Article delegate-en/1162 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A1146@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: sslway client auth problem
20 May 2001 10:57:45 GMT Roger Buck <peecabdyi-dyd2yvfw6vxr.ml@ml.delegate.org>
-= Studio of Arts And Sciences =-


Yutaka Sato wrote:

Hi Yutaka, I have applied http.c patch (see below) but problem (multiple
prompts for client certificate) remains.

Change of behaviour following installation of patch:

1. The problem is less severe (seems like fewer prompts - but I have not
counted and compared - I will test properly later)

2. Browser does not crash (even though you said you could not fix that
;^)!

I have confirmed that stunnel does not have same problem (clean install
of stunnel-3.14 and openssl-o.9.6a on form tarball on my delegate/sslway
server - using same certificates as delegate/sslway)

I have not had time to investigate your other suggestions further (I
have been out of town for last week) but will get back to you with more
detail in next few days.

With thanks,

R.

> On 05/13/01(13:24) you Roger Buck <peecabdyi-dyd2yvfw6vxr.ml@ml.delegate.org> wrote
> in <_A1145@delegate-en.ML_>
>  |Unfortunately, the original problem remains.
>  |
>  |I upgraded Delegate to V7.3 (latest release version), before applying
>  |the sslway patch. I think I have applied the sslway patch correctly, and
>  |followed your instructions for -Verify 0 switch.
>  |
>  |I am attaching my test configuration and log files and hope they might
>  |help. The log file is for a coplete session - from starting Delegate
>  |through to browser connection - and final broser termination (browser
>  |client crashes).
[--snip--]
> Enabling "Keep-Alive" of a HTTP connection, with enclosed patch, even
> when working with FCL filter may reduce the verification.
> 
> (The cause of browser crashing is out of my scope, of course :-p)
> 
>  |Please let me know if there is anything else I can test.
> 
> Tell me:
> - isn't there a way to suppress the "prompt to load certificate"?
> - how do you use "stunnel" which you said works without problem?
>   is that works equivalently with DeleGate+SSLway?
> 
> Cheers,
> Yutaka
> --
>   @ @ Yutaka Sato <y.sato@delegate.org> http://www.delegate.org/y.sato/
>  ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
> _<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
> 
> *** ../../delegate7.3.0/src/http.c      Fri Apr 20 16:19:05 2001
[[-snip--]

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V