[lug] apache ssl error (intermittent)
Ben Luey
bluey at iguanaworks.net
Fri May 13 07:56:45 MDT 2011
> Have you tried using s_client from openssl?
>
Thanks for the suggestion. When it works right, I get a nice long log.
When it fails I get:
user at example:/tmp$ openssl s_client -connect example.com:443
CONNECTED(00000003)
depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert
Class 2 Policy Validation
Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
4263:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
type is not 01:rsa_pk1.c:100:
4263:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.c:699:
4263:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad
signature:s3_clnt.c:1415:
Normally, I get the Certificate chains shown and then the certificate
key. Could this be some internet / networking issues with valicert.com
(who are they?)
> This still goes through the network stack. Even if example.comresolves to 127.0.0.1 you still have kernel network layers involved.
>
> Nothing shows up in dmesg or the system logs (e.g. firewall messages)?
>
Right, but since I see this problem when connecting from the server in
question, from the internal network or from the internet, I doubt it is
a networking issue. I don't see anything in dmesg or firewall or
anything. Also, if I run
openssl s_client -connect localhost:443
I get the same results -- sometimes it works, sometimes I get the above
error.
Any ideas appreciated -- Thanks,
Ben
More information about the LUG
mailing list