iPXE discussion forum / iPXE user forums / General v / Problem with certificates

Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Problem with certificates
2014-06-03, 09:12 (This post was last modified: 2014-06-03 09:21 by welty.)
Post: #6
welty Offline
iPXE User
**
 		Posts: 11
Joined: 2014-May
Reputation: 0
RE: Problem with certificates
Thanks for the answer.
I use a script because I made lot of tests ...
I retried from http://ipxe.org/crypto to be sure and now, I have another problem already seen here : http://forum.ipxe.org/printthread.php?tid=6855
I tried the solution to add "SSLRequire %{SSL_CLIENT_S_DN_O} eq xx " but no success ...

On the serial line :
[undefined=undefined]TLS 0x26554 RX IV: = 0x1
000a69b8 : 81 e3 18 94 18 59 18 c3-5e a1 73 66 73 f3 9d 2b : .....Y..^.sfs..+ = 0x1
TLS 0x26554 found certificate am2-mn.bx = 0x1
TLS 0x26554 found certificate diskless = 0x1
TLS 0x26554 certificate validation succeeded = 0x1
TLS 0x26554 received fatal alert 40 = 0x1
Operation not permitted (http://ipxe.org/410de13c) = 0x1
Could not boot image: Operation not permitted (http://ipxe.org/410de13c) = 0x1
No more network devices [/undefined]


On server side :
[Tue Jun 03 10:03:29.873348 2014] [socache_shmcb:debug] [pid 5107] mod_socache_shmcb.c(485): AH00831: socache_shmcb_store (0x21 -> subcache 1)
[Tue Jun 03 10:03:29.873374 2014] [socache_shmcb:debug] [pid 5107] mod_socache_shmcb.c(810): AH00847: insert happened at idx=0, data=(0:32)
[Tue Jun 03 10:03:29.873379 2014] [socache_shmcb:debug] [pid 5107] mod_socache_shmcb.c(815): AH00848: finished insert, subcache: idx_pos/idx_used=0/1, data_pos/data_used=0/198
[Tue Jun 03 10:03:29.873420 2014] [socache_shmcb:debug] [pid 5107] mod_socache_shmcb.c(506): AH00834: leaving socache_shmcb_store successfully
[Tue Jun 03 10:03:29.873474 2014] [ssl:debug] [pid 5107] ssl_engine_kernel.c(1846): [client 172.29.40.128:1023] AH02041: Protocol: TLSv1, Cipher: AES256-SHA (256/256 bits)
[Tue Jun 03 10:03:29.873542 2014] [ssl:debug] [pid 5107] ssl_engine_kernel.c(224): [client 172.29.40.128:1023] AH02034: Initial (No.1) HTTPS request received for child 2 (server m2-mn.bx:443)
[Tue Jun 03 10:03:29.873708 2014] [ssl:debug] [pid 5107] ssl_engine_kernel.c(572): [client 172.29.40.128:1023] AH02255: Changed client verification type will force renegotiation
[Tue Jun 03 10:03:29.873719 2014] [ssl:info] [pid 5107] [client 172.29.40.128:1023] AH02221: Requesting connection re-negotiation
[Tue Jun 03 10:03:29.873737 2014] [ssl:debug] [pid 5107] ssl_engine_kernel.c(772): [client 172.29.40.128:1023] AH02260: Performing full renegotiation: complete handshake protocol (client does not support secure renegotiation)
[Tue Jun 03 10:03:29.873770 2014] [ssl:error] [pid 5107] [client 172.29.40.128:1023] AH02225: Re-negotiation request failed
[Tue Jun 03 10:03:29.873795 2014] [ssl:error] [pid 5107] SSL Library Error: error:14080152:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled
[Tue Jun 03 10:03:29.873862 2014] [ssl:info] [pid 5107] (11)Resource temporarily unavailable: [client 172.29.40.128:1023] AH02008: SSL library error 1 in handshake (server m2-mn.bx:443)
[Tue Jun 03 10:03:29.873891 2014] [ssl:info] [pid 5107] SSL Library Error: error:14080152:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled
[Tue Jun 03 10:03:29.873898 2014] [ssl:info] [pid 5107] [client 172.29.40.128:1023] AH01998: Connection closed to child 2 with abortive shutdown (server m2-mn.bx:443)

And with a wget client :
ue Jun 03 10:09:46.726666 2014] [ssl:debug] [pid 5577] ssl_engine_kernel.c(1913): [client 172.29.40.129:38639] AH02043: SSL virtual host for servername m2-mn.bx found
[Tue Jun 03 10:09:46.737686 2014] [ssl:debug] [pid 5577] ssl_engine_kernel.c(1846): [client 172.29.40.129:38639] AH02041: Protocol: TLSv1, Cipher: ECDHE-RSA-AES256-SHA (256/256 bits)
[Tue Jun 03 10:09:46.738059 2014] [ssl:debug] [pid 5577] ssl_engine_kernel.c(224): [client 172.29.40.129:38639] AH02034: Initial (No.1) HTTPS request received for child 1 (server m2-mn.bx:443)
[Tue Jun 03 10:09:46.738175 2014] [ssl:debug] [pid 5577] ssl_engine_kernel.c(572): [client 172.29.40.129:38639] AH02255: Changed client verification type will force renegotiation
[Tue Jun 03 10:09:46.738185 2014] [ssl:info] [pid 5577] [client 172.29.40.129:38639] AH02221: Requesting connection re-negotiation
[Tue Jun 03 10:09:46.738202 2014] [ssl:debug] [pid 5577] ssl_engine_kernel.c(772): [client 172.29.40.129:38639] AH02260: Performing full renegotiation: complete handshake protocol (client does support secure renegotiation)
[Tue Jun 03 10:09:46.738238 2014] [ssl:info] [pid 5577] [client 172.29.40.129:38639] AH02226: Awaiting re-negotiation handshake
[Tue Jun 03 10:09:46.738475 2014] [ssl:debug] [pid 5577] ssl_engine_kernel.c(1913): [client 172.29.40.129:38639] AH02043: SSL virtual host for servername m2-mn.bx found
[Tue Jun 03 10:09:46.752408 2014] [ssl:debug] [pid 5577] ssl_engine_kernel.c(1383): [client 172.29.40.129:38639] AH02275: Certificate Verification, depth 1, CRL checking mode: none [subject: CN=diskless,O=Bx,L=Grenoble,ST=Isere,C=FR / issuer: CN=diskless,O=Bx,L=Grenoble,ST=Isere,C=FR / serial: E0FB8BD9EB99D6B8 / notbefore: Jun 3 07:00:12 2014 GMT / notafter: Feb 27 07:00:12 2017 GMT]
[Tue Jun 03 10:09:46.752519 2014] [ssl:debug] [pid 5577] ssl_engine_kernel.c(1383): [client 172.29.40.129:38639] AH02275: Certificate Verification, depth 0, CRL checking mode: none [subject: CN=rama44-mn.bullx,O=Bx,L=Grenoble,ST=Isere,C=FR / issuer: CN=diskless,O=Bx,L=Grenoble,ST=Isere,C=FR / serial: 02 / notbefore: Jun 3 07:49:16 2014 GMT / notafter: Sep 1 07:49:16 2014 GMT]
[Tue Jun 03 10:09:46.753475 2014] [ssl:debug] [pid 5577] ssl_engine_kernel.c(1846): [client 172.29.40.129:38639] AH02041: Protocol: TLSv1, Cipher: ECDHE-RSA-AES256-SHA (256/256 bits)
[Tue Jun 03 10:09:46.753505 2014] [authz_core:debug] [pid 5577] mod_authz_core.c(802): [client 172.29.40.129:38639] AH01626: authorization result of Require all granted: granted
[Tue Jun 03 10:09:46.753511 2014] [authz_core:debug] [pid 5577] mod_authz_core.c(802): [client 172.29.40.129:38639] AH01626: authorization result of <RequireAny>: granted

Thank you for any help !

Regards

Welty
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
Problem with certificates - welty - 2014-05-28, 07:59
RE: Problem with certificates - mcb30 - 2014-06-02, 11:03
RE: Problem with certificates - welty - 2014-06-02, 13:08
RE: Problem with certificates - mcb30 - 2014-06-02, 13:42
RE: Problem with certificates - welty - 2014-06-03 09:12
RE: Problem with certificates - welty - 2014-06-03, 10:24
RE: Problem with certificates - mcb30 - 2014-06-03, 11:15
RE: Problem with certificates - welty - 2014-06-03, 11:53
RE: Problem with certificates - mcb30 - 2014-06-11, 20:15
RE: Problem with certificates - welty - 2014-06-12, 15:25
RE: Problem with certificates - mcb30 - 2014-06-12, 15:47
RE: Problem with certificates - welty - 2014-06-17, 14:29
RE: Problem with certificates - mcb30 - 2014-06-17, 15:03
RE: Problem with certificates - welty - 2014-07-21, 15:09
RE: Problem with certificates - mcb30 - 2014-07-21, 17:45
RE: Problem with certificates - welty - 2014-07-22, 16:17
RE: Problem with certificates - mcb30 - 2014-07-22, 16:36
RE: Problem with certificates - welty - 2014-07-23, 08:03
RE: Problem with certificates - welty - 2014-07-23, 13:12
RE: Problem with certificates - mcb30 - 2014-07-28, 13:21



User(s) browsing this thread: 3 Guest(s)

Contact Us | iPXE home page | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication