Date: Thu, 18 May 2000 12:06:40 +0200 From: Milon Papezik <milon.papezik@oskarmobil.cz> To: freebsd-hackers@freebsd.org, freebsd-ports@freebsd.org Subject: Re: ASN.1 parsing in OpenSSL (Apache+mod_ssl problem) Message-ID: <3923C0B0.E71C344D@oskarmobil.cz> References: <3923BD52.7275ACF8@oskarmobil.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi,
Yesterday, I installed on the 4.0R server the apache13-php3 port with mod_ssl (using 4.0R ports skeleton) and it seems that I run into similar problem.
When I try to connect with Netscape 4.x or Exploder 5 to Apache over SSL I get the following errors in apache_ssl_engine.log:
[18/May/2000 16:40:17 65027] [info] Init: Initializing OpenSSL library
[18/May/2000 16:40:17 65027] [info] Init: Loading certificate & private key of SSL-aware server www.xxxxxx.cz:443
[18/May/2000 16:40:17 65027] [info] Init: Seeding PRNG with 136 bytes of entropy
[18/May/2000 16:40:17 65027] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[18/May/2000 16:40:18 65027] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[18/May/2000 16:40:22 65038] [info] Init: 2nd startup round (already detached)
[18/May/2000 16:40:22 65038] [info] Init: Reinitializing OpenSSL library
[18/May/2000 16:40:22 65038] [info] Init: Seeding PRNG with 136 bytes of entropy
[18/May/2000 16:40:22 65038] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[18/May/2000 16:40:22 65038] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[18/May/2000 16:40:22 65038] [info] Init: Initializing (virtual) servers for SSL
[18/May/2000 16:40:22 65038] [info] Init: Configuring server www.xxxxxx.cz:443 for SSL protocol
[18/May/2000 16:40:58 65057] [info] Connection to child 2 established (server www.xxxxxx.cz:443, client 172.20.128.10)
[18/May/2000 16:40:58 65057] [info] Seeding PRNG with 1160 bytes of entropy
[18/May/2000 16:40:58 65057] [error] SSL handshake failed (server www.xxxxxx.cz:443, client 172.20.128.10) (OpenSSL library error follows)
[18/May/2000 16:40:58 65057] [error] OpenSSL: error:1409B004:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:nested asn1 error
[18/May/2000 16:40:58 65058] [info] Connection to child 3 established (server www.xxxxxx.cz:443, client 172.20.128.10)
[18/May/2000 16:40:58 65058] [info] Seeding PRNG with 1160 bytes of entropy
[18/May/2000 16:40:58 65058] [error] SSL handshake failed (server www.xxxxxx.cz:443, client 172.20.128.10) (OpenSSL library error follows)
[18/May/2000 16:40:58 65058] [error] OpenSSL: error:140BB004:SSL routines:SSL_RSA_PRIVATE_DECRYPT:nested asn1 error
The first error happens only with Netscape,
the both errors show up for Exploder.
This happens regardless of using the SnakeOil test certifikate
or using propper certifikace issued by VeriSign.
The VeriSign cerifikate works without any problems
on my 3.4R server with Apache13-php3 server from 3.4R ports.
Is the apache port broken or is it openssl problem?
Or is it another well know issue :-(
Thanks in advance, any help will be greatly appreciated.
Milon
--
milon.papezik@oskarmobil.cz
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3923C0B0.E71C344D>