--0-790917700-1279814826=:90633
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
=0A=0AHello,=0A=0AAdding <Location> around SSLVerifyClient and SSLVerifyDep=
th is causing my mutual =0Aauthentication to fail with a ssl_error_handshak=
e_failure_alert message.=A0=A0=A0 I =0Acan't seem to determine what might b=
e causing this.=A0=A0 I'll just jump right to =0Athe code below:=0A=0A=0A[W=
ORKS]=0A=0AExcerpting my httpd.conf: =0A=0A<VirtualHost _default_:443>=0A=
=A0DocumentRoot "<path edited>/htdocs"=0A=A0SSLEngine on=0A=A0SSLCipherSuit=
e ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+e NULL=0A=A0SSL=
CertificateFile "<path edited>/Cert/ssl.crt/server.crt"=0A=A0SSLCertificate=
KeyFile "<path edited>/Cert/ssl.key/server.key"=0A=A0SSLCACertificateFile "=
<path edited> Cert/ca.cer"=0A=A0=A0SSLVerifyClient required=0A=A0=A0SSLVeri=
fyDepth 1=0A=A0<truncated> =0A=0AThe above works like a charm.=A0=A0=A0 The=
only problem is it works EVERYWHERE I use =0A443 ... which is as expected.=
=A0=A0=A0 So when I add my <Location> directive as below =0AI get the Error=
code: ssl_error_handshake_failure_alert.=A0=A0=A0=A0 Though it properly =
=0Atriggers this error on requests to the specified location.=A0=A0=A0 So I=
know that =0Apart is being picked up properly.=A0=A0=A0 Does anybody know =
what can be causing =0Athis?=A0=A0=A0=A0=A0 This seems to be how it was beh=
aving before I added in the =0ASSLCACertificateFile=A0information.=A0=A0=A0=
Could the Location tag be causing the =0Aserver to somehow ignore my SSLCA=
CertificateFile?=A0=A0=A0 =0A=0A=0A=0A[DOESN'T WORK]=A0:=A0=A0 Error code: =
ssl_error_handshake_failure_alert=0A=A0=0A<VirtualHost _default_:443>=0A=A0=
DocumentRoot "<path edited>/htdocs"=0A=A0SSLEngine on=0A=A0SSLCipherSuite A=
LL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eN ULL=0A=A0SSLCer=
tificateFile "<path edited>/Cert/ssl.crt/server.crt"=0A=A0SSLCertificateKey=
File "<path edited>/Cert/ssl.key/server.key"=0A=A0SSLCACertificateFile "<pa=
th edited> Cert/ca.cer"=0A=A0<Location /logonWithCertificate>=A0=0A=A0=A0SS=
LVerifyClient required=0A=A0=A0SSLVerifyDepth 1=0A=A0</Location>=0A=A0=0A<t=
runcated> =0A=0AThanks in advance for any insight. =0A=0A-John=0A=0A=0A=0A =
--0-790917700-1279814826=:90633
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
<html><head><style type=3D"text/css"><!-- DIV {margin:0px;} --></style></he=
ad><body><div style=3D"font-family:times new roman, new york, times, serif;=
font-size:12pt"><DIV> </DIV>=0A<DIV style=3D"FONT-FAMILY: times new ro=
man, new york, times, serif; FONT-SIZE: 12pt">=0A<DIV style=3D"FONT-FAMILY:=
times new roman, new york, times, serif; FONT-SIZE: 12pt">=0A<DIV style=3D=
"FONT-FAMILY: times new roman, new york, times, serif; FONT-SIZE: 12pt">=0A=
<DIV>Hello,</DIV>=0A<DIV> </DIV>=0A<DIV>Adding <Location> around=
SSLVerifyClient and SSLVerifyDepth is causing my mutual authentication to =
fail with a ssl_error_handshake_failure_alert message. I =
can't seem to determine what might be causing this. I'll just j=
ump right to the code below:</DIV>=0A<DIV> </DIV>=0A<DIV> </DIV>=
=0A<DIV>[WORKS]</DIV>=0A<DIV> </DIV>=0A<DIV>Excerpting my httpd.conf: =
</DIV>=0A<DIV> </DIV>=0A<DIV><VirtualHost _default_:443><BR>&nbs=
p;DocumentRoot "<path edited>/htdocs"<BR> SSLEngine on<BR> =
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+e =
NULL<BR> SSLCertificateFile "<path edited>/Cert/ssl.crt/server.c=
rt"<BR> SSLCertificateKeyFile "<path edited>/Cert/ssl.key/server=
..key"<BR> SSLCACertificateFile "<path edited> Cert/ca.cer"<BR>&n=
bsp; SSLVerifyClient required<BR> SSLVerifyDepth 1<BR> =
;<truncated> </DIV>=0A<DIV> </DIV>=0A<DIV>The above works like a=
charm. The only problem is it works EVERYWHERE I use 443=
... which is as expected. So when I add my <Location&=
gt; directive as below I get the Error code: ssl_error_handshake_failure_al=
ert. Though it properly triggers this error on requ=
ests to the specified location. So I know that part is be=
ing picked up properly. Does anybody know what can be cau=
sing this? This seems to be how it was behavi=
ng before I added in the SSLCACertificateFile information. =
Could the Location tag be causing the server to somehow ignore my SS=
LCACertificateFile? </DIV>=0A<DIV> </DIV>=0A<DIV>&nb=
sp;</DIV>=0A<DIV>[DOESN'T WORK] : <FONT color=3D#ff0000>Er=
ror code: ssl_error_handshake_failure_alert</FONT></DIV>=0A<DIV><FONT color=
=3D#ff0000></FONT> </DIV>=0A<DIV><VirtualHost _default_:443><BR>=
DocumentRoot "<path edited>/htdocs"<BR> SSLEngine on<BR>&n=
bsp;SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EX=
P:+eNULL<BR> SSLCertificateFile "<path edited>/Cert/ssl.crt/serv=
er.crt"<BR> SSLCertificateKeyFile "<path edited>/Cert/ssl.key/se=
rver.key"<BR> SSLCACertificateFile "<path edited> Cert/ca.cer"<B=
R> <FONT color=3D#ff0000> </FONT><FONT color=3D#0080ff><Location /l=
ogonWithCertificate></FONT> </DIV>=0A<DIV> SSLVerifyClie=
nt required<BR> SSLVerifyDepth 1</DIV>=0A<DIV> <FONT color=
=3D#0080ff></Location></FONT><BR> </DIV>=0A<DIV><truncated>=
; </DIV>=0A<DIV> </DIV>=0A<DIV>Thanks in advance for any insight. </DI=
V>=0A<DIV> </DIV>=0A<DIV>-John</DIV></DIV><BR>=0A<META content=3Don ht=
tp-equiv=3Dx-dns-prefetch-control></DIV></DIV></div><br>=0A=0A=0A=0A=0A=0A=
=0A=0A </body></html>
--0-790917700-1279814826=:90633--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org
