[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 62609] New: ERR_SSL_PROTOCOL_ERROR with SSLVerifyClient in 2.4.34 when using custom CA


            Bug ID: 62609
           Summary: ERR_SSL_PROTOCOL_ERROR with SSLVerifyClient in 2.4.34
                    when using custom CA
           Product: Apache httpd-2
           Version: 2.4.34
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: mod_ssl
          Assignee: bugs@xxxxxxxxxxxxxxxx
          Reporter: michiel@xxxxxxxxxxx
  Target Milestone: ---

Created attachment 36079
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36079&action=edit
apache config

Version 2.4.33 works fine, reverting fixes the issue for now.

We use our own "CA" with client certificate's in order to identify clients.

When using "SSLVerifyClient" with any setting other than none results in all
browsers being unable to contact the server. ("The FetchEvent for
"https://kiosk.fyn.nl/"; resulted in a network error response: the promise was
rejected." and ERR_SSL_PROTOCOL_ERROR).

No access or error log is written at any given point when using 2.4.34 for this
vhost, but it doe's write the following to the first available vhost with the
same portnumber and the same IPv[4|6] protocol: "AH02039: Certificate
Verification: Error (50): application verification failure"

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx