[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] using isasilk to talk to SSL enabled "gatekeepers"




I have a server, called a Gatekeeper which has been alternatively linked
with the SSLeay library and the OpenSSL 0.9.6 library. Using my Java
client to talk to the server seems to work fine with servers that have
been compiled with SSleay, but OpenSSL servers seem to fail. Here's some
debug output I'm getting-


***
***                    Welcome to the IAIK JCE
Library                    ***
***
***
*** This version of IAIK JCE is licensed for educational and research
use ***
*** and evaluation only. Commercial use of this software is
prohibited.   ***
*** For details please see http://jcewww.iaik.at/legal/license.htm
.      ***
*** This message does not appear in the registered commercial
version.    ***
***
***

Using /dev/urandom for seed generation.
Loading certificates from /etc/grid-security/certificates directory.
Loading /etc/grid-security/certificates/42864e48.0 certificate.
Loading /etc/grid-security/certificates/5aba75cb.0 certificate.
Loading /etc/grid-security/certificates/6349a761.0 certificate.
Loading /etc/grid-security/certificates/a7792cdb.0 certificate.
Loading /etc/grid-security/certificates/bc82f877.0 certificate.
Loading /etc/grid-security/certificates/f7d75486.0 certificate.
The certificate is valid: CN=proxy,CN=Jason Novotny,OU=National Center
for Supercomputing Applications,O=The University of Illinois
Urbana-Champaign,O=Globus,C=US
The certificate is valid: CN=Jason Novotny,OU=National Center for
Supercomputing Applications,O=The University of Illinois
Urbana-Champaign,O=Globus,C=US
The certificate is valid: CN=Globus Certification
Authority,O=Globus,C=US
Connecting...
***
***
***             Welcome to the IAIK SSL (iSaSiLk) Library
***
***
***
*** This version of iSaSiLk is licensed for educational and research use
***
*** and evaluation only. Commercial use of this software is prohibited.
***
*** For details please see http://jcewww.iaik.at/legal/license.htm .
***
*** This message does not appear in the registered commercial version.
***
***
***

ssl_debug(1): Starting handshake (iSaSiLk 3.03 Evaluation Version)...
ssl_debug(1): Sending v3 client_hello message, requesting version 3.0...

ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.0.
ssl_debug(1): Server created new session E3:51:5D:A3:8A:2D:93:A7...
ssl_debug(1): CipherSuite selected by server: SSL_RSA_WITH_NULL_MD5
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server
certificate.
ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 3
elements.
ssl_debug(1): ChainVerifier: Found a trusted certificate, returning true

ssl_debug(1): Received certificate_request handshake message.
ssl_debug(1): Accepted certificate types: RSA, DSA
ssl_debug(1): Accepted certificate authorities:
ssl_debug(1):   CN=Globus Certification Authority,O=Globus,C=US
ssl_debug(1):   OU=Certification Authority,O=National Computational
Science Alliance,C=US
ssl_debug(1):   CN=Certificate Manager,OU=Certificate Authorities,O=DOE
Science Grid
ssl_debug(1):   CN=Certificate Manager,OU=SDSC,O=NPACI,C=US
ssl_debug(1):   CN=Certificate Manager,OU=Ames Research
Center,O=National Aeronautics and Space Administration,O=Grid
ssl_debug(1):   CN=LBNL-Grid-CA,OU=Certificate Authorities,O=Lawrence
Berkeley National Laboratory,O=Grid
ssl_debug(1): Received server_hello_done handshake message.
ssl_debug(1): Sending certificate handshake message with RSA client
certificate...
ssl_debug(1): Sending client_key_exchange handshake message (1024
bit)...
ssl_debug(1): Sending certificate_verify handshake message...
ssl_debug(1): Sending change_cipher_spec message...
ssl_debug(1): Sending finished message...
ssl_debug(1): Received change_cipher_spec message.
ssl_debug(1): Received finished message.
ssl_debug(1): Session added to session cache.
ssl_debug(1): Handshake completed, statistics:
ssl_debug(1): Read 2824 bytes in 5 records, wrote 2197 bytes in 5
records.
Server certificates:
Version: 3
Serial number: 79
Signature algorithm: sha1WithRSAEncryption
Issuer: CN=LBNL-Grid-CA,OU=Certificate Authorities,O=Lawrence Berkeley
National Laboratory,O=Grid
Valid not before: Thu Mar 15 17:39:57 PST 2001
      not after: Sat Mar 15 17:39:57 PST 2003
Subject: CN=bullwinkle.lbl.gov,O=Lawrence Berkeley National
Laboratory,O=Grid
com.sun.rsajca.JSA_RSAPublicKey@12b996
Extensions: 3
Certificate Fingerprint: 67:10:1A:9D:0E:5D:48:4F:70:EF:D2:FE:96:26:BC:62

Version: 3
Serial number: 15
Signature algorithm: sha1WithRSAEncryption
Issuer: CN=Certificate Manager,OU=Certificate Authorities,O=DOE Science
Grid
Valid not before: Tue Aug 29 15:28:02 PDT 2000
      not after: Wed Aug 29 15:28:02 PDT 2001
Subject: CN=LBNL-Grid-CA,OU=Certificate Authorities,O=Lawrence Berkeley
National Laboratory,O=Grid
com.sun.rsajca.JSA_RSAPublicKey@563e39
Extensions: 5
Certificate Fingerprint: 5C:9A:41:53:A4:AE:C6:C3:E2:13:95:AC:11:2D:D6:61

Version: 3
Serial number: 1
Signature algorithm: md5WithRSAEncryption
Issuer: CN=Certificate Manager,OU=Certificate Authorities,O=DOE Science
Grid
Valid not before: Wed Mar 01 00:00:00 PST 2000
      not after: Sun Sep 15 00:00:00 PDT 2002
Subject: CN=Certificate Manager,OU=Certificate Authorities,O=DOE Science
Grid
com.sun.rsajca.JSA_RSAPublicKey@f4fb3
Extensions: 4
Certificate Fingerprint: F7:88:FF:69:0A:D9:37:47:95:8C:0F:98:22:67:4C:F6

Performing HOST authorization
Activating delegation [limited]
CERTREQ: Version: 0
Subject: CN=proxy,CN=proxy,CN=Jason Novotny,OU=National Center for
Supercomputing Applications,O=The University of Illinois
Urbana-Champaign,O=Globus,C=US
com.sun.rsajca.JSA_RSAPublicKey@38f82d
Attributes: yes
Fingerprint: 17:E0:8A:3F:10:D1:40:DA:AB:2D:D4:93:6C:71:66:47

END CERT REQ
The certificate is valid: CN=proxy,CN=Jason Novotny,OU=National Center
for Supercomputing Applications,O=The University of Illinois
Urbana-Champaign,O=Globus,C=US
Version: 1
Serial number: 2685
Signature algorithm: md5WithRSAEncryption
Issuer: CN=proxy,CN=Jason Novotny,OU=National Center for Supercomputing
Applications,O=The University of Illinois Urbana-Champaign,O=Globus,C=US

Valid not before: Tue Jul 31 14:28:00 PDT 2001
      not after: Wed Aug 01 02:33:00 PDT 2001
Subject: CN=limited proxy,CN=proxy,CN=Jason Novotny,OU=National Center
for Supercomputing Applications,O=The University of Illinois
Urbana-Champaign,O=Globus,C=US
com.sun.rsajca.JSA_RSAPublicKey@38f82d
Certificate Fingerprint: BE:FA:E0:74:BF:EB:A1:A8:F9:BB:8D:DC:42:E0:5C:FF

sent signed certificate
REQ SENT:
POST /jobmanager HTTP/1.1
Host: bullwinkle.lbl.gov
Content-Type: application/x-globus-gram
Content-Length: 126

protocol-version: 2
job-state-mask: 65535
callback-url:
rsl: "&(executable=/bin/sleep)(directory=/tmp)(arguments=300)"


END
HEADER: HTTP/1.1 200 OK
HEADER: Content-Type: application/x-globus-gram
HEADER: Content-Length: 101
MSG: protocol-version: 2
MSG: status: 0
MSG: job-manager-url: https://bullwinkle.lbl.gov:40156/32613/996620061/
REQ RECEIVED:
Http    : HTTP/1.1
Message : OK
Code    : 200
Length  : 101
Chunked : false
Type    : application/x-globus-gram
Protocol-version : 2
Status           : 0
Job-manager-url  : https://bullwinkle.lbl.gov:40156/32613/996620061/
END
ssl_debug(1): Shutting down SSL layer...
ssl_debug(1): Sending alert: Alert Warning: close notify
ssl_debug(1): Read 614 bytes in 2 records, 572 bytes net, 286 average.
ssl_debug(1): Wrote 936 bytes in 3 records, 873 bytes net, 291 average.
ssl_debug(1): Closing transport...
job submitted: https://bullwinkle.lbl.gov:40156/32613/996620061/
querying status on job1
Connecting...
ssl_debug(2): Starting handshake (iSaSiLk 3.03 Evaluation Version)...
ssl_debug(2): Sending v3 client_hello message, requesting version 3.0...

ssl_debug(2): Received v3 server_hello handshake message.
ssl_debug(2): Server selected SSL version 3.0.
ssl_debug(2): Server created new session 33:82:5C:5A:8E:1E:9F:8F...
ssl_debug(2): CipherSuite selected by server: SSL_RSA_WITH_NULL_MD5
ssl_debug(2): CompressionMethod selected by server: NULL
ssl_debug(2): Received certificate handshake message with server
certificate.
ssl_debug(2): Server sent a 512 bit RSA certificate, chain has 4
elements.
ssl_debug(2): ChainVerifier: Found a trusted certificate, returning true

ssl_debug(2): Received certificate_request handshake message.
ssl_debug(2): Accepted certificate types: RSA, DSA
ssl_debug(2): Accepted certificate authorities:
ssl_debug(2):   CN=Globus Certification Authority,O=Globus,C=US
ssl_debug(2):   OU=Certification Authority,O=National Computational
Science Alliance,C=US
ssl_debug(2):   CN=Certificate Manager,OU=Certificate Authorities,O=DOE
Science Grid
ssl_debug(2):   CN=Certificate Manager,OU=SDSC,O=NPACI,C=US
ssl_debug(2):   CN=Certificate Manager,OU=Ames Research
Center,O=National Aeronautics and Space Administration,O=Grid
ssl_debug(2):   CN=LBNL-Grid-CA,OU=Certificate Authorities,O=Lawrence
Berkeley National Laboratory,O=Grid
ssl_debug(2): Received server_hello_done handshake message.
ssl_debug(2): Sending certificate handshake message with RSA client
certificate...
ssl_debug(2): Sending client_key_exchange handshake message (512 bit)...

ssl_debug(2): Sending certificate_verify handshake message...
ssl_debug(2): Sending change_cipher_spec message...
ssl_debug(2): Sending finished message...
ssl_debug(2): Received change_cipher_spec message.
ssl_debug(2): Received finished message.
ssl_debug(2): Session added to session cache.
ssl_debug(2): Handshake completed, statistics:
ssl_debug(2): Read 3279 bytes in 5 records, wrote 2133 bytes in 5
records.
No authorization
JM SENT:
POST https://bullwinkle.lbl.gov:40156/32613/996620061/ HTTP/1.1
Host: bullwinkle.lbl.gov
Content-Type: application/x-globus-gram
Content-Length: 33

protocol-version: 2
"status"


END
HEADER: HTTP/1.1 200 OK
HEADER: Content-Type: application/x-globus-gram
HEADER: Content-Length: 50
MSG: protocol-version: 2
MSG: status: 2
MSG: failure-code: 0
JM RECEIVED:
Http    : HTTP/1.1
Message : OK
Code    : 200
Length  : 50
Chunked : false
Type    : application/x-globus-gram
Protocol-version : 2
Status           : 2
Failure-code     : 0
END
ssl_debug(2): Shutting down SSL layer...
ssl_debug(2): Sending alert: Alert Warning: close notify
ssl_debug(2): Read 151 bytes in 1 records, 130 bytes net, 130 average.
ssl_debug(2): Wrote 208 bytes in 1 records, 187 bytes net, 187 average.
ssl_debug(2): Closing transport...
status: ACTIVE
querying status on job1
Connecting...
ssl_debug(3): Starting handshake (iSaSiLk 3.03 Evaluation Version)...
ssl_debug(3): Sending v3 client_hello message, requesting version 3.0...

ssl_debug(3): Trying to resume session 33:82:5C:5A:8E:1E:9F:8F...
ssl_debug(3): IOException while handshaking: Connection closed by remote
host.
ssl_debug(3): Sending alert: Alert Fatal: handshake failure
ssl_debug(3): Shutting down SSL layer...
org.globus.gram.GramException: The connection to the server failed
(check host and port) [Root error message: Connection closed by remote
host.] [Root exception is java.io.EOFException: Connection closed by
remote host.]


    Why am I getting an IOException while handshaking? Pardon my
ignorance, but I'm really at a loss as to where to start debugging this
problem.

    Thanks, Jason




--
Jason Novotny               jdnovotny@lbl.gov
Home: (510) 610-8360        Work: (510) 486-8662
NERSC Distributed Computing http://www-didc.lbl.gov



--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl