Client cert authentication is oddly elusive given the practical value. I found a neat bug:
I get a request for identification in firefox, no problem. If I choose the right certificate to respond with I get an instant child pid 61501 exit signal Bus error (10). Every click on the “OK” button gets another seg fault. Yay. Magic.
Updating my server’s install of OpenSSL on FreeBSD 8.1 to 1.0.0_4 (openssl-1.0.0c) I ran into a problem where some of the patch files had been updated but the distinfo file in /usr/ports/security/openssl hasn’t (hadn’t?) been updated to match.
The symptoms are that the update of OpenSSL fails with two errors:
- tls-extractor.patch line count is 1235, distinfo says 1234,
- dtls-sctp-20.patch SHA256 hash is wrong,
- (the tls-extractor.patch hash is wrong too, but the line count hits first).
- SHA256 (openssl-1.0.0c/tls-extractor.patch) = bb1aa486327fd96f9d6b870f0a1ad2c83dd4c06a96284eb64dde3f833ba5e0d0
- SIZE (openssl-1.0.0c/tls-extractor.patch) = 1234
- SHA256 (openssl-1.0.0c/dtls-sctp-20.patch) = 3b451618b64d7dbc917942759c26cbc717be3077e9d73cb3c5bd12a82a132268
+ SHA256 (openssl-1.0.0c/tls-extractor.patch) = b7dfb15b6ab7d62348eaa191fc8ba06565c92ecdd5d08bb5e9eb01a2e7433bb2
+ SIZE (openssl-1.0.0c/tls-extractor.patch) = 1235
+ SHA256 (openssl-1.0.0c/dtls-sctp-20.patch) = f002b13fead7c08270a9cfaf556be49c62be5b46f492ad59db29af4d3e9a4e67