Re: SSLVerifyClient

--Apple-Mail-2-11933830
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=US-ASCII;
delsp=yes;
format=flowed

Indeed, the trouble was with Safari and Keychain. Apparently, having
more than one certificate confuses Safari. I am not sure what to do
now, except get a different browser. Any advice would be appreciated.

On Jun 28, 2005, at 11:01 AM, lingwitt@bellsouth.net wrote:

> This can't be the problem, as I specify the CA using
> SSLCACertificatePath using the proper HASH names. I've also tried
> SSLCACertificateFile.
>
> using s_client with SSLVerifyClient optional, it shows that the
> server is correctly identifying which CAs are allowed.
>
> I think the problem is with Safari and Keychain. I shall look
> further into the matter.
>
> On Jun 28, 2005, at 10:27 AM, Paul Puschmann wrote:
>
>> I think that Eckard Wille might be right. So have some experiments
>> with
>> your ca-files and certificates.
>


--Apple-Mail-2-11933830
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=US-ASCII

<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><DIV>Indeed, the trouble was =
with Safari and Keychain. Apparently, having more than one certificate =
confuses Safari. I am not sure what to do now, except get a different =
browser. Any advice would be appreciated.</DIV><BR><DIV><DIV>On Jun 28, =
2005, at 11:01 AM, <A =
href=3D"mailto:lingwitt@bellsouth.net">lingwitt@be llsouth.net</A> =
wrote:</DIV><BR class=3D"Apple-interchange-newline"><BLOCKQUOTE =
type=3D"cite"><DIV>This can't be the problem, as I specify the CA using =
SSLCACertificatePath using the proper HASH names. I've also tried =
SSLCACertificateFile.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>using s_client with =
SSLVerifyClient optional, it shows that the server is correctly =
identifying which CAs are allowed.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>I think the problem is with =
Safari and Keychain. I shall look further into the =
matter.</DIV><BR><DIV><DIV>On Jun 28, 2005, at 10:27 AM, Paul Puschmann =
wrote:</DIV><BR class=3D"Apple-interchange-newline"><BLOCKQUOTE =
type=3D"cite"><DIV style=3D"margin-top: 0px; margin-right: 0px; =
margin-bottom: 0px; margin-left: 0px; "><FONT face=3D"Helvetica" =
size=3D"3" style=3D"font: 12.0px Helvetica">I think that Eckard Wille =
might be right. So have some experiments with</FONT></DIV><DIV =
style=3D"margin-top: 0px; margin-right: 0px; margin-bottom: 0px; =
margin-left: 0px; "><FONT face=3D"Helvetica" size=3D"3" style=3D"font: =
12.0px Helvetica">your ca-files and certificates.</FONT></DIV> =
</BLOCKQUOTE></DIV><BR></BLOCKQUOTE></DIV><BR></BODY></HTML>=

--Apple-Mail-2-11933830--
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org