[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl] using isasilk to talk to SSL enabled "gatekeepers"



Hello,

since I successfully connected to (and resumed a session 
with) some other server using OpenSSL (however, not supporting
cipher siute SSL_RSA_WITH_NULL_MD5 you are using) I assumed
that there may some issue with the configuration of your 
server causing the problem of closing the connection when
it is tried to resume a session. 
Sorry, I am not familiar with the configuration options of the 
OpenSSL server, but at least it should be possible to switch 
on/off session caching to see if it works when session caching
is disabled. 

Regards,
Dieter Bratko

-----Ursprungliche Nachricht-----
Von: novotny@bullwinkle.lbl.gov [mailto:novotny@bullwinkle.lbl.gov]Im
Auftrag von Jason Novotny
Gesendet: Montag, 13. August 2001 20:35
An: Dieter Bratko
Cc: iaik-ssl@iaik.at
Betreff: Re: SPAM: (REVDNS)AW: [iaik-ssl] using isasilk to talk to SSL
enabled "gatekeepers"



    Pardon my ignorance, but where is the openssl server config file that is being used by the
server?

    Thanks, Jason

Dieter Bratko wrote:

> Hello,
>
> it seems that the server closes the connection when the client tries to
> resume a former session. However, OpenSSL should support session
> resuming; so you may check the configuration of your server.
>
> Regards,
> Dieter Bratko
>
> -----Ursprungliche Nachricht-----
> Von: iaik-ssl-owner@iaik.tu-graz.ac.at
> [mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]Im Auftrag von Jason Novotny
> Gesendet: Mittwoch, 01. August 2001 00:57
> An: iaik-ssl@iaik.at
> Betreff: [iaik-ssl] using isasilk to talk to SSL enabled "gatekeepers"
>
> I have a server, called a Gatekeeper which has been alternatively linked
> with the SSLeay library and the OpenSSL 0.9.6 library. Using my Java
> client to talk to the server seems to work fine with servers that have
> been compiled with SSleay, but OpenSSL servers seem to fail. Here's some
> debug output I'm getting-
>
> ***
> ***                    Welcome to the IAIK JCE
> Library                    ***
> ***
> ***
> *** This version of IAIK JCE is licensed for educational and research
> use ***
> *** and evaluation only. Commercial use of this software is
> prohibited.   ***
> *** For details please see http://jcewww.iaik.at/legal/license.htm
> .      ***
> *** This message does not appear in the registered commercial
> version.    ***
> ***
> ***
>
> Using /dev/urandom for seed generation.
> Loading certificates from /etc/grid-security/certificates directory.
> Loading /etc/grid-security/certificates/42864e48.0 certificate.
> Loading /etc/grid-security/certificates/5aba75cb.0 certificate.
> Loading /etc/grid-security/certificates/6349a761.0 certificate.
> Loading /etc/grid-security/certificates/a7792cdb.0 certificate.
> Loading /etc/grid-security/certificates/bc82f877.0 certificate.
> Loading /etc/grid-security/certificates/f7d75486.0 certificate.
> The certificate is valid: CN=proxy,CN=Jason Novotny,OU=National Center
> for Supercomputing Applications,O=The University of Illinois
> Urbana-Champaign,O=Globus,C=US
> The certificate is valid: CN=Jason Novotny,OU=National Center for
> Supercomputing Applications,O=The University of Illinois
> Urbana-Champaign,O=Globus,C=US
> The certificate is valid: CN=Globus Certification
> Authority,O=Globus,C=US
> Connecting...
> ***
> ***
> ***             Welcome to the IAIK SSL (iSaSiLk) Library
> ***
> ***
> ***
> *** This version of iSaSiLk is licensed for educational and research use
> ***
> *** and evaluation only. Commercial use of this software is prohibited.
> ***
> *** For details please see http://jcewww.iaik.at/legal/license.htm .
> ***
> *** This message does not appear in the registered commercial version.
> ***
> ***
> ***
>
> ssl_debug(1): Starting handshake (iSaSiLk 3.03 Evaluation Version)...
> ssl_debug(1): Sending v3 client_hello message, requesting version 3.0...
>
> ssl_debug(1): Received v3 server_hello handshake message.
> ssl_debug(1): Server selected SSL version 3.0.
> ssl_debug(1): Server created new session E3:51:5D:A3:8A:2D:93:A7...
> ssl_debug(1): CipherSuite selected by server: SSL_RSA_WITH_NULL_MD5
> ssl_debug(1): CompressionMethod selected by server: NULL
> ssl_debug(1): Received certificate handshake message with server
> certificate.
> ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 3
> elements.
> ssl_debug(1): ChainVerifier: Found a trusted certificate, returning true
>
> ssl_debug(1): Received certificate_request handshake message.
> ssl_debug(1): Accepted certificate types: RSA, DSA
> ssl_debug(1): Accepted certificate authorities:
> ssl_debug(1):   CN=Globus Certification Authority,O=Globus,C=US
> ssl_debug(1):   OU=Certification Authority,O=National Computational
> Science Alliance,C=US
> ssl_debug(1):   CN=Certificate Manager,OU=Certificate Authorities,O=DOE
> Science Grid
> ssl_debug(1):   CN=Certificate Manager,OU=SDSC,O=NPACI,C=US
> ssl_debug(1):   CN=Certificate Manager,OU=Ames Research
> Center,O=National Aeronautics and Space Administration,O=Grid
> ssl_debug(1):   CN=LBNL-Grid-CA,OU=Certificate Authorities,O=Lawrence
> Berkeley National Laboratory,O=Grid
> ssl_debug(1): Received server_hello_done handshake message.
> ssl_debug(1): Sending certificate handshake message with RSA client
> certificate...
> ssl_debug(1): Sending client_key_exchange handshake message (1024
> bit)...
> ssl_debug(1): Sending certificate_verify handshake message...
> ssl_debug(1): Sending change_cipher_spec message...
> ssl_debug(1): Sending finished message...
> ssl_debug(1): Received change_cipher_spec message.
> ssl_debug(1): Received finished message.
> ssl_debug(1): Session added to session cache.
> ssl_debug(1): Handshake completed, statistics:
> ssl_debug(1): Read 2824 bytes in 5 records, wrote 2197 bytes in 5
> records.
> Server certificates:
> Version: 3
> Serial number: 79
> Signature algorithm: sha1WithRSAEncryption
> Issuer: CN=LBNL-Grid-CA,OU=Certificate Authorities,O=Lawrence Berkeley
> National Laboratory,O=Grid
> Valid not before: Thu Mar 15 17:39:57 PST 2001
>       not after: Sat Mar 15 17:39:57 PST 2003
> Subject: CN=bullwinkle.lbl.gov,O=Lawrence Berkeley National
> Laboratory,O=Grid
> com.sun.rsajca.JSA_RSAPublicKey@12b996
> Extensions: 3
> Certificate Fingerprint: 67:10:1A:9D:0E:5D:48:4F:70:EF:D2:FE:96:26:BC:62
>
> Version: 3
> Serial number: 15
> Signature algorithm: sha1WithRSAEncryption
> Issuer: CN=Certificate Manager,OU=Certificate Authorities,O=DOE Science
> Grid
> Valid not before: Tue Aug 29 15:28:02 PDT 2000
>       not after: Wed Aug 29 15:28:02 PDT 2001
> Subject: CN=LBNL-Grid-CA,OU=Certificate Authorities,O=Lawrence Berkeley
> National Laboratory,O=Grid
> com.sun.rsajca.JSA_RSAPublicKey@563e39
> Extensions: 5
> Certificate Fingerprint: 5C:9A:41:53:A4:AE:C6:C3:E2:13:95:AC:11:2D:D6:61
>
> Version: 3
> Serial number: 1
> Signature algorithm: md5WithRSAEncryption
> Issuer: CN=Certificate Manager,OU=Certificate Authorities,O=DOE Science
> Grid
> Valid not before: Wed Mar 01 00:00:00 PST 2000
>       not after: Sun Sep 15 00:00:00 PDT 2002
> Subject: CN=Certificate Manager,OU=Certificate Authorities,O=DOE Science
> Grid
> com.sun.rsajca.JSA_RSAPublicKey@f4fb3
> Extensions: 4
> Certificate Fingerprint: F7:88:FF:69:0A:D9:37:47:95:8C:0F:98:22:67:4C:F6
>
> Performing HOST authorization
> Activating delegation [limited]
> CERTREQ: Version: 0
> Subject: CN=proxy,CN=proxy,CN=Jason Novotny,OU=National Center for
> Supercomputing Applications,O=The University of Illinois
> Urbana-Champaign,O=Globus,C=US
> com.sun.rsajca.JSA_RSAPublicKey@38f82d
> Attributes: yes
> Fingerprint: 17:E0:8A:3F:10:D1:40:DA:AB:2D:D4:93:6C:71:66:47
>
> END CERT REQ
> The certificate is valid: CN=proxy,CN=Jason Novotny,OU=National Center
> for Supercomputing Applications,O=The University of Illinois
> Urbana-Champaign,O=Globus,C=US
> Version: 1
> Serial number: 2685
> Signature algorithm: md5WithRSAEncryption
> Issuer: CN=proxy,CN=Jason Novotny,OU=National Center for Supercomputing
> Applications,O=The University of Illinois Urbana-Champaign,O=Globus,C=US
>
> Valid not before: Tue Jul 31 14:28:00 PDT 2001
>       not after: Wed Aug 01 02:33:00 PDT 2001
> Subject: CN=limited proxy,CN=proxy,CN=Jason Novotny,OU=National Center
> for Supercomputing Applications,O=The University of Illinois
> Urbana-Champaign,O=Globus,C=US
> com.sun.rsajca.JSA_RSAPublicKey@38f82d
> Certificate Fingerprint: BE:FA:E0:74:BF:EB:A1:A8:F9:BB:8D:DC:42:E0:5C:FF
>
> sent signed certificate
> REQ SENT:
> POST /jobmanager HTTP/1.1
> Host: bullwinkle.lbl.gov
> Content-Type: application/x-globus-gram
> Content-Length: 126
>
> protocol-version: 2
> job-state-mask: 65535
> callback-url:
> rsl: "&(executable=/bin/sleep)(directory=/tmp)(arguments=300)"
>
> END
> HEADER: HTTP/1.1 200 OK
> HEADER: Content-Type: application/x-globus-gram
> HEADER: Content-Length: 101
> MSG: protocol-version: 2
> MSG: status: 0
> MSG: job-manager-url: https://bullwinkle.lbl.gov:40156/32613/996620061/
> REQ RECEIVED:
> Http    : HTTP/1.1
> Message : OK
> Code    : 200
> Length  : 101
> Chunked : false
> Type    : application/x-globus-gram
> Protocol-version : 2
> Status           : 0
> Job-manager-url  : https://bullwinkle.lbl.gov:40156/32613/996620061/
> END
> ssl_debug(1): Shutting down SSL layer...
> ssl_debug(1): Sending alert: Alert Warning: close notify
> ssl_debug(1): Read 614 bytes in 2 records, 572 bytes net, 286 average.
> ssl_debug(1): Wrote 936 bytes in 3 records, 873 bytes net, 291 average.
> ssl_debug(1): Closing transport...
> job submitted: https://bullwinkle.lbl.gov:40156/32613/996620061/
> querying status on job1
> Connecting...
> ssl_debug(2): Starting handshake (iSaSiLk 3.03 Evaluation Version)...
> ssl_debug(2): Sending v3 client_hello message, requesting version 3.0...
>
> ssl_debug(2): Received v3 server_hello handshake message.
> ssl_debug(2): Server selected SSL version 3.0.
> ssl_debug(2): Server created new session 33:82:5C:5A:8E:1E:9F:8F...
> ssl_debug(2): CipherSuite selected by server: SSL_RSA_WITH_NULL_MD5
> ssl_debug(2): CompressionMethod selected by server: NULL
> ssl_debug(2): Received certificate handshake message with server
> certificate.
> ssl_debug(2): Server sent a 512 bit RSA certificate, chain has 4
> elements.
> ssl_debug(2): ChainVerifier: Found a trusted certificate, returning true
>
> ssl_debug(2): Received certificate_request handshake message.
> ssl_debug(2): Accepted certificate types: RSA, DSA
> ssl_debug(2): Accepted certificate authorities:
> ssl_debug(2):   CN=Globus Certification Authority,O=Globus,C=US
> ssl_debug(2):   OU=Certification Authority,O=National Computational
> Science Alliance,C=US
> ssl_debug(2):   CN=Certificate Manager,OU=Certificate Authorities,O=DOE
> Science Grid
> ssl_debug(2):   CN=Certificate Manager,OU=SDSC,O=NPACI,C=US
> ssl_debug(2):   CN=Certificate Manager,OU=Ames Research
> Center,O=National Aeronautics and Space Administration,O=Grid
> ssl_debug(2):   CN=LBNL-Grid-CA,OU=Certificate Authorities,O=Lawrence
> Berkeley National Laboratory,O=Grid
> ssl_debug(2): Received server_hello_done handshake message.
> ssl_debug(2): Sending certificate handshake message with RSA client
> certificate...
> ssl_debug(2): Sending client_key_exchange handshake message (512 bit)...
>
> ssl_debug(2): Sending certificate_verify handshake message...
> ssl_debug(2): Sending change_cipher_spec message...
> ssl_debug(2): Sending finished message...
> ssl_debug(2): Received change_cipher_spec message.
> ssl_debug(2): Received finished message.
> ssl_debug(2): Session added to session cache.
> ssl_debug(2): Handshake completed, statistics:
> ssl_debug(2): Read 3279 bytes in 5 records, wrote 2133 bytes in 5
> records.
> No authorization
> JM SENT:
> POST https://bullwinkle.lbl.gov:40156/32613/996620061/ HTTP/1.1
> Host: bullwinkle.lbl.gov
> Content-Type: application/x-globus-gram
> Content-Length: 33
>
> protocol-version: 2
> "status"
>
> END
> HEADER: HTTP/1.1 200 OK
> HEADER: Content-Type: application/x-globus-gram
> HEADER: Content-Length: 50
> MSG: protocol-version: 2
> MSG: status: 2
> MSG: failure-code: 0
> JM RECEIVED:
> Http    : HTTP/1.1
> Message : OK
> Code    : 200
> Length  : 50
> Chunked : false
> Type    : application/x-globus-gram
> Protocol-version : 2
> Status           : 2
> Failure-code     : 0
> END
> ssl_debug(2): Shutting down SSL layer...
> ssl_debug(2): Sending alert: Alert Warning: close notify
> ssl_debug(2): Read 151 bytes in 1 records, 130 bytes net, 130 average.
> ssl_debug(2): Wrote 208 bytes in 1 records, 187 bytes net, 187 average.
> ssl_debug(2): Closing transport...
> status: ACTIVE
> querying status on job1
> Connecting...
> ssl_debug(3): Starting handshake (iSaSiLk 3.03 Evaluation Version)...
> ssl_debug(3): Sending v3 client_hello message, requesting version 3.0...
>
> ssl_debug(3): Trying to resume session 33:82:5C:5A:8E:1E:9F:8F...
> ssl_debug(3): IOException while handshaking: Connection closed by remote
> host.
> ssl_debug(3): Sending alert: Alert Fatal: handshake failure
> ssl_debug(3): Shutting down SSL layer...
> org.globus.gram.GramException: The connection to the server failed
> (check host and port) [Root error message: Connection closed by remote
> host.] [Root exception is java.io.EOFException: Connection closed by
> remote host.]
>
>     Why am I getting an IOException while handshaking? Pardon my
> ignorance, but I'm really at a loss as to where to start debugging this
> problem.
>
>     Thanks, Jason
>
> --
> Jason Novotny               jdnovotny@lbl.gov
> Home: (510) 610-8360        Work: (510) 486-8662
> NERSC Distributed Computing http://www-didc.lbl.gov
>
> --
> Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
> To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl
>
>
> --
> Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
> To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl
>

--
Jason Novotny               jdnovotny@lbl.gov
Home: (510) 610-8360        Work: (510) 486-8662
NERSC Distributed Computing http://www-didc.lbl.gov






smime.p7s