[CalendarServer-users] SSL with caldavd

Gaurav Jain monkeyfdude at gmail.com
Mon Mar 28 00:41:05 PDT 2016 

I have also explained the problem at

http://security.stackexchange.com/questions/118750/having-issues-with-sslv3-handshake-failed

Please help.


On Sun, Mar 27, 2016 at 8:05 PM, Gaurav Jain <monkeyfdude at gmail.com> wrote:

> Without Intermediate Certs, I get
>
> <!-- SSL authority chain (for intermediate certs) -->
>
>     <key>SSLAuthorityChain</key>
>
> *    <string></string>*
>
> 41275:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handshake
> failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593:
> ------------------------------------------------ Different Error
> --------------------------------
>
> With Intermediate Certs:
>
> <!-- SSL authority chain (for intermediate certs) -->
>
>     <key>SSLAuthorityChain</key>
>
> *    <string>/etc/ssl/myProject/PositiveSSL.ca-bundle</string>*
>
> java.security.cert.CertPathValidatorException: Trust anchor for
> certification path not found.
>
> On Sun, Mar 27, 2016 at 7:12 PM, Gaurav Jain <monkeyfdude at gmail.com>
> wrote:
>
>> Hi,
>>
>> Thank you for creating caldavd.
>>
>> I try to configure SSL with Caldavd. I am having issues configuring
>> SSLAuthortiyChain.
>>
>> I use positive SSL which gave following file for intermediate chain
>>
>> AddTrustExternalCARoot.crt
>>
>> COMODORSAAddTrustCA.crt
>>
>> COMODORSADomainValidationSecureServerCA.crt
>>
>>
>> I created a file PositiveSSL.ca-bundle
>>
>> cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt
>>  AddTrustExternalCARoot.crt      > PositiveSSL.ca-bundle
>>
>>
>>     <!-- SSL authority chain (for intermediate certs) -->
>>
>>     <key>SSLAuthorityChain</key>
>>
>>     <string>/etc/ssl/myProject/PositiveSSL.ca-bundle</string>
>>
>>
>> But I get "HandShake Failed" error.
>>
>> openssl s_client -connect example.com:8443 -CAfile
>> ~/ssl/comodo/PositiveSSL.ca-bundle
>>
>> CONNECTED(00000003)
>>
>> 41275:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
>> handshake
>> failure:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/ssl/s23_clnt.c:593:
>>
>>
>> Would you be able to point me to issue?
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.macosforge.org/pipermail/calendarserver-users/attachments/20160328/a443c4cc/attachment-0001.html>

More information about the calendarserver-users mailing list