Welcome! Log In Create A New Profile

Advanced

Re: 400 Bad Request.No required SSL certificate was sent

August 07, 2014 09:17AM
Сейчас идёт тестирование на CentOS 5.2

Установил CURL
[root@nginx-test nginx]# curl --version
curl 7.37.1 (x86_64-unknown-linux-gnu) libcurl/7.37.1
=========================================

если ssl_protocols TSLv1 или ниже - то всё ок

то коннект есть:
==================================================================
[root@nginx-test nginx]# openssl s_client -host nginx-test -port 443
CONNECTED(00000003)
depth=1 C = RU, ST = RO, L = Rostov-on-Don, O = IT, OU = admin, CN = rootCA, emailAddress = xxx@xxx.com
verify return:1
depth=0 C = RU, ST = RO, L = Rostov-on-Don, O = IT, OU = admin, CN = serverCert, emailAddress = xxx@xxx.com
verify return:1
---
Certificate chain
0 s:/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=serverCert/emailAddress=xxx@xxx.com
i:/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=rootCA/emailAddress=xxx@xxx.com
1 s:/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=rootCA/emailAddress=xxx@xxx.com
i:/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=rootCA/emailAddress=xxx@xxx.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICbDCCAdUCAQEwDQYJKoZIhvcNAQEFBQAwfDELMAkGA1UEBhMCUlUxCzAJBgNV
BAgMAlJPMRYwFAYDVQQHDA1Sb3N0b3Ytb24tRG9uMQswCQYDVQQKDAJJVDEOMAwG
A1UECwwFYWRtaW4xDzANBgNVBAMMBnJvb3RDQTEaMBgGCSqGSIb3DQEJARYLeHh4
QHh4eC5jb20wHhcNMTQwODA3MTE0NTE1WhcNMTUwODA3MTE0NTE1WjCBgDELMAkG
A1UEBhMCUlUxCzAJBgNVBAgMAlJPMRYwFAYDVQQHDA1Sb3N0b3Ytb24tRG9uMQsw
CQYDVQQKDAJJVDEOMAwGA1UECwwFYWRtaW4xEzARBgNVBAMMCnNlcnZlckNlcnQx
GjAYBgkqhkiG9w0BCQEWC3h4eEB4eHguY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQCegO3ddTQ9dm5wxMA51/6AiNnv+QWJK9bFpotI9VC7D7NtPVUzn8+Q
dbwoZ7cz7I2i8Mvy/rICMW8ugNHxxsOXwz8/E57UcN0Eo9nAst01ozqEf1xUWQFc
XwnJlJckNon1T7U7o7vWZbQ/aDwumJQeFTDvgxG0eoICW0nToQbJZQIDAQABMA0G
CSqGSIb3DQEBBQUAA4GBAIfggJ542ulFtibbOM/DGeuoxQe1pukoD8QdqWpXHyUm
ogbh+4/L/PF23EcGVNUJBH87yhblVXmSBsDnS2IZ7YuNAuwkrzmlVnh66e5qCx+M
0pOPnJoM+scDTDZW7sK7ImVh8XsNGrcXs7bRyWPajiDRRy4i3cU8CdVmUDpu9wX4
-----END CERTIFICATE-----
subject=/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=serverCert/emailAddress=xxx@xxx.com
issuer=/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=rootCA/emailAddress=xxx@xxx.com
---
Acceptable client certificate CA names
/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=rootCA/emailAddress=xxx@xxx.com
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 2051 bytes and written 513 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 56098C9259B6B7791C769AC0923D370B31C0D001D337006698BC200E8A773D60
Session-ID-ctx:
Master-Key: 6ACBB550AEE71E4152924A3273CC458305F3909A7DC656B9C4AB66210A41939E1A3E349CD81ACD7C919727E3973B2156
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1407416980
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
==============================================================================


В Opera и IE также нормально работают с сайтом. Проблемы Chrome - это его проблемы и буду писать в их саппорт если прижмёт.
Хотя пробовал и с именованым сайтом и с вызовами напрямую через IP.


но вот если ssl_protocols TSLv1.1 или выше - то :

==============================================================================

[root@nginx-test nginx]# openssl s_client -host nginx-test -port 443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 303 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
==================================================================
Subject Author Posted

400 Bad Request.No required SSL certificate was sent

esirenko August 05, 2014 02:13AM

Re: 400 Bad Request.No required SSL certificate was sent

esirenko August 05, 2014 02:14AM

Re: 400 Bad Request.No required SSL certificate was sent

Maxim Dounin August 05, 2014 11:40AM

Re: 400 Bad Request.No required SSL certificate was sent

esirenko August 06, 2014 01:51AM

Re: 400 Bad Request.No required SSL certificate was sent

esirenko August 06, 2014 03:48AM

Re: 400 Bad Request.No required SSL certificate was sent

Maxim Dounin August 06, 2014 04:36AM

Re: 400 Bad Request.No required SSL certificate was sent

esirenko August 07, 2014 09:17AM

Re: 400 Bad Request.No required SSL certificate was sent

Maxim Dounin August 08, 2014 06:48AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 61
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready