From owner-freebsd-ports Thu May 18 3:13:48 2000 Delivered-To: freebsd-ports@freebsd.org Received: from smtp1-ext.oskarmobil.cz (smtp1-ext.oskarmobil.cz [195.47.29.137]) by hub.freebsd.org (Postfix) with ESMTP id A417B37B524; Thu, 18 May 2000 03:13:35 -0700 (PDT) (envelope-from milon.papezik@oskarmobil.cz) Received: from wh01ex02.ceskymobil.cz (exchange.ceskymobil.cz [172.20.128.42]) by smtp1-ext.oskarmobil.cz (8.9.3/8.9.3) with ESMTP id MAA26543; Fri, 19 May 2000 12:10:58 +0200 (CEST) Received: from oskarmobil.cz (papezik.ceskymobil.cz [172.20.128.9]) by wh01ex02.ceskymobil.cz with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id LB625KH2; Thu, 18 May 2000 12:12:12 +0200 Message-ID: <3923C0B0.E71C344D@oskarmobil.cz> Date: Thu, 18 May 2000 12:06:40 +0200 From: Milon Papezik X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.4-RELEASE i386) X-Accept-Language: cz, cs, en MIME-Version: 1.0 To: freebsd-hackers@freebsd.org, freebsd-ports@freebsd.org Subject: Re: ASN.1 parsing in OpenSSL (Apache+mod_ssl problem) References: <3923BD52.7275ACF8@oskarmobil.cz> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Yesterday, I installed on the 4.0R server the apache13-php3 port with mod_ssl (using 4.0R ports skeleton) and it seems that I run into similar problem. When I try to connect with Netscape 4.x or Exploder 5 to Apache over SSL I get the following errors in apache_ssl_engine.log: [18/May/2000 16:40:17 65027] [info] Init: Initializing OpenSSL library [18/May/2000 16:40:17 65027] [info] Init: Loading certificate & private key of SSL-aware server www.xxxxxx.cz:443 [18/May/2000 16:40:17 65027] [info] Init: Seeding PRNG with 136 bytes of entropy [18/May/2000 16:40:17 65027] [info] Init: Generating temporary RSA private keys (512/1024 bits) [18/May/2000 16:40:18 65027] [info] Init: Configuring temporary DH parameters (512/1024 bits) [18/May/2000 16:40:22 65038] [info] Init: 2nd startup round (already detached) [18/May/2000 16:40:22 65038] [info] Init: Reinitializing OpenSSL library [18/May/2000 16:40:22 65038] [info] Init: Seeding PRNG with 136 bytes of entropy [18/May/2000 16:40:22 65038] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [18/May/2000 16:40:22 65038] [info] Init: Configuring temporary DH parameters (512/1024 bits) [18/May/2000 16:40:22 65038] [info] Init: Initializing (virtual) servers for SSL [18/May/2000 16:40:22 65038] [info] Init: Configuring server www.xxxxxx.cz:443 for SSL protocol [18/May/2000 16:40:58 65057] [info] Connection to child 2 established (server www.xxxxxx.cz:443, client 172.20.128.10) [18/May/2000 16:40:58 65057] [info] Seeding PRNG with 1160 bytes of entropy [18/May/2000 16:40:58 65057] [error] SSL handshake failed (server www.xxxxxx.cz:443, client 172.20.128.10) (OpenSSL library error follows) [18/May/2000 16:40:58 65057] [error] OpenSSL: error:1409B004:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:nested asn1 error [18/May/2000 16:40:58 65058] [info] Connection to child 3 established (server www.xxxxxx.cz:443, client 172.20.128.10) [18/May/2000 16:40:58 65058] [info] Seeding PRNG with 1160 bytes of entropy [18/May/2000 16:40:58 65058] [error] SSL handshake failed (server www.xxxxxx.cz:443, client 172.20.128.10) (OpenSSL library error follows) [18/May/2000 16:40:58 65058] [error] OpenSSL: error:140BB004:SSL routines:SSL_RSA_PRIVATE_DECRYPT:nested asn1 error The first error happens only with Netscape, the both errors show up for Exploder. This happens regardless of using the SnakeOil test certifikate or using propper certifikace issued by VeriSign. The VeriSign cerifikate works without any problems on my 3.4R server with Apache13-php3 server from 3.4R ports. Is the apache port broken or is it openssl problem? Or is it another well know issue :-( Thanks in advance, any help will be greatly appreciated. Milon -- milon.papezik@oskarmobil.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message