[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl] Newbie Demo questions



DemoUtil.setClientCertificates(context) is responsible for setting the
certificates and keys owned by the actual Client/Server. If you do not have
access to the keystore make sure to run SetupKeyStore before trying the
demos.

Whether the client is able to respond to a certificate request message
depends on the certificates you have set via context.addCredentials. Usually
the server specifies which certification authorities and cert types it is
willing to accept in correspondence with the selected cipher suite. If no
proper certificates are available, the client cannot send a certificate.

Tust settings are managed by the ChainVerifier. You may use the default
ChainVerifier, add trusted certificates or write your own chain verifier.

Please read the iSaSiLk certificate management page at
http://jcewww.iaik.at/iSaSiLk/doc/certs.htm for getting more detailled
information.

Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.tu-graz.ac.at
[mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]Im Auftrag von Cathy
Petrozzino
Gesendet: Freitag, 5. Mai 2000 02:12
An: iaik-ssl@iaik.tu-graz.ac.at
Betreff: [iaik-ssl] Newbie Demo questions


I am running the basic demo programs (SSLServer and SSLClient) and I
wanted to confirm/ask questions about the behavior I saw:

1)  SSLClient does not appear to initialize the keystore - even when I
uncomment the "DemoUtil.setClientCertificates(context)" line in the
SSLClient.java file.  Does this make sense?

2)  There appear to be no trusted certificates in the keystore that
results from executing demo.SetupKeyStore.  Thus chain_verifier never
finds a trusted certificate.

3)  For some reason, SSLClient does not respond with a certificate after
receiving a "certificate_request" message from the server?  Evidently,
the client could not find a certificate (regardless of whether
"DemoUtil.setClientCertificates(context)" is commented out in
SSLClient.java)  has the demo deliberately been set up to work this way
or am I missing something obvious?

Thanks,

Cathy



--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl




smime.p7s