[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug-wget] Client authentication with certificate
From: |
Roberto Molinari |
Subject: |
[Bug-wget] Client authentication with certificate |
Date: |
Fri, 16 Mar 2012 10:36:37 +0100 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101207 Lightning/1.0b2 ObetStats/CAT_1301666017336-134305996 Thunderbird/3.1.7 |
I'm testing client authentication on a Web Server running wget on
different clients.
I'm using the same wget command on all (4) clients and with the same
client certificate and private key.
I get the expected result (client authenticated) on just one client:
Wget 1.12 on linux-gnu.
The other 3 clients are not authenticated with similar errors on the
webserver side.
wget -d -U firefox --secure-protocol=SSLv3 --no-check-certificate
--certificate=./cert.pem --certificate-type=PEM
--private-key=./key.pem --private-key-type=PEM
https://192.168.1.1/INTE/VoucherService_v1_0
Test #1 (this is OK):
--------------------------
Setting --user-agent (useragent) to firefox
Setting --secure-protocol (secureprotocol) to SSLv3
Setting --check-certificate (checkcertificate) to 0
Setting --certificate (certificate) to ./cert.pem
Setting --certificate-type (certificatetype) to PEM
Setting --private-key (privatekey) to ./key.pem
Setting --private-key-type (privatekeytype) to PEM
DEBUG output created by *Wget 1.12 on linux-gnu*.
Result: Client authenticated.
Test #2 (KO):
-------------
Setting --user-agent (useragent) to firefox
Setting --secure-protocol (secureprotocol) to SSLv3
Setting --check-certificate (checkcertificate) to 0
Setting --certificate (certificate) to cert.pem
Setting --certificate-type (certificatetype) to PEM
Setting --private-key (privatekey) to key.pem
Setting --private-key-type (privatekeytype) to PEM
DEBUG output created by *Wget 1.11.4 on Windows-MSVC*.
Result: Client NOT authenticated. ERROR 403: Forbidden.
WebServer errorlog:
[16/Mar/2012:08:17:50] failure ( 4979): trying to GET
/INTE/VoucherService_v1_0, Client-Auth reports: HTTP4028: Error
completing handshake (SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: SSL
renegotiation is not allowed.)
[16/Mar/2012:08:17:50] security ( 4979): HTTP4290: get_auth_user_ssl:
client passed no certificate.
Test #3 (KO):
-------------
Setting --user-agent (useragent) to firefox
Setting --secure-protocol (secureprotocol) to SSLv3
Setting --check-certificate (checkcertificate) to 0
Setting --certificate (certificate) to ./cert.pem
Setting --certificate-type (certificatetype) to PEM
Setting --private-key (privatekey) to ./key.pem
Setting --private-key-type (privatekeytype) to PEM
DEBUG output created by *Wget 1.10.2 on solaris2.10*.
Result: Client NOT authenticated. ERROR 403: Forbidden.
WebServer errorlog:
[12/Mar/2012:20:46:14] failure ( 4444): for host 10.10.7.12 trying to
GET /INTE/VoucherService_v1_0, Client-Auth reports: HTTP4028: Error
completing handshake (SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: SSL
renegotiation is not allowed.)
[12/Mar/2012:20:46:14] security ( 4444): HTTP4290: get_auth_user_ssl:
client passed no certificate.
[12/Mar/2012:20:46:14] security ( 4444): for host 10.10.7.12 trying to
GET /INTE/VoucherService_v1_0, acl-state reports: HTTP5191: access of
/app/webserver7/192.168.1.1/INTE/VoucherService_v1_0 denied by ACL
uri=/INTE/VoucherService_v1_0 directive 1
[12/Mar/2012:20:47:44] failure ( 4444): for host 10.10.7.12 trying to
GET /INTE/VoucherService_v1_0, Client-Auth reports: HTTP4028: Error
completing handshake (SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: SSL
renegotiation is not allowed.)
[12/Mar/2012:20:47:44] security ( 4444): HTTP4290: get_auth_user_ssl:
client passed no certificate.
[12/Mar/2012:20:47:44] security ( 4444): for host 10.10.7.12 trying to
GET /INTE/VoucherService_v1_0, acl-state reports: HTTP5191: access of
/app/webserver7/192.168.1.1/INTE/VoucherService_v1_0 denied by ACL
uri=/INTE/VoucherService_v1_0 directive 1
Test #4 (KO):
-------------
Setting --user-agent (useragent) to firefox
Setting --secure-protocol (secureprotocol) to SSLv3
Setting --check-certificate (checkcertificate) to 0
Setting --certificate (certificate) to ./cert.pem
Setting --certificate-type (certificatetype) to PEM
Setting --private-key (privatekey) to ./key.pem
Setting --private-key-type (privatekeytype) to PEM
DEBUG output created by *Wget 1.10.2 (Red Hat modified) on linux-gnu*.
Result: Client NOT authenticated. ERROR 403: Forbidden.
WebServer errorlog:
[16/Mar/2012:09:19:19] failure ( 4979): for host 172.16.211.253 trying
to GET /INTE/VoucherService_v1_0, Client-Auth reports: HTTP4028: Error
completing handshake (SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: SSL
renegotiation is not allowed.)
[16/Mar/2012:09:19:19] security ( 4979): HTTP4290: get_auth_user_ssl:
client passed no certificate.
What could cause these different results?
Many thanks and best regards to all.
-roberto
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Bug-wget] Client authentication with certificate,
Roberto Molinari <=