View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000787 | Main CAcert Website | certificate issuing | public | 2009-11-06 15:30 | 2012-12-27 17:21 |
| Reporter | dichter | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | new | Resolution | open | ||
| Summary | 0000787: SSL Handshake Error if no Client Cert is Installed | ||||
| Description | It seem to be the same issue as reported in http://bugs.cacert.org/view.php?id=674 and http://bugs.cacert.org/view.php?id=511 The problem presents if trying to follow links to the https://secure.cacert.org/ domain (instead of https://www.cacert.org ) or by clicking at the "certificate login" link If you have no Client Certificate installed, you get an SSL-Handshake error. This is misleading. Isn't there a way to check first if client cert is being present first? Firefox 3.5.5: Fehler: Gesicherte Verbindung fehlgeschlagen Ein Fehler ist während einer Verbindung mit secure.cacert.org aufgetreten. Die SSL-Gegenstelle konnte keinen akzeptablen Satz an Sicherheitsparametern aushandeln. (Fehlercode: ssl_error_handshake_failure_alert) | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| duplicate of | 0000511 | closed | Ted | CATS.cacert.org | Handshake failure: Cannot reach the cert login page at https://secure.cacert.org |
| related to | 0000674 | closed | Sourcerer | CATS.cacert.org | Can't connect to it to cats.cacert.org |
| related to | 0001107 | new | CATS.cacert.org | CACert CATS Manual has only one page, which is mostly empty |
|
|
> Isn't there a way to check first if client cert is being present first? There is a way to request the client certificate (Apache optional client certificate setting) and present a more helpful error message. This however causes problems for Safari and potentially Chrome browsers that will ignore the server's certificate request to the browser and just display the error page and not give user's the option to provide a certificate. There were some ugly hacks I did on Cats to get this to a better state however its far from idea. It could however be better than what we have now. Since Mozilla devs seem unwilling provide a better error message[1], who knows what Apple will do, and its probably time we did a better solution. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=419069 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2009-11-06 15:30 | dichter | New Issue | |
| 2009-11-06 15:32 | dichter | Relationship added | related to 0000674 |
| 2009-11-06 15:33 | dichter | Relationship added | duplicate of 0000511 |
| 2009-11-07 01:21 | Daniel Black | Note Added: 0001503 | |
| 2012-12-27 17:21 | Werner Dworak | Relationship added | related to 0001107 |
