected from Ipaddress of NT4 PC:1420
> LOG7[6268:2049]: Local service connected
> LOG7[6268:2049]: before SSL initalisation
> LOG7[6268:2049]: before SSL initalisation
> LOG7[6268:2049]: SSLv3 read client hello A
> LOG7[6268:2049]: SSLv3 write server hello A
> LOG7[6268:2049]: SSLv3 write certificate A
> LOG7[6268:2049]: SSLv3 write key exchange A
> LOG7[6268:2049]: SSLv3 write server done A
> LOG7[6268:2049]: SSLv3 flush data
> LOG7[6268:2049]: SSLv3 read client certificate A
> LOG7[6268:2049]: SSLv3 read client certificate A
> LOG3[6268:2049]: SSL_accept: error:14094412:SSL 
> routines:SSL3_READ_BYTES:sslv3
> alert bad certificate (all 1 line)

Are you using client certs? Did you configure stunnel to require
client certs for strong user authentication? You shouldn't if you do
not have a CA issueing the client certs. It seems that the
certificate cannot be verified against a trusted CA certs.

Ciao, Michael.

References:
- error in SSLv3 read client certificate
  - From: Tony Novak <noc@cca.cz>

Prev by Date: error in SSLv3 read client certificate
Next by Date: migrating MD5 shadowed passwords
Index(es):
- Chronological
- Thread