Re: SSL related error

From: Nick Wright <nick_at_lsd.net.nz>
Date: 2003-09-30 17:22:00 CEST

I suspect there is some sort of issue with the way I have Apache/SSL set up..
I'm fairly new to the SSL side of things especially..

Anything to do with the "dropped support for PEM-encoded client certs, only
accept PKCS12 now" thing new in NEON 0.24 perhaps?

The server runs Debian testing/unstable, Apache/2.0.47 (Debian GNU/Linux),
DAV/2 SVN/0.30.0, mod_ssl/2.0.47, OpenSSL/0.9.7b

If you havent done so already, the output from the openSSL client is posted
below.

You can try connecting to the repository also - it's just at
https://highgate.net.nz/

The error happens before authentication.

(I use the HTTPS server only for subversion at the moment, so I just made the
root of the HTTPS server point to the repository)

Thanks,
Nick.

CONNECTED(00000003)
depth=0 /C=NZ/ST=Otago/O=None/OU=Svn/CN=highgate.net.nz
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=NZ/ST=Otago/O=None/OU=Svn/CN=highgate.net.nz
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=NZ/ST=Otago/O=None/OU=Svn/CN=highgate.net.nz
verify error:num=21:unable to verify the first certificate
verify return:1

---
Server certificate
-----BEGIN CERTIFICATE-----
MIICOzCCAaQCAQEwDQYJKoZIhvcNAQEEBQAweDENMAsGA1UEChMETm9uZTEeMBwG
CSqGSIb3DQEJARYPbmlja0Bsc2QubmV0Lm56MRAwDgYDVQQHEwdEdW5lZGluMQ4w
DAYDVQQIEwVPdGFnbzELMAkGA1UEBhMCTloxGDAWBgNVBAMTD2hpZ2hnYXRlLm5l
dC5uejAeFw0wMzA4MjUwMTQ1MDdaFw0wNDA4MjQwMTQ1MDdaMFQxCzAJBgNVBAYT
Ak5aMQ4wDAYDVQQIEwVPdGFnbzENMAsGA1UEChMETm9uZTEMMAoGA1UECxMDU3Zu
MRgwFgYDVQQDEw9oaWdoZ2F0ZS5uZXQubnowgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAKXrCcMgI+RwdjYB6yoYn8vMtuBqPmKzX21uQoN787mBHRqsS+iQlTn0
f/VD+fLx0eqTDj1B+tUFShQ6nd9Rkj++RNSAewf4usd6KVusrLOJvRef7wL93NFF
909TaqbRG5fzDyIsfmKcvD1t09HKLO2abNKYwJIhvPcHZ/u1jVIDAgMBAAEwDQYJ
KoZIhvcNAQEEBQADgYEAENzVEom2VyFms97uaiwuSMvCoTMdjva0g9BeoiBVLhU3
IElrHsT/PfiwggexIM6QptBKt35dWHUJtvqIZQeZV/yXtb9t0ui+ZRqmqrrNHAeG
WwuQkb2y2qSLd+r9x/Z/vyigHatoonDhzbI7p6qIdjNNTKREqmwaQEza2K+K6S4=
-----END CERTIFICATE-----
subject=/C=NZ/ST=Otago/O=None/OU=Svn/CN=highgate.net.nz
issuer=/O=None/emailAddress=nick@lsd.net.nz/L=Dunedin/ST=Otago/C=NZ/CN=highgate.net.nz
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
RC4-MD5         EXP-RC4-MD5     RC2-CBC-MD5
EXP-RC2-CBC-MD5 DES-CBC-MD5     DES-CBC3-MD5
RC4-64-MD5
---
SSL handshake has read 727 bytes and written 333 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : SSLv2
    Cipher    : DES-CBC3-MD5
    Session-ID: 36F68149D191AA04AE74E0F7F7A266EE
    Session-ID-ctx:
    Master-Key: 38136ECC69B918B3156F90A34737CFD51622D724A29A0E28
    Key-Arg   : 835AF1A8257D71B2
    Start Time: 1064934091
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Received on Tue Sep 30 17:23:11 2003

This message: [ Message body ]
Next message: José Augusto Silva Simões: "RE: 500 Internal error running SVN in windows"
Previous message: Branko ÄŒibej: "Re: windows lusers & linux repository"
In reply to: Joe Orton: "Re: SSL related error"
Next in thread: Joe Orton: "Re: SSL related error"
Reply: Joe Orton: "Re: SSL related error"
Reply: Tobias Ringstrom: "Re: SSL related error"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]