git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OCSP in 2.4 with OpenSSL 0.9.8(zh)


I get test suite failures for t/ssl/ocsp.t when the server is build against OpenSSL 0.9.8zh. I can't judge on whether that is expected for OpenSSL 0.9.8.

Example error log:

...
18 14:15:11.833126 [ssl:debug] ssl_util_ocsp.c(406): Configuring Trusted OCSP certificates
...
18 14:15:12.238943 [ssl:info] AH01876: mod_ssl/2.4.36 compiled against Server: Apache/2.4.36, Library: OpenSSL/0.9.8zh
...
18 14:15:14.015398 [ssl:info] AH01964: Connection to child 0 established (server localhost:8535) 18 14:15:14.015949 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found 18 14:15:14.143610 [ssl:info] AH02008: SSL library error 1 in handshake (server localhost:8535) 18 14:15:14.143662 [ssl:info] SSL Library Error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate -- No CAs known to server for verification? 18 14:15:14.143670 [ssl:info] AH01998: Connection closed to child 0 with abortive shutdown (server localhost:8535)

18 14:15:14.166594 [ssl:info] AH01964: Connection to child 1 established (server localhost:8535) 18 14:15:14.166901 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found 18 14:15:14.208760 [ssl:debug] ssl_engine_kernel.c(1749): AH02275: Certificate Verification, depth 1, CRL checking mode: none (0) [subject: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=ca,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / issuer: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=ca,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / serial: B959B377BC9B01EE / notbefore: Oct 18 01:35:05 2018 GMT / notafter: Oct 18 01:35:05 2019 GMT] 18 14:15:14.208953 [ssl:debug] ssl_engine_kernel.c(1749): AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=client_ok,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / issuer: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=ca,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / serial: 09 / notbefore: Oct 18 01:35:08 2018 GMT / notafter: Oct 18 01:35:08 2019 GMT] 18 14:15:14.209355 [ssl:debug] ssl_util_ocsp.c(99): AH01973: connecting to OCSP responder 'localhost:8529' 18 14:15:14.209449 [ssl:debug] ssl_util_ocsp.c(125): AH01975: sending request to OCSP responder 18 14:15:14.270405 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: Date: Thu, 18 Oct 2018 12:15:14 GMT 18 14:15:14.270423 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: Server: Apache/2.4.36 (Unix) OpenSSL/0.9.8zh 18 14:15:14.270428 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: Vary: In-If1 18 14:15:14.270432 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: DMMATCH1: 1 18 14:15:14.270436 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: Connection: close 18 14:15:14.270440 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: Content-Type: application/ocsp-response
18 14:15:14.276787 [ssl:error] AH01988: failed to decode OCSP response data
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
18 14:15:14.276823 [ssl:error] SSL Library Error: error:0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
18 14:15:14.276950 [ssl:info] AH02276: Certificate Verification: Error (50): application verification failure [subject: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=client_ok,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / issuer: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=ca,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / serial: 09 / notbefore: Oct 18 01:35:08 2018 GMT / notafter: Oct 18 01:35:08 2019 GMT] 18 14:15:14.277136 [ssl:info] AH02008: SSL library error 1 in handshake (server localhost:8535) 18 14:15:14.277156 [ssl:info] SSL Library Error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 18 14:15:14.277162 [ssl:info] AH01998: Connection closed to child 1 with abortive shutdown (server localhost:8535)

18 14:15:14.284803 [ssl:info] AH01964: Connection to child 0 established (server localhost:8535) 18 14:15:14.285098 [ssl:debug] ssl_engine_kernel.c(2328): AH02043: SSL virtual host for servername localhost found 18 14:15:14.326054 [ssl:debug] ssl_engine_kernel.c(1749): AH02275: Certificate Verification, depth 1, CRL checking mode: none (0) [subject: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=ca,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / issuer: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=ca,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / serial: B959B377BC9B01EE / notbefore: Oct 18 01:35:05 2018 GMT / notafter: Oct 18 01:35:05 2019 GMT] 18 14:15:14.326248 [ssl:debug] ssl_engine_kernel.c(1749): AH02275: Certificate Verification, depth 0, CRL checking mode: none (0) [subject: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=client_revoked,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / issuer: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=ca,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / serial: 01 / notbefore: Oct 18 01:35:05 2018 GMT / notafter: Oct 18 01:35:05 2019 GMT] 18 14:15:14.326491 [ssl:debug] ssl_util_ocsp.c(99): AH01973: connecting to OCSP responder 'localhost:8529' 18 14:15:14.326574 [ssl:debug] ssl_util_ocsp.c(125): AH01975: sending request to OCSP responder 18 14:15:14.371043 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: Date: Thu, 18 Oct 2018 12:15:14 GMT 18 14:15:14.371060 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: Server: Apache/2.4.36 (Unix) OpenSSL/0.9.8zh 18 14:15:14.371065 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: Vary: In-If1 18 14:15:14.371070 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: DMMATCH1: 1 18 14:15:14.371073 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: Connection: close 18 14:15:14.371077 [ssl:debug] ssl_util_ocsp.c(235): AH01981: OCSP response header: Content-Type: application/ocsp-response
18 14:15:14.375883 [ssl:error] AH01988: failed to decode OCSP response data
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
18 14:15:14.375914 [ssl:error] SSL Library Error: error:0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough data
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
18 14:15:14.376043 [ssl:info] AH02276: Certificate Verification: Error (50): application verification failure [subject: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=client_revoked,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / issuer: emailAddress=test-dev@xxxxxxxxxxxxxxxx,CN=ca,OU=httpd-test,O=ASF,L=San Francisco,ST=California,C=US / serial: 01 / notbefore: Oct 18 01:35:05 2018 GMT / notafter: Oct 18 01:35:05 2019 GMT] 18 14:15:14.376227 [ssl:info] AH02008: SSL library error 1 in handshake (server localhost:8535) 18 14:15:14.376243 [ssl:info] SSL Library Error: error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned 18 14:15:14.376248 [ssl:info] AH01998: Connection closed to child 0 with abortive shutdown (server localhost:8535)

Regards,

Rainer