You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Eric Covener <co...@gmail.com> on 2009/10/27 15:17:09 UTC
Re: [users@httpd] Requesting help with Smart Card Client Certificate
Authentication issue.
On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
<st...@hp.com> wrote:
> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
>
> SSLVerifyClient require
>
> SSLVerifyDepth 10
>
> SSLOptions +StdEnvVars
>
> </Directory>
Can you simplify your testing by setting this outside of per-directory
config? Have you used wireshark to see if Apache is sending the
proper list of trusted certificates that line up with whoever signed
your certs in your HW device?
Perhaps http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
or http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath
might help?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Requesting help with Smart Card Client
Certificate Authentication issue.
Posted by "Berube, Steve (HP Software)" <st...@hp.com>.
For what it is worth:
Here are the apache logs relating to this issue:
I've XX'ed out IP + YY host name info
Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL: Handshake: start
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: before/accept initialization
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 11/11 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 16 03 01 00 99 01 00 00-95 03 01 ........... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 147/147 bytes from BIO#fd56b0 [mem: fdcc6b] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 4a e9 b2 a0 04 fb f1 8e-a3 9c 02 80 3a bc 75 7f J...........:.u. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0010: 49 18 c8 c9 40 f6 44 1c-e6 fc cb 68 52 33 95 ec I...@.D....hR3.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0020: 20 1c ed fc 78 e4 2d dd-9c 30 e6 4e b0 7f c2 5b ...x.-..0.N...[ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0030: be b2 57 e5 0d f2 3b 11-b5 c0 1f f0 a6 5b b1 b5 ..W...;......[.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0040: fb 00 18 00 2f 00 35 00-05 00 0a c0 09 c0 0a c0 ..../.5......... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0050: 13 c0 14 00 32 00 38 00-13 00 04 01 00 00 34 00 ....2.8.......4. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0060: 00 00 15 00 13 00 00 10-72 64 2d 64 62 2e 63 6e ........rd-db.cn |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0070: 64 2e XX XX 2e 63 6f 6d-00 05 00 05 01 00 00 00 d.XX.com........ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0080: 00 00 0a 00 08 00 06 00-17 00 18 00 19 00 0b 00 ................ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0090: 02 01 .. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1834): | 0147 - <SPACES/NULS>
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(393): ssl_scache_shmcb_retrieve (0x1c -> subcache 28)
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(708): shmcb_subcache_retrieve found no match
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(408): leaving ssl_scache_shmcb_retrieve successfully
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1721): Inter-Process Session Cache: request=GET status=MISSED id=1CEDFC78E42DDD9C30E64EB07FC25BBEB257E50DF23B11B5C01FF0A65BB1B5FB (session renewal)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1951): [client XX.XX.11.89] SSL virtual host for servername rd-db.cnd.YY.com found
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 read client hello A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 write server hello A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 write certificate A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 write server done A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 flush data
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 16 03 01 00 86 ..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 134/134 bytes from BIO#fd56b0 [mem: fdcc65] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 10 00 00 82 00 80 00 c3-88 5e 6d c0 7e cd 4c b7 .........^m.~.L. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0010: 32 11 13 05 4c 11 92 b6-84 ce 1d 43 08 ff bf 63 2...L......C...c |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0020: dd 99 89 a8 86 5e e5 6f-d2 a7 f4 5a 83 c6 7d 5f .....^.o...Z..}_ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0030: bc 93 f8 bc 11 2e ff fd-79 89 fa a1 70 1d 13 ef ........y...p... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0040: 88 c5 34 62 a3 c5 f3 35-91 0b bf f4 00 0a 25 46 ..4b...5......%F |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0050: f3 01 f0 79 ca 67 9f 13-ef 7c 3d 2a 18 b0 3e b1 ...y.g...|=*..>. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0060: a2 2c 98 b7 c5 d6 07 d1-cf 64 f4 cb a2 81 4f f6 .,.......d....O. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0070: 48 2f d6 e6 a0 93 b0 36-46 21 4d 0d cd 7e 89 8b H/.....6F!M..~.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0080: f2 d0 a8 63 fb bf ...c.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 read client key exchange A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 14 03 01 00 01 ..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 1/1 bytes from BIO#fd56b0 [mem: fdcc65] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 01 . |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 16 03 01 00 30 ....0 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 48/48 bytes from BIO#fd56b0 [mem: fdcc65] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: ff 25 ef 55 d3 31 51 f0-0e 6a 9e e4 0e f6 3b 7f .%.U.1Q..j....;. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0010: fb ec 90 52 7a 05 5d 3f-ea a8 72 42 de 2f 9a e7 ...Rz.]?..rB./.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0020: 6c e4 d9 8f 8f 63 fc b6-e1 35 b6 e5 14 93 7c ba l....c...5....|. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 read finished A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 write change cipher spec A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 write finished A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 flush data
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(353): ssl_scache_shmcb_store (0xac -> subcache 12)
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(645): insert happened at idx=0, data=0
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(647): finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/168
[Thu Oct 29 11:25:03 2009] [debug] ssl_scache_shmcb.c(378): leaving ssl_scache_shmcb_store successfully
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1721): Inter-Process Session Cache: request=SET status=OK id=AC94F2DD376455B7FD542C6606D4CA30149CFCA32DE4A663D43F63CDA064AB91 timeout=300s (session caching)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1879): OpenSSL: Handshake: done
[Thu Oct 29 11:25:03 2009] [info] Connection: Client IP: XX.XX.11.89, Protocol: TLSv1, Cipher: AES128-SHA (128/128 bits)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 17 03 01 06 40 ....@ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 1600/1600 bytes from BIO#fd56b0 [mem: fdcc65] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 84 6e 1b bb b1 ce 5d 44-d8 bb 36 8f 96 c4 62 d6 .n....]D..6...b. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0010: 15 90 35 2f 17 82 3e 9c-20 c5 a6 0d 8e 6f d1 22 ..5/..>. ....o." |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0020: bf da 0f 43 ef 19 2b 98-66 d5 ec ca 03 9b a9 98 ...C..+.f....... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0030: 45 cc 30 49 f3 37 51 d1-98 ab 45 62 12 0e a8 26 E.0I.7Q...Eb...& |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0040: 5b 98 8b 80 ee 62 b1 f2-19 24 21 51 1a 02 b0 e1 [....b...$!Q.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0050: e4 00 c1 e2 53 32 4a 3d-5d ca a2 38 7d a6 e7 36 ....S2J=]..8}..6 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0060: f8 f2 6d 8c fa 2c 9a 78-84 33 0f 3c 6e 29 d1 34 ..m..,.x.3.<n).4 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0070: a5 ff 63 76 78 49 5a 4a-14 43 c6 53 f1 fc ad 76 ..cvxIZJ.C.S...v |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0080: 4c de 99 85 8a 5b 2e 52-f0 9e 8b b6 d1 9f ca 1b L....[.R........ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0090: ec 0a c6 82 43 fa 1f 04-79 a3 67 54 38 b2 81 e1 ....C...y.gT8... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00a0: 5e 4b 1f 24 8c db 49 23-9b bf cb 76 46 62 d3 f7 ^K.$..I#...vFb.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00b0: c6 fc 7a 14 c7 c0 10 e8-15 8e 24 d2 ce 19 b6 df ..z.......$..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00c0: bb 9f 00 03 23 4d b9 ea-60 02 55 b0 75 99 6e 92 ....#M..`.U.u.n. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00d0: 1c 34 a7 5a cf f3 65 59-91 23 ae fa ac 58 8d 34 .4.Z..eY.#...X.4 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00e0: 6d c2 ab 14 26 fe 20 84-65 4f 56 f4 97 c6 d6 61 m...&. .eOV....a |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 00f0: 31 c6 26 da 2d ac f8 72-81 6d 0c c2 76 33 b2 5d 1.&.-..r.m..v3.] |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0100: 6f f6 5e 79 57 7f 35 a2-a3 4a ef f8 85 74 6a ae o.^yW.5..J...tj. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0110: c6 f7 75 c5 91 85 84 9b-95 6d 3c 53 87 ff f2 40 ..u......m<S...@ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0120: ae 87 99 1d 67 c9 74 04-9f a7 6f cb e2 ea 27 94 ....g.t...o...'. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0130: 26 f9 bf 76 f5 c2 16 b4-0e 5c 2b 11 9a 77 8e a8 &..v.....\\+..w.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0140: 33 a9 1a b7 75 cb 26 ae-ea fb df a2 d6 06 69 ed 3...u.&.......i. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0150: 8e 6e 7b 8a 8d 2f 67 d0-a6 2d 34 88 a1 d1 c7 4e .n{../g..-4....N |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0160: 30 e3 10 64 0d ab ec e8-db 26 c0 cd 90 6e c2 d1 0..d.....&...n.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0170: 30 f2 f8 5e 27 3a 56 86-f7 92 26 16 29 ae a9 49 0..^':V...&.)..I |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0180: c2 37 54 2a 40 e8 c3 a5-f9 db f3 0d 9d 4e bf b2 .7T*@........N.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0190: 8b e1 4f f8 17 97 20 7d-a5 8b 7a 74 3f fa d5 7a ..O... }..zt?..z |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01a0: 87 7d a8 91 dc 84 5e 72-be a7 b0 e0 7e 9d 33 c1 .}....^r....~.3. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01b0: 0f d5 f7 01 62 2d a0 98-77 d2 6e 95 d8 1c ef 4f ....b-..w.n....O |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01c0: 75 e3 7a 86 4e 6e fa d5-de f4 54 66 ff db 71 51 u.z.Nn....Tf..qQ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01d0: 7a ed 29 cd c2 55 bc a9-53 98 bb 66 35 e6 c5 8d z.)..U..S..f5... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01e0: 89 51 90 95 8c a9 b9 4c-18 44 d0 bf 69 7c 3e ea .Q.....L.D..i|>. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 01f0: b8 47 17 ef ff 0c 77 51-92 9a 24 5d b4 38 ea 87 .G....wQ..$].8.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0200: 81 44 b9 0a c4 c9 da 17-c9 7f 55 04 e4 ae 84 e5 .D........U..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0210: 47 81 ff a1 94 aa c1 13-fc 00 8e c4 17 f7 5c c5 G.............\\. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0220: 9f da ac 00 67 c8 55 93-28 9e 8c 7e b6 4f bc 1b ....g.U.(..~.O.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0230: c2 a5 97 27 c6 9c bd 52-90 31 20 09 86 48 11 98 ...'...R.1 ..H.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0240: 2c ce fb 96 8c 2d 89 fd-41 9b ad fb fe fa 61 04 ,....-..A.....a. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0250: cb be 86 b5 35 31 fc 91-42 14 48 9f 36 5e f2 69 ....51..B.H.6^.i |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0260: f4 c2 6a 8d f0 b7 d5 14-e4 ab 17 06 d2 89 e0 6d ..j............m |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0270: 49 fc 22 76 18 82 89 18-ac ff 9f 10 50 98 9f a7 I."v........P... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0280: 1d 30 fd c6 f0 1b 50 e7-ba f9 31 23 de 96 ff 63 .0....P...1#...c |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0290: 3d 1f b0 4a d3 9b 20 53-c3 dd ab 58 19 07 56 cb =..J.. S...X..V. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02a0: 65 b7 f7 1c da e4 64 a0-5f 92 b0 a2 a5 07 de 23 e.....d._......# |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02b0: 0e fc 1a 48 98 d4 f5 74-fa c7 18 b4 65 82 0f 31 ...H...t....e..1 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02c0: 68 ce 54 c0 23 eb ef bc-ac ad f5 b9 36 19 b9 d6 h.T.#.......6... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02d0: ff 8c 02 d1 23 90 ce 63-2d 3d 64 63 40 96 8a e0 ....#..c-=dc@... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02e0: f4 70 fa b0 dd ef 8a 77-7b ce 3e 32 65 13 c4 5d .p.....w{.>2e..] |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 02f0: bc a8 33 0e 80 5c 76 f8-2e ca 67 62 ab f2 86 ee ..3..\\v...gb.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0300: f7 86 15 d3 86 d9 58 35-06 eb 54 4a 28 e2 55 c3 ......X5..TJ(.U. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0310: f6 81 91 00 ab 21 bc 75-1d bb 99 a8 9d 90 61 38 .....!.u......a8 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0320: 76 8d 62 df 92 cb 27 5b-22 51 9a 98 6f 8e 99 7b v.b...'["Q..o..{ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0330: f7 6f b6 2e 28 ac 7b 74-67 a4 bc 60 a6 18 41 a2 .o..(.{tg..`..A. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0340: 51 78 c2 a4 3b 7e 27 9c-28 a0 da 3a b2 02 53 76 Qx..;~'.(..:..Sv |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0350: 36 8f 3d 34 ec 2f 79 6b-a7 17 d2 ee a7 47 8a 64 6.=4./yk.....G.d |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0360: df b5 1a 90 5e 30 1e d6-64 79 5b 18 d7 99 71 73 ....^0..dy[...qs |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0370: d1 ad e7 b6 c0 c0 aa c7-1a 35 9a 54 4b 40 ee 0c .........5.TK@.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0380: e9 c2 e7 9c 1e cc 22 81-ae ae 73 4c 57 32 2d 05 ......"...sLW2-. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0390: e6 c8 34 33 11 36 fa 5b-03 c6 28 5f 12 a4 f3 59 ..43.6.[..(_...Y |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03a0: 68 f8 43 81 c4 19 d6 0b-9e a9 03 a1 24 c7 b4 b9 h.C.........$... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03b0: 65 35 a1 55 13 6f 06 15-6a 8b ed f6 4e a0 28 74 e5.U.o..j...N.(t |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03c0: 93 36 f6 9e cb 78 e8 40-e0 93 cc 24 92 7c 30 a2 .6...x.@...$.|0. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03d0: 51 03 c6 fa 5b b0 70 34-ef 8e 6d 54 a6 96 d0 b9 Q...[.p4..mT.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03e0: cd bc dd 41 e2 17 0e d0-c7 3e f7 c9 58 98 23 ec ...A.....>..X.#. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 03f0: 70 b1 76 31 b8 02 0d ab-93 0a 79 db 07 d1 f4 a3 p.v1......y..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0400: e1 b7 00 e8 a2 62 68 f7-ce b0 f5 21 18 d3 53 48 .....bh....!..SH |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0410: 42 d2 a6 4e ce 63 ff bc-dc 83 1f c0 04 5b bd cb B..N.c.......[.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0420: 93 97 ca c2 72 6e 90 c0-9a 07 c3 e2 3c 58 d3 1a ....rn......<X.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0430: 40 f6 bc 9b 4c 6c 60 a3-e4 ba 1c 31 c7 8d 84 84 @...Ll`....1.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0440: 99 b6 3f 7b b2 3c 44 91-7e 51 f3 2b af 41 34 af ..?{.<D.~Q.+.A4. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0450: a8 97 8e 9c 1d e2 38 07-6b dd 79 11 16 de a6 b3 ......8.k.y..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0460: e1 a2 f4 7f 80 eb 11 74-ff 1e 23 50 8b bf 9c f2 .......t..#P.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0470: 2d 3e a9 04 f2 45 96 77-36 93 d1 14 e7 9c 71 f3 ->...E.w6.....q. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0480: 5f d1 7a 62 19 5b 3b 39-42 46 0e 4d 9f dc a7 dd _.zb.[;9BF.M.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0490: d1 69 47 f3 19 d1 af f4-89 56 b3 30 d3 d7 95 24 .iG......V.0...$ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04a0: b2 7d fc 5e bf 1b b8 51-86 2e 6e 34 c9 8c 28 a9 .}.^...Q..n4..(. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04b0: 9e 24 75 58 35 f5 60 69-fd fd f1 9b bb 68 6c cd .$uX5.`i.....hl. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04c0: b1 4c 15 5f f5 4c fb 7a-47 44 bd 06 4e 19 8a 8e .L._.L.zGD..N... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04d0: 68 d4 58 e4 48 90 47 b8-a5 17 c5 8e 98 ee 07 25 h.X.H.G........% |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04e0: f3 4d c9 7e 5f f6 43 1c-4f 3b 9e 28 d7 13 3f 66 .M.~_.C.O;.(..?f |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 04f0: b5 fd 89 35 6d d6 90 f8-54 cd ea 81 92 de ad 40 ...5m...T......@ |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0500: e4 e7 58 c9 69 70 be 4f-4c 68 1b de d6 1d e9 f7 ..X.ip.OLh...... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0510: 2b e5 47 e3 01 c8 84 4e-44 31 d3 ad 75 92 39 c6 +.G....ND1..u.9. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0520: 05 da 10 86 b7 5b 8f e9-b9 93 e7 a8 d2 19 39 84 .....[........9. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0530: 34 50 01 21 52 9e f1 b4-94 9b dd cb e6 50 c6 d9 4P.!R........P.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0540: 37 64 01 f1 25 cb 81 53-c5 82 a0 0f ec f2 34 01 7d..%..S......4. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0550: cb 32 be 44 d2 4e 3f 43-81 3c aa 17 2c f5 c4 8c .2.D.N?C.<..,... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0560: 39 32 e9 37 3d c3 11 06-53 f7 31 2e b0 0e 56 5d 92.7=...S.1...V] |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0570: e7 e3 88 a2 f9 d0 5f 4e-8f 98 c0 39 64 1f 98 6f ......_N...9d..o |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0580: 95 1e 44 ed 20 36 8e cf-b5 69 ee 36 b9 47 cf 13 ..D. 6...i.6.G.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0590: fd 84 82 28 08 af 91 ce-95 8e 23 eb 62 72 3f 3d ...(......#.br?= |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05a0: 0b 93 fa d9 5e 7d ab c4-b5 2a 7d 29 c8 d5 ce 54 ....^}...*})...T |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05b0: ae 2e 35 27 ef 5b 6b 12-3f 09 d9 9b 06 cc 76 72 ..5'.[k.?.....vr |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05c0: ce c8 94 ce 7a 8f ae 6a-c6 2c 79 2f a0 3b 7d f9 ....z..j.,y/.;}. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05d0: be 0a 99 77 d1 ba e5 e7-16 6c 47 89 c7 c3 b0 aa ...w.....lG..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05e0: 49 07 f4 7c 43 fa cb 42-2e 4d e7 45 26 67 bc 91 I..|C..B.M.E&g.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 05f0: 4c 9d 25 b7 bb f9 e0 6a-eb 53 eb ae 93 05 33 79 L.%....j.S....3y |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0600: 1b 03 61 98 46 84 cc 1b-ed 6e 21 11 2a 8c 4d 99 ..a.F....n!.*.M. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0610: 95 ed ae 77 be b8 41 46-52 58 2f cc 7a b7 d8 eb ...w..AFRX/.z... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0620: 9f 1b a6 21 c6 79 bf bf-55 2a 11 f5 1d cf 30 9e ...!.y..U*....0. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0630: 6f e5 4e 7d 32 0d 16 27-fc 72 cc f2 b2 aa 0d 98 o.N}2..'.r...... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [info] Initial (No.1) HTTPS request received for child 63 (server rd-db.cnd.YY.com:8443)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(487): [client XX.XX.11.89] Changed client verification type will force renegotiation
[Thu Oct 29 11:25:03 2009] [info] [client XX.XX.11.89] Requesting connection re-negotiation
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(724): [client XX.XX.11.89] Performing full renegotiation: complete handshake protocol
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL: Handshake: start
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSL renegotiate ciphers
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 write hello request A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 flush data
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 write hello request C
[Thu Oct 29 11:25:03 2009] [info] [client XX.XX.11.89] Awaiting re-negotiation handshake
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1875): OpenSSL: Handshake: start
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: before accept initialization
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 5/5 bytes from BIO#fd56b0 [mem: fdcc60] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: 16 03 01 00 90 ..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1858): OpenSSL: read 144/144 bytes from BIO#fd56b0 [mem: fdcc65] (BIO dump follows)
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1791): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0000: fa 50 f4 a0 17 63 11 f6-62 3b bb d8 08 22 93 2c .P...c..b;..."., |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0010: 9d de 9d 37 8c df 22 7b-40 62 c1 8b db 63 be c1 ...7.."{@b...c.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0020: f3 6b 2b 6e 72 34 84 0e-da 6c 55 d8 fe 39 69 35 .k+nr4...lU..9i5 |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0030: e3 b6 7a ff 1c 59 a2 03-aa 5c d1 44 e0 fc f7 b0 ..z..Y...\\.D.... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0040: 52 17 cc d6 24 2e af 9e-de 6a 83 38 ae ea 5e d8 R...$....j.8..^. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0050: f0 e4 ce 4b a8 79 c4 a0-9d c0 77 af 7c cb 5c a6 ...K.y....w.|.\\. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0060: 83 16 3c 61 18 6c 56 ff-88 90 6a f1 c7 93 9b 08 ..<a.lV...j..... |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0070: c1 a8 ef 32 26 2b b7 20-b2 d8 4c 00 cd 53 d2 df ...2&+. ..L..S.. |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1830): | 0080: 99 71 d7 c2 bc a7 19 72-fd ce 72 b9 d4 10 9f 51 .q.....r..r....Q |
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_io.c(1836): +-------------------------------------------------------------------------+
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1951): [client XX.XX.11.89] SSL virtual host for servername rd-db.cnd.YY.com found
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 read client hello A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 write server hello A
[Thu Oct 29 11:25:03 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 write certificate A
[Thu Oct 29 11:25:04 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 write certificate request A
[Thu Oct 29 11:25:04 2009] [debug] ssl_engine_kernel.c(1883): OpenSSL: Loop: SSLv3 flush data
[Thu Oct 29 11:25:04 2009] [debug] ssl_engine_io.c(1869): OpenSSL: I/O error, 5 bytes expected to read on BIO#fd56b0 [mem: fdcc60]
[Thu Oct 29 11:25:04 2009] [debug] ssl_engine_kernel.c(1912): OpenSSL: Exit: error in SSLv3 read client certificate A
[Thu Oct 29 11:25:04 2009] [error] [client XX.XX.11.89] Re-negotiation handshake failed: Not accepted by client!?
-----Original Message-----
From: Berube, Steve (HP Software)
Sent: Thursday, October 29, 2009 11:12 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
Was wondering if anyone else had ideas here. I have a strace (Microsoft tool) of the trace, but my expertise in analyzing that is lacking.
-----Original Message-----
From: Berube, Steve (HP Software)
Sent: Tuesday, October 27, 2009 10:31 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
Ok quick update, I did that test and unfortunately no change in behavior. I can't access / now (as expected) but still no prompt for certificate. Other systems that work continue to work. Firefox no issue, one windows 7 IE system, no issue.
I am installing wireshark now.
-----Original Message-----
From: Berube, Steve (HP Software)
Sent: Tuesday, October 27, 2009 10:28 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
So for testing, are you asking I move SSLVerifyClient + SSLVerifyDepth to the entire virtual host directive?
e.g.
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
ServerName rd-db.cnd.hp.com:443
ServerAdmin admin@rd-db.hp.com
ErrorLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/error.log"
TransferLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/access.log"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 10
<Location />
SSLOptions +StdEnvVars
</location>
-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Tuesday, October 27, 2009 10:26 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
On Tue, Oct 27, 2009 at 10:21 AM, Berube, Steve (HP Software)
<st...@hp.com> wrote:
> My test originally was this
> <Location />
> SSLVerifyClient require
>
> SSLVerifyDepth 10
>
> SSLOptions +StdEnvVars
> </location>
>
> Same issue whether based on a directory or using the root location.
> I'm still trying to figure out why one and only IE works, but no others.
> I've tried HTTP Analyzer plugin for IE which only shows a single error (nothing else)
>
> ERROR_INTERNET_SECURITY_CHANNEL_ERROR
>
> Nothing else at all in the trace.
>
> If I go to the root url (which is SSL Enabled, but no client verify)
>
> I will try your suggestion of wireshark.
Putting it in <Location /> is still the more complicated case of:
handshake without request for client authentication
read request
server-driven renegotiation of the handshake with client authentication request
*hope IE prompts*
SSLVerifyClient is accepted in <VirtualHost> context, which should
cause the initial handshake to ask for a client cert.
>
>
> -----Original Message-----
> From: Eric Covener [mailto:covener@gmail.com]
> Sent: Tuesday, October 27, 2009 10:17 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
>
> On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
> <st...@hp.com> wrote:
>> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
>>
>> SSLVerifyClient require
>>
>> SSLVerifyDepth 10
>>
>> SSLOptions +StdEnvVars
>>
>> </Directory>
>
>
> Can you simplify your testing by setting this outside of per-directory
> config? Have you used wireshark to see if Apache is sending the
> proper list of trusted certificates that line up with whoever signed
> your certs in your HW device?
>
> Perhaps http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
> or http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath
> might help?
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Requesting help with Smart Card Client
Certificate Authentication issue.
Posted by "Berube, Steve (HP Software)" <st...@hp.com>.
Was wondering if anyone else had ideas here. I have a strace (Microsoft tool) of the trace, but my expertise in analyzing that is lacking.
-----Original Message-----
From: Berube, Steve (HP Software)
Sent: Tuesday, October 27, 2009 10:31 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
Ok quick update, I did that test and unfortunately no change in behavior. I can't access / now (as expected) but still no prompt for certificate. Other systems that work continue to work. Firefox no issue, one windows 7 IE system, no issue.
I am installing wireshark now.
-----Original Message-----
From: Berube, Steve (HP Software)
Sent: Tuesday, October 27, 2009 10:28 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
So for testing, are you asking I move SSLVerifyClient + SSLVerifyDepth to the entire virtual host directive?
e.g.
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
ServerName rd-db.cnd.hp.com:443
ServerAdmin admin@rd-db.hp.com
ErrorLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/error.log"
TransferLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/access.log"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 10
<Location />
SSLOptions +StdEnvVars
</location>
-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Tuesday, October 27, 2009 10:26 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
On Tue, Oct 27, 2009 at 10:21 AM, Berube, Steve (HP Software)
<st...@hp.com> wrote:
> My test originally was this
> <Location />
> SSLVerifyClient require
>
> SSLVerifyDepth 10
>
> SSLOptions +StdEnvVars
> </location>
>
> Same issue whether based on a directory or using the root location.
> I'm still trying to figure out why one and only IE works, but no others.
> I've tried HTTP Analyzer plugin for IE which only shows a single error (nothing else)
>
> ERROR_INTERNET_SECURITY_CHANNEL_ERROR
>
> Nothing else at all in the trace.
>
> If I go to the root url (which is SSL Enabled, but no client verify)
>
> I will try your suggestion of wireshark.
Putting it in <Location /> is still the more complicated case of:
handshake without request for client authentication
read request
server-driven renegotiation of the handshake with client authentication request
*hope IE prompts*
SSLVerifyClient is accepted in <VirtualHost> context, which should
cause the initial handshake to ask for a client cert.
>
>
> -----Original Message-----
> From: Eric Covener [mailto:covener@gmail.com]
> Sent: Tuesday, October 27, 2009 10:17 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
>
> On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
> <st...@hp.com> wrote:
>> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
>>
>> SSLVerifyClient require
>>
>> SSLVerifyDepth 10
>>
>> SSLOptions +StdEnvVars
>>
>> </Directory>
>
>
> Can you simplify your testing by setting this outside of per-directory
> config? Have you used wireshark to see if Apache is sending the
> proper list of trusted certificates that line up with whoever signed
> your certs in your HW device?
>
> Perhaps http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
> or http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath
> might help?
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Requesting help with Smart Card Client
Certificate Authentication issue.
Posted by "Berube, Steve (HP Software)" <st...@hp.com>.
Ok quick update, I did that test and unfortunately no change in behavior. I can't access / now (as expected) but still no prompt for certificate. Other systems that work continue to work. Firefox no issue, one windows 7 IE system, no issue.
I am installing wireshark now.
-----Original Message-----
From: Berube, Steve (HP Software)
Sent: Tuesday, October 27, 2009 10:28 AM
To: users@httpd.apache.org
Subject: RE: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
So for testing, are you asking I move SSLVerifyClient + SSLVerifyDepth to the entire virtual host directive?
e.g.
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
ServerName rd-db.cnd.hp.com:443
ServerAdmin admin@rd-db.hp.com
ErrorLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/error.log"
TransferLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/access.log"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 10
<Location />
SSLOptions +StdEnvVars
</location>
-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Tuesday, October 27, 2009 10:26 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
On Tue, Oct 27, 2009 at 10:21 AM, Berube, Steve (HP Software)
<st...@hp.com> wrote:
> My test originally was this
> <Location />
> SSLVerifyClient require
>
> SSLVerifyDepth 10
>
> SSLOptions +StdEnvVars
> </location>
>
> Same issue whether based on a directory or using the root location.
> I'm still trying to figure out why one and only IE works, but no others.
> I've tried HTTP Analyzer plugin for IE which only shows a single error (nothing else)
>
> ERROR_INTERNET_SECURITY_CHANNEL_ERROR
>
> Nothing else at all in the trace.
>
> If I go to the root url (which is SSL Enabled, but no client verify)
>
> I will try your suggestion of wireshark.
Putting it in <Location /> is still the more complicated case of:
handshake without request for client authentication
read request
server-driven renegotiation of the handshake with client authentication request
*hope IE prompts*
SSLVerifyClient is accepted in <VirtualHost> context, which should
cause the initial handshake to ask for a client cert.
>
>
> -----Original Message-----
> From: Eric Covener [mailto:covener@gmail.com]
> Sent: Tuesday, October 27, 2009 10:17 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
>
> On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
> <st...@hp.com> wrote:
>> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
>>
>> SSLVerifyClient require
>>
>> SSLVerifyDepth 10
>>
>> SSLOptions +StdEnvVars
>>
>> </Directory>
>
>
> Can you simplify your testing by setting this outside of per-directory
> config? Have you used wireshark to see if Apache is sending the
> proper list of trusted certificates that line up with whoever signed
> your certs in your HW device?
>
> Perhaps http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
> or http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath
> might help?
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Requesting help with Smart Card Client
Certificate Authentication issue.
Posted by "Berube, Steve (HP Software)" <st...@hp.com>.
So for testing, are you asking I move SSLVerifyClient + SSLVerifyDepth to the entire virtual host directive?
e.g.
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs"
ServerName rd-db.cnd.hp.com:443
ServerAdmin admin@rd-db.hp.com
ErrorLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/error.log"
TransferLog "C:/Program Files/Apache Software Foundation/Apache2.2/logs/access.log"
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLVerifyClient require
SSLVerifyDepth 10
<Location />
SSLOptions +StdEnvVars
</location>
-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Tuesday, October 27, 2009 10:26 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
On Tue, Oct 27, 2009 at 10:21 AM, Berube, Steve (HP Software)
<st...@hp.com> wrote:
> My test originally was this
> <Location />
> SSLVerifyClient require
>
> SSLVerifyDepth 10
>
> SSLOptions +StdEnvVars
> </location>
>
> Same issue whether based on a directory or using the root location.
> I'm still trying to figure out why one and only IE works, but no others.
> I've tried HTTP Analyzer plugin for IE which only shows a single error (nothing else)
>
> ERROR_INTERNET_SECURITY_CHANNEL_ERROR
>
> Nothing else at all in the trace.
>
> If I go to the root url (which is SSL Enabled, but no client verify)
>
> I will try your suggestion of wireshark.
Putting it in <Location /> is still the more complicated case of:
handshake without request for client authentication
read request
server-driven renegotiation of the handshake with client authentication request
*hope IE prompts*
SSLVerifyClient is accepted in <VirtualHost> context, which should
cause the initial handshake to ask for a client cert.
>
>
> -----Original Message-----
> From: Eric Covener [mailto:covener@gmail.com]
> Sent: Tuesday, October 27, 2009 10:17 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
>
> On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
> <st...@hp.com> wrote:
>> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
>>
>> SSLVerifyClient require
>>
>> SSLVerifyDepth 10
>>
>> SSLOptions +StdEnvVars
>>
>> </Directory>
>
>
> Can you simplify your testing by setting this outside of per-directory
> config? Have you used wireshark to see if Apache is sending the
> proper list of trusted certificates that line up with whoever signed
> your certs in your HW device?
>
> Perhaps http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
> or http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath
> might help?
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Requesting help with Smart Card Client Certificate
Authentication issue.
Posted by Eric Covener <co...@gmail.com>.
On Tue, Oct 27, 2009 at 10:21 AM, Berube, Steve (HP Software)
<st...@hp.com> wrote:
> My test originally was this
> <Location />
> SSLVerifyClient require
>
> SSLVerifyDepth 10
>
> SSLOptions +StdEnvVars
> </location>
>
> Same issue whether based on a directory or using the root location.
> I'm still trying to figure out why one and only IE works, but no others.
> I've tried HTTP Analyzer plugin for IE which only shows a single error (nothing else)
>
> ERROR_INTERNET_SECURITY_CHANNEL_ERROR
>
> Nothing else at all in the trace.
>
> If I go to the root url (which is SSL Enabled, but no client verify)
>
> I will try your suggestion of wireshark.
Putting it in <Location /> is still the more complicated case of:
handshake without request for client authentication
read request
server-driven renegotiation of the handshake with client authentication request
*hope IE prompts*
SSLVerifyClient is accepted in <VirtualHost> context, which should
cause the initial handshake to ask for a client cert.
>
>
> -----Original Message-----
> From: Eric Covener [mailto:covener@gmail.com]
> Sent: Tuesday, October 27, 2009 10:17 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
>
> On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
> <st...@hp.com> wrote:
>> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
>>
>> SSLVerifyClient require
>>
>> SSLVerifyDepth 10
>>
>> SSLOptions +StdEnvVars
>>
>> </Directory>
>
>
> Can you simplify your testing by setting this outside of per-directory
> config? Have you used wireshark to see if Apache is sending the
> proper list of trusted certificates that line up with whoever signed
> your certs in your HW device?
>
> Perhaps http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
> or http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath
> might help?
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Requesting help with Smart Card Client
Certificate Authentication issue.
Posted by "Berube, Steve (HP Software)" <st...@hp.com>.
My test originally was this
<Location />
SSLVerifyClient require
SSLVerifyDepth 10
SSLOptions +StdEnvVars
</location>
Same issue whether based on a directory or using the root location.
I'm still trying to figure out why one and only IE works, but no others.
I've tried HTTP Analyzer plugin for IE which only shows a single error (nothing else)
ERROR_INTERNET_SECURITY_CHANNEL_ERROR
Nothing else at all in the trace.
If I go to the root url (which is SSL Enabled, but no client verify)
I will try your suggestion of wireshark.
-----Original Message-----
From: Eric Covener [mailto:covener@gmail.com]
Sent: Tuesday, October 27, 2009 10:17 AM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Requesting help with Smart Card Client Certificate Authentication issue.
On Mon, Oct 26, 2009 at 10:36 PM, Berube, Steve (HP Software)
<st...@hp.com> wrote:
> <Directory "C:/Program Files/Apache Software Foundation/Apache2.2/cgi-bin">
>
> SSLVerifyClient require
>
> SSLVerifyDepth 10
>
> SSLOptions +StdEnvVars
>
> </Directory>
Can you simplify your testing by setting this outside of per-directory
config? Have you used wireshark to see if Apache is sending the
proper list of trusted certificates that line up with whoever signed
your certs in your HW device?
Perhaps http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcertificatechainfile
or http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslcacertificatepath
might help?
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org