Certificate produces strange error.

[GoogleCodeExporter]

Using Cherokee 0.9.0

I have installed Cherokee and configured it with 2 virtual hosts.
The virtual hosts use SSL Certificates from Startcom.

These certificates contain two domains apiece as a CN.
mail.host.com & host.com

So in total there is.

host.com -> cert 1
mail.host.com -> cert 1

host2.com -> cert 2
mail.host2.com -> cert 2

On one of the certificates, I receive an error when I go to "host.com", but
not when I go to "mail.host.com". The other certificate works just fine for
both "host2.com" and "mail.host2.com".

The error for host.com is.

In Firefox:
Data Transfer Interrupted

The connection to host.com was interrupted while the page was loading.

The browser connected successfully, but the connection was interrupted
while transferring information.  Please try again.

* Are you unable to browse other sites? Check the computer's network
connection.

* Still having trouble? Consult your network administrator or Internet
provider for assistance.
<try again>

Cherokee itself produces this:
socket.c:488: ERROR: Init GNUTLS: Handshake has failed: Could not negotiate
a supported cipher suite.

Why is this? Also self-signed certificates fail with the same error. What
should the "CN" field be for a snake-oil cert to allow all hosts to connect?

Original issue reported on code.google.com by J.SkyW...@gmail.com on 27 Sep 2008 at 11:16

[GoogleCodeExporter]

1. Install Ubuntu 8.04 server

2. Install compiler and various dependencies including libgnutls-dev

3. Install cherokee 0.9.1: ./configure --prefix=/usr --sysconfdir=/etc
--localstatedir=/var --with-wwwroot=/var/www/default && make && make install)

4. Create certificate: openssl req -days 1000 -new -x509 -nodes    \
  -out /etc/cherokee/ssl/cherokee.pem       \
  -keyout /etc/cherokee/ssl/cherokee.pem

5. Configure default host to use cert.

6. Start Cherokee test site.

7. Receive error listed above. (socket.c:488: ERROR: Init GNUTLS: Handshake has
failed: Could not negotiate a supported cipher suite.
socket.c:488: ERROR: Init GNUTLS: Handshake has failed: Could not negotiate a
supported cipher suite.)

Original comment by J.SkyW...@gmail.com on 2 Oct 2008 at 7:11

[GoogleCodeExporter]

cherokee.pem file.

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDvAMbZB2EU0PGwBj9RwFpXGBPUjsbwsN2ByfmDuRMpX1Y48MAR
0prg0k2vrAUvxIH6uMXVEh1uMHUSXOlZqkRU+8p/Gke7o5OOQ1/HTwo7NmzoDh8w
qRyjppw/3suUUFWzVtGcNeZA5Kp+yB7/8/RJbYBBYFo8NUv+qmFoufkhXQIDAQAB
AoGBAJhH+Wq83elifCv4vw16rtUBXVk4o58mQex5YUbBfGkG+qwLEYYJl28Z8C+3
PhLCdULnyf1JroDP1TgfBPuBlkkIcQt6kDguwVS7RoB94s4ZXM/ZDrV5YbaZ25gm
bPJXK30M5u7kWAInE0jRN3xhyeVzANqEs/n7Y4KoKqSaRXytAkEA+UeRvWnr4iDa
uPdUmmYTKqoSUe/59nkoT952xdxV0jlIudseobaZOGQW716Aun4IKarOlsrv/Oy1
L/Ib9FrO6wJBAPVySGZp78OlVPVgC1bpw7v4bzS3hUS2vp0dU5JT/2N2PHJONC+6
neAk7sGIeIvjOhFxkd9syjdesSs+GKMNjtcCQC12D+4rUwl6VGlHMfa2huhQ++ZV
jZCVp/Ro7eBHvp8IM2sxuvRjCK5wEn61DWT1dyeiLurxN7M4uBJ2ZQK7TOECQQCw
XufBl/wvVT2geNyNHruE9fdLJVjBUKPWGH22F1/cI9k5thJv/aR2rXNXZG5i7uwK
HtbYer8wXH3o+d0QRazPAkAVGXzd+50pTf1aIym2Q7EVKoaSfQj1gWS7/rnsDywO
m/qrSw1LCPWDrZdh/9wALlxhhyLE/6mRHuESK2MhC3eY
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIJAIi9o3xD0NpzMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMDgxMDAyMjIyOTI5WhcNMTEwNjI5MjIyOTI5WjBF
MQswCQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50
ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQDvAMbZB2EU0PGwBj9RwFpXGBPUjsbwsN2ByfmDuRMpX1Y48MAR0prg0k2vrAUv
xIH6uMXVEh1uMHUSXOlZqkRU+8p/Gke7o5OOQ1/HTwo7NmzoDh8wqRyjppw/3suU
UFWzVtGcNeZA5Kp+yB7/8/RJbYBBYFo8NUv+qmFoufkhXQIDAQABo4GnMIGkMB0G
A1UdDgQWBBTdNN2RQReW7Zdc05BpkOOd0Dz9GTB1BgNVHSMEbjBsgBTdNN2RQReW
7Zdc05BpkOOd0Dz9GaFJpEcwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUt
U3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZIIJAIi9o3xD
0NpzMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAwjuhCu67nqnURcFc
ckckA3RyrboIiTO9klujcVJAdGBXuXgHeCUzLD+dFX74dthA6LUqcR+UrSt1STrX
w119mOpqbgRbB2b36R1dtW5naFgTTbi5iuduj4iJWTAYFfHVZiwIyPU7RnbkHFU1
1jHOkXveftP+/hRhZx5LC2m9D1E=
-----END CERTIFICATE-----

vserver!10!ssl_ca_list_file = /etc/cherokee/ssl/cherokee.pem
vserver!10!ssl_certificate_file = /etc/cherokee/ssl/cherokee.pem
vserver!10!ssl_certificate_key_file = /etc/cherokee/ssl/cherokee.pem

Why does this fail?

Original comment by J.SkyW...@gmail.com on 2 Oct 2008 at 10:32

[GoogleCodeExporter]

Could you retest it with the latest Cherokee?

Original comment by ste...@konink.de on 22 Dec 2008 at 3:05

• Added labels: Usability

[GoogleCodeExporter]

I would like to but I modified the project to work with Apache. :( Perhaps I'll 
give
it another try in not too long though..

You guys are doing great work, keep it up.

Original comment by J.SkyW...@gmail.com on 22 Dec 2008 at 8:12

[GoogleCodeExporter]

Original comment by ste...@konink.de on 22 Dec 2008 at 9:08

• Changed state: WaitingQA

[GoogleCodeExporter]

GNUTLS has been removed from Cherokee, todays SSL 'hammering' testing was 
pretty well
done. I think I should close this bug, J. thanks for reporting, I hope Cherokee 
can
serve your needs in the near future :)

Original comment by ste...@konink.de on 1 Feb 2009 at 2:21

• Changed state: WontFix