From owner-freebsd-current  Sat May  6 18:11:32 2000
Delivered-To: freebsd-current@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id E34D437B57A
	for <current@FreeBSD.ORG>; Sat,  6 May 2000 18:11:29 -0700 (PDT)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id VAA96862;
	Sat, 6 May 2000 21:11:20 -0400 (EDT)
	(envelope-from wollman)
Date: Sat, 6 May 2000 21:11:20 -0400 (EDT)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200005070111.VAA96862@khavrinen.lcs.mit.edu>
To: Forrest Aldrich <forrie@navipath.com>
Cc: current@FreeBSD.ORG
Subject: Re: RSA decrypt problems
In-Reply-To: <20000505231642.F13732@drama.navipath.com>
References: <Pine.OSF.4.21.0005052044380.19519-100000@fly.HiWAAY.net>
	<Pine.BSF.4.21.0005052004240.24050-100000@freefall.freebsd.org>
	<20000505231642.F13732@drama.navipath.com>
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

<<On Fri, 5 May 2000 23:16:42 -0400, Forrest Aldrich <forrie@navipath.com> said:

> FWIW, I've had a weird (perhaps related) problem, only in the
> reverse.   After creating a certificate (ie: 'make certificate' in
> apache), I was unable to connect to the server from a Netscape
> 4.72 browser.  It only told me there was a decryption error in the
> apache logs.

I've had this problem with recent values of OpenSSL since last
November.  I haven't gotten around to playing with permutations of the
openssl.cnf file yet.  I tried my site certificate on various versions
of Netscape and Exploder, and all of them failed in a similar manner,
but `openssl s_client' worked just fine, and all the other clients
failed identically against `openssl s_server'.  I sent a note about
this to the OpenSSL mailing-list, and did not receive a single
relevant response.  (I guess they're not used to people who run their
own certificate authorities.)  [This is one of the areas in which my
job requires me to play with stuff which I would not use myself for
programming-freedom reasons.  At least we don't have to pay Jim Bidzos
for the privilege....]

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message