Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

errors on currently configured webauth machine

Adam Lewenberg adamhl at stanford.edu
Thu Dec 10 18:36:35 PST 2015



On 12/10/2015 5:54 PM, Russ Allbery wrote:
> Thomas Carlson <tec at stanford.edu> writes:
>
>> [Thu Dec 10 16:28:20 2015] [error] mod_webauth: curl_easy_perform:
>> error(35): error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown
>> message digest algorithm
>
> mod_webauth is trying to get a webkdc-service token from the WebKDC, and
> that attempt is failing because your local SSL library doesn't like the
> message digest algorithm being used by the WebKDC server certificate.
>
> Why, I don't know.  I suspect either your SSL implementation is too old or
> the WebKDC certificate is too old.  If the weblogin.stanford.edu
> certificate was recently changed, that would be the first thing I'd look
> at: what message digest algorithm was it using before, and what it is it
> using now, and what OpenSSL is your mod_webauth installation using?
>

The weblogin.stanford.edu certificate was changed this morning (to one 
using SHA-2).

Adam




More information about the webauth-info mailing list