Article delegate-en <_A1138@delegate-en.ML_>
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[delegate-en/1138] [Reference:<_A1120@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: sslway client auth problem
09 May 2001 08:50:35 GMT feedback@delegate.org (Yutaka Sato)


Hi Roger,

On 04/25/01(15:48) you Roger Buck <peecabdyi.ml@ml.delegate.org> wrote
in <_A1120@delegate-en.ML_>
 |After solving this problem, deleagte now correctly accepts client
 |certification (using -Vrfy) but I now have two new problems.
 |
 |Following client verification, I get continuous prompts to re-load
 |certificate - maybe 5 or 6 times before I can view a single document.
 |Often the browser will crash suddenly (see above for version info).
 |
 |Using same certificates and destination host:port setup, I do not have
 |same problem when using stunnel ( http://www.stunnel.org/ )
 |
 |Does anyone have any ideas or hints to put me on right track?

"-Verify 0" instead of "-Vrfy" might solve the problem, could you
test it with the enclosed patch?

Cheers,
Yutaka
--
  @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan


*** ../../delegate7.3.0/filters/sslway.c	Fri Mar  2 16:48:49 2001
--- sslway.c	Wed May  9 17:47:48 2001
***************
*** 405,411 ****
  	depth =  X509_STORE_CTX_get_error_depth(ctx);
  	X509_NAME_oneline(X509_get_subject_name(cert),subjb,sizeof(subjb));
  	errsym = X509_verify_cert_error_string(err);
! 	ERROR("depth=%d/%d %d:\"%s\" %s",depth,verify_depth,err,errsym,subjb);
  
  	if( !ok ){
  		if( depth <= verify_depth )
--- 405,412 ----
  	depth =  X509_STORE_CTX_get_error_depth(ctx);
  	X509_NAME_oneline(X509_get_subject_name(cert),subjb,sizeof(subjb));
  	errsym = X509_verify_cert_error_string(err);
! 	ERROR("depth=%d/%d ok=%d %d:\"%s\" %s",
! 		depth,verify_depth,ok,err,errsym,subjb);
  
  	if( !ok ){
  		if( depth <= verify_depth )

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V