From owner-freebsd-hackers Thu May 18 3:41:10 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 318E237B6F3; Thu, 18 May 2000 03:41:07 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id DAA23478; Thu, 18 May 2000 03:41:07 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 18 May 2000 03:41:07 -0700 (PDT) From: Kris Kennaway To: Milon Papezik Cc: freebsd-hackers@freebsd.org, freebsd-ports@freebsd.org Subject: Re: ASN.1 parsing in OpenSSL (Apache+mod_ssl problem) In-Reply-To: <3923C0B0.E71C344D@oskarmobil.cz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 18 May 2000, Milon Papezik wrote: > When I try to connect with Netscape 4.x or Exploder 5 to Apache over > SSL I get the following errors in apache_ssl_engine.log: I need to compare the contents of a working and non-working certificate - my suspicion is that theres something off about the ASN.1 encoding of the certificate that causes netscape to barf (IE will apparently still read it fine, or it can at least for some people's certs). Install the converters/dumpasn1 port, and run the following on your certificate.pem file: openssl asn1parse -in cert.pem -out cert.der dumpasn1 cert.der > cert.out and mail me cert.out. Do this for both certificates if you have a working and non-working one. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message