[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: AW: AW: [iaik-ssl]cu|| Why no client side certificate is available?



Hello Lei,

yes, sorry, seems that I have not carefully enough compared the two
string representations; now I remember that Tom has pointed out this
a while ago, and I think he has lead you in the right direction to solve
the problem now.

I do not think that the name of cert in your local trust store and the
trusted CA name sent by the peer are really different; the problem
may occur if different providers are used to model the local cert and
the CA name received via CertificateRequest message, and if the name
comparison is done string based and the two providers give different
string representations.

However, in your case, I am not sure if the cert issuer actually is
checked. From the cert dump you have have provided it seems that you
use the SUN provider; so, I assume, you are using iSaSiLk?s standard
SecurityProvider. As you know, conversion between Principals and their
encodings cannot be modelled in a provider independent way. For that
reason, the standard SecurityProvider returns null for both methods

protected Principal getPrincipal(byte[] array) throws Exception;
protected byte[] getEncodedPrincipal(Principal principal);

So, if you do not have overriden these two methods for the provider
(SUN) you are using, no check is performed if the client cert
matches to any of the certficate authority names accepted by the
server at all (as we have noted in at
http://jcewww.iaik.at/products/isasilk/documentation/security%20provider/ind
ex.php.)
(However, if you have extended IaikProvider immediately and only
overriden method getX509Certificate(byte[] array) to return a SUN
certificate you should override method getPrincipal(byte[] array)
to return a SUN Name, too).

> I am using Sun's sunrsasign.jar as the RSA engine.
I believe sunrsasign.jar does not support a RSA Cipher engine, only
Signature engines. However, you will need a RSA Cipher engine:
the client has to send a CertificateVerify after sending its
certificate. The CertificateVerify is signed with the client?s RSA key.
As you might know, SSL calculates RSA signatures on concatenated md5 and
SHA-1 hashes; so iSaSiLk uses a Cipher engine to "sign" (encrypt) the
output of the hashing procedure.
Now, when the server indicates that he wants a RSA certificate, iSaSiLk
not only checks if a proper client certificate is available, but also
if cryptographic engines are available to be able to create the
CertificateVerify message. So an "empty certificate message" also
may be caused by the missing of a RSA Cipher engine.

You may check if any of the two issues apply to your problem.

Regards,
Dieter


-----Ursprungliche Nachricht-----
Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
von Lei Gu
Gesendet: Dienstag, 19. Marz 2002 15:53
An: Dieter Bratko; iaik-ssl@iaik.at
Betreff: Re: AW: AW: [iaik-ssl]cu|| Why no client side certificate is
available?


Hi Dieter,
I am using Sun's sunrsasign.jar as the RSA engine.

Tom van den Berge <tom.vandenberge@bibit.com> pointed out to me that
there is a difference between the two CAs:

OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc., C=US
OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

My CA uses double quotes for "VeriSign, Inc.", the othr doesn't.

Is this the possible cause of my problem?

Appparently Netscape and iaik treat double quote differently.
Anyway around  this problem?
Thanks again.
-- Lei

At 02:37 PM 3/19/2002 +0000, Dieter Bratko wrote:

>Hello Lei,
>
>seems you are using the SUN provider. Is it sure that any of the security
>providers you have installed supports a RSA Cipher engine?
>
>Regards,
>Dieter
>
>
>-----Ursprungliche Nachricht-----
>Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
>von Lei Gu
>Gesendet: Dienstag, 19. Marz 2002 14:44
>An: Dieter Bratko; iaik-ssl@iaik.at
>Betreff: Re: AW: [iaik-ssl]cu|| Why no client side certificate is
>available?
>
>
>Hi Dieter,
>
>Below is the debug output of my program. I also printed out the certificate
>I used.
>
>The root of the chain clearly states :
>Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
>Inc.", C=US
>
>Any ideas? Thanks for your help.
>-- Lei
>
>----------------------------- Debug output
>---------------------------------------
>
>============== Certificate Element [0] ================
>[
>[
>    Version: V3
>    Subject: C=US, ST=Massachusettes, L=Burlington, OU=Engineering,
>CN=Lightbridge Inc., OU=Digital ID Class 3 - Java Object Signing,
>OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)99",
>OU=VeriSign Trust Network, O="VeriSign, Inc."
>    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
>    Key:  com.sun.rsajca.JSA_RSAPublicKey@58957f
>    Validity: [From: Mon Sep 24 20:00:00 EDT 2001,
>                 To: Wed Sep 25 19:59:59 EDT 2002]
>    Issuer: CN=VeriSign Class 3 CA - Commercial Content/Software Publisher,
>OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98",
>OU=VeriSign Trust Network, O="VeriSign, Inc."
>    SerialNumber: [    53a74ccd ea997ca6 9597792a e72d8a52 ]
>Certificate Extensions: 6
>[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
>Extension unknown: DER encoded OCTET string =
>0000: 04 82 03 7E 16 82 03 7A   54 68 69 73 20 63 65 72  .......zThis cer
>0010: 74 69 66 69 63 61 74 65   20 69 6E 63 6F 72 70 6F  tificate incorpo
>0020: 72 61 74 65 73 20 62 79   20 72 65 66 65 72 65 6E  rates by referen
>0030: 63 65 2C 20 61 6E 64 20   0A 69 74 73 20 75 73 65  ce, and .its use
>0040: 20 69 73 20 73 74 72 69   63 74 6C 79 20 73 75 62   is strictly sub
>0050: 6A 65 63 74 20 74 6F 2C   20 74 68 65 20 56 65 72  ject to, the Ver
>0060: 69 53 69 67 6E 20 0A 43   65 72 74 69 66 69 63 61  iSign .Certifica
>0070: 74 69 6F 6E 20 50 72 61   63 74 69 63 65 20 53 74  tion Practice St
>0080: 61 74 65 6D 65 6E 74 20   28 43 50 53 29 2C 20 61  atement (CPS), a
>0090: 76 61 69 6C 61 62 6C 65   0A 69 6E 20 74 68 65 20  vailable.in the
>00A0: 56 65 72 69 53 69 67 6E   20 72 65 70 6F 73 69 74  VeriSign reposit
>00B0: 6F 72 79 20 61 74 3A 20   0A 68 74 74 70 73 3A 2F  ory at: .https:/
>00C0: 2F 77 77 77 2E 76 65 72   69 73 69 67 6E 2E 63 6F  /www.verisign.co
>00D0: 6D 3B 20 62 79 20 45 2D   6D 61 69 6C 20 61 74 0A  m; by E-mail at.
>00E0: 43 50 53 2D 72 65 71 75   65 73 74 73 40 76 65 72  CPS-requests@ver
>00F0: 69 73 69 67 6E 2E 63 6F   6D 3B 20 6F 72 20 62 79  isign.com; or by
>0100: 20 6D 61 69 6C 20 61 74   20 56 65 72 69 53 69 67   mail at VeriSig
>0110: 6E 2C 0A 49 6E 63 2E 2C   20 32 35 39 33 20 43 6F  n,.Inc., 2593 Co
>0120: 61 73 74 20 41 76 65 2E   2C 20 4D 6F 75 6E 74 61  ast Ave., Mounta
>0130: 69 6E 20 56 69 65 77 2C   20 43 41 20 39 34 30 34  in View, CA 9404
>0140: 33 20 55 53 41 0A 0A 43   6F 70 79 72 69 67 68 74  3 USA..Copyright
>0150: 20 28 63 29 31 39 39 36   20 56 65 72 69 53 69 67   (c)1996 VeriSig
>0160: 6E 2C 20 49 6E 63 2E 20   20 41 6C 6C 20 52 69 67  n, Inc.  All Rig
>0170: 68 74 73 20 0A 52 65 73   65 72 76 65 64 2E 20 0A  hts .Reserved. .
>0180: 0A 57 41 52 4E 49 4E 47   3A 20 54 48 45 20 55 53  .WARNING: THE US
>0190: 45 20 4F 46 20 54 48 49   53 20 43 45 52 54 49 46  E OF THIS CERTIF
>01A0: 49 43 41 54 45 20 49 53   20 53 54 52 49 43 54 4C  ICATE IS STRICTL
>01B0: 59 0A 53 55 42 4A 45 43   54 20 54 4F 20 54 48 45  Y.SUBJECT TO THE
>01C0: 20 56 45 52 49 53 49 47   4E 20 43 45 52 54 49 46   VERISIGN CERTIF
>01D0: 49 43 41 54 49 4F 4E 20   50 52 41 43 54 49 43 45  ICATION PRACTICE
>01E0: 0A 53 54 41 54 45 4D 45   4E 54 2E 20 20 54 48 45  .STATEMENT.  THE
>01F0: 20 49 53 53 55 49 4E 47   20 41 55 54 48 4F 52 49   ISSUING AUTHORI
>0200: 54 59 20 44 49 53 43 4C   41 49 4D 53 20 43 45 52  TY DISCLAIMS CER
>0210: 54 41 49 4E 0A 49 4D 50   4C 49 45 44 20 41 4E 44  TAIN.IMPLIED AND
>0220: 20 45 58 50 52 45 53 53   20 57 41 52 52 41 4E 54   EXPRESS WARRANT
>0230: 49 45 53 2C 20 49 4E 43   4C 55 44 49 4E 47 20 57  IES, INCLUDING W
>0240: 41 52 52 41 4E 54 49 45   53 0A 4F 46 20 4D 45 52  ARRANTIES.OF MER
>0250: 43 48 41 4E 54 41 42 49   4C 49 54 59 20 4F 52 20  CHANTABILITY OR
>0260: 46 49 54 4E 45 53 53 20   46 4F 52 20 41 20 50 41  FITNESS FOR A PA
>0270: 52 54 49 43 55 4C 41 52   0A 50 55 52 50 4F 53 45  RTICULAR.PURPOSE
>0280: 2C 20 41 4E 44 20 57 49   4C 4C 20 4E 4F 54 20 42  , AND WILL NOT B
>0290: 45 20 4C 49 41 42 4C 45   20 46 4F 52 20 43 4F 4E  E LIABLE FOR CON
>02A0: 53 45 51 55 45 4E 54 49   41 4C 2C 0A 50 55 4E 49  SEQUENTIAL,.PUNI
>02B0: 54 49 56 45 2C 20 41 4E   44 20 43 45 52 54 41 49  TIVE, AND CERTAI
>02C0: 4E 20 4F 54 48 45 52 20   44 41 4D 41 47 45 53 2E  N OTHER DAMAGES.
>02D0: 20 53 45 45 20 54 48 45   20 43 50 53 0A 46 4F 52   SEE THE CPS.FOR
>02E0: 20 44 45 54 41 49 4C 53   2E 0A 0A 43 6F 6E 74 65   DETAILS...Conte
>02F0: 6E 74 73 20 6F 66 20 74   68 65 20 56 65 72 69 53  nts of the VeriS
>0300: 69 67 6E 20 72 65 67 69   73 74 65 72 65 64 0A 6E  ign registered.n
>0310: 6F 6E 76 65 72 69 66 69   65 64 53 75 62 6A 65 63  onverifiedSubjec
>0320: 74 41 74 74 72 69 62 75   74 65 73 20 65 78 74 65  tAttributes exte
>0330: 6E 73 69 6F 6E 20 76 61   6C 75 65 20 73 68 61 6C  nsion value shal
>0340: 6C 20 0A 6E 6F 74 20 62   65 20 63 6F 6E 73 69 64  l .not be consid
>0350: 65 72 65 64 20 61 73 20   61 63 63 75 72 61 74 65  ered as accurate
>0360: 20 69 6E 66 6F 72 6D 61   74 69 6F 6E 20 76 61 6C   information val
>0370: 69 64 61 74 65 64 20 0A   62 79 20 74 68 65 20 49  idated .by the I
>0380: 41 2E                                              A.
>
>[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
>NetscapeCertType [
>     Object Signing
>]
>[3]: ObjectId: 1.3.6.1.4.1.311.2.1.27 Criticality=false
>Extension unknown: DER encoded OCTET string =
>0000: 04 08 30 06 01 01 00 01   01 FF                    ..0.......
>
>[4]: ObjectId: 2.16.840.1.113730.1.8 Criticality=false
>Extension unknown: DER encoded OCTET string =
>0000: 04 29 16 27 68 74 74 70   73 3A 2F 2F 77 77 77 2E  .).'https://www.
>0010: 76 65 72 69 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  verisign.com/rep
>0020: 6F 73 69 74 6F 72 79 2F   43 50 53                 ository/CPS
>
>[5]: ObjectId: 2.5.29.15 Criticality=false
>KeyUsage [
>    DigitalSignature
>    Key_Encipherment
>]
>[6]: ObjectId: 2.5.29.19 Criticality=false
>BasicConstraints:[
>CA:false
>PathLen: undefined
>]
>]
>    Algorithm: [MD5withRSA]
>    Signature:
>0000: 4E 45 6D 5E DA 5A 5D 5F   10 5B 75 73 5E 82 F7 D4  NEm^.Z]_.[us^...
>0010: EB E3 68 D0 AF BE C5 DF   BF 27 BE 0E 6C 5E 28 92  ..h......'..l^(.
>0020: 4F 13 CD 48 7C 15 E0 62   5C 2A 33 6C 1E A6 37 6F  O..H...b\*3l..7o
>0030: CA 89 35 D2 F5 B8 48 18   D1 9D 63 37 C6 76 7E 84  ..5...H...c7.v..
>0040: D2 7E 38 F8 42 5C E2 75   EA 36 8A 5C C5 C4 DE 4C  ..8.B\.u.6.\...L
>0050: 65 21 8D 60 ED 8D 58 8C   91 75 CD DB A8 B2 9E DD  e!.`..X..u......
>0060: BD 14 20 20 DF 09 D1 35   87 D0 5D F2 7B F6 08 0F  ..  ...5..].....
>0070: BA 7D BD B5 C2 C6 E0 B8   90 B7 82 9C BE 54 F5 86  .............T..
>
>]
>================================================================
>============== Certificate Element [1] ================
>[
>[
>    Version: V3
>    Subject: CN=VeriSign Class 3 CA - Commercial Content/Software
Publisher,
>OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98",
>OU=VeriSign Trust Network, O="VeriSign, Inc."
>    Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
>    Key:  com.sun.rsajca.JSA_RSAPublicKey@6a9d42
>    Validity: [From: Wed Dec 30 19:00:00 EST 1998,
>                 To: Wed Dec 31 18:59:59 EST 2008]
>    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
>Inc.", C=US
>    SerialNumber: [    49249b60 aea19b7b 0ed22603 bf43a9c1 ]
>Certificate Extensions: 6
>[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
>NetscapeCertType [
>     Object Signing CA]
>[2]: ObjectId: 2.5.29.32 Criticality=false
>Extension unknown: DER encoded OCTET string =
>0000: 04 40 30 3E 30 3C 06 0B   60 86 48 01 86 F8 45 01  .@0>0<..`.H...E.
>0010: 07 01 01 30 2D 30 2B 06   08 2B 06 01 05 05 07 02  ...0-0+..+......
>0020: 01 16 1F 77 77 77 2E 76   65 72 69 73 69 67 6E 2E  ...www.verisign.
>0030: 63 6F 6D 2F 72 65 70 6F   73 69 74 6F 72 79 2F 52  com/repository/R
>0040: 50 41                                              PA
>
>[3]: ObjectId: 2.5.29.31 Criticality=false
>Extension unknown: DER encoded OCTET string =
>0000: 04 2E 30 2C 30 2A A0 28   A0 26 86 24 68 74 74 70  ..0,0*.(.&.$http
>0010: 3A 2F 2F 63 72 6C 2E 76   65 72 69 73 69 67 6E 2E  ://crl.verisign.
>0020: 63 6F 6D 2F 70 63 61 33   2E 31 2E 31 2E 63 72 6C  com/pca3.1.1.crl
>
>[4]: ObjectId: 2.5.29.17 Criticality=false
>SubjectAlternativeName [
>[CN=Class3CA1-3]]
>[5]: ObjectId: 2.5.29.15 Criticality=false
>KeyUsage [
>    Key_CertSign
>    Crl_Sign
>]
>[6]: ObjectId: 2.5.29.19 Criticality=false
>BasicConstraints:[
>CA:true
>PathLen:0
>]
>]
>    Algorithm: [MD2withRSA]
>    Signature:
>0000: 72 A4 98 F2 99 F7 9F F5   65 26 7B B7 05 C0 12 E8  r.......e&......
>0010: 53 F0 8E 5C 28 9B 10 30   67 E0 02 98 69 9A CE BF  S..\(..0g...i...
>0020: 1B EB 12 AC 2B BA F1 E2   36 38 56 51 03 14 7F A7  ....+...68VQ....
>0030: D2 72 AB AA 40 96 E4 D8   1B D6 CC EE 63 88 DB 2F  .r..@.......c../
>0040: C3 DC 94 04 C4 6F 8A 3E   8C FA 80 4B 1E F4 0D 0E  .....o.>...K....
>0050: 35 6F 2B 3E 04 0E 0A 3C   E9 4F EF EC 1D 91 6D D9  5o+>...<.O....m.
>0060: 83 E7 66 8B C4 64 E8 C6   DF C2 7C 78 FD E7 61 A9  ..f..d.....x..a.
>0070: FE E2 02 0A 8E 72 65 D4   6D C7 7F D7 55 BE 84 69  .....re.m...U..i
>
>]
>================================================================
>============== Certificate Element [2] ================
>[
>[
>    Version: V1
>    Subject: OU=Class 3 Public Primary Certification Authority,
O="VeriSign,
>Inc.", C=US
>    Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2
>    Key:  com.sun.rsajca.JSA_RSAPublicKey@2aa14a
>    Validity: [From: Sun Jan 28 19:00:00 EST 1996,
>                 To: Wed Jan 07 18:59:59 EST 2004]
>    Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign,
>Inc.", C=US
>    SerialNumber: [    e49efdf3 3ae80ecf a5113e19 a4240232 ]
>]
>    Algorithm: [MD2withRSA]
>    Signature:
>0000: 61 70 EC 2F 3F 9E FD 2B   E6 68 54 21 B0 67 79 08  ap./?..+.hT!.gy.
>0010: 0C 20 96 31 8A 0D 7A BE   B6 26 DF 79 2C 22 69 49  . .1..z..&.y,"iI
>0020: 36 E3 97 77 62 61 A2 32   D7 7A 54 21 36 BA 02 C9  6..wba.2.zT!6...
>0030: 34 E7 25 DA 44 35 B0 D2   5C 80 5D B3 94 F8 F9 AC  4.%.D5..\.].....
>0040: EE A4 60 75 2A 1F 95 49   23 B1 4A 7C F4 B3 47 72  ..`u*..I#.J...Gr
>0050: 21 5B 7E 97 AB 54 AC 62   E7 5D EC AE 9B D2 C9 B2  ![...T.b.]......
>0060: 24 FB 82 AD E9 67 15 4B   BA AA A6 F0 97 A0 F6 B0  $....g.K........
>0070: 97 57 00 C8 0C 3C 09 A0   82 04 BA 41 DA F7 99 A4  .W...<.....A....
>
>]
>================================================================
>ssl_debug(1): Starting handshake (iSaSiLk 3.03)...
>ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
>ssl_debug(1): Received v3 server_hello handshake message.
>ssl_debug(1): Server selected SSL version 3.1.
>ssl_debug(1): Server created new session 48:71:F3:A5:A1:6E:A5:F5...
>ssl_debug(1): CipherSuite selected by server: SSL_RSA_WITH_3DES_EDE_CBC_SHA
>ssl_debug(1): CompressionMethod selected by server: NULL
>ssl_debug(1): Received certificate handshake message with server
>certificate.
>ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 2 elements.
>ssl_debug(1): ChainVerifier: No trusted certificate found, OK anyway.
>ssl_debug(1): Received certificate_request handshake message.
>ssl_debug(1): Accepted certificate types: RSA, DSA
>ssl_debug(1): Accepted certificate authorities:
>ssl_debug(1):   CN=VeriSign Class 3 Public Primary Certification Authority
>- G3,OU=(c) 1999 VeriSign, Inc. - For authorized use only,OU=VeriSign T
>rust
>Network,O=VeriSign, Inc.,C=US
>ssl_debug(1):   OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. - For
>authorized use only,OU=Class 3 Public Primary Certification Authority -
>G2,O=VeriSign, Inc.,C=US
>ssl_debug(1):   OU=Class 3 Public Primary Certification
>Authority,O=VeriSign, Inc.,C=US
>ssl_debug(1): Received server_hello_done handshake message.
>ssl_debug(1): No client certificate available, sending empty certificate
>message...
>ssl_debug(1): Sending client_key_exchange handshake message (1024 bit)...
>ssl_debug(1): Sending change_cipher_spec message...
>ssl_debug(1): Sending finished message...
>ssl_debug(1): Received change_cipher_spec message.
>ssl_debug(1): Received finished message.
>ssl_debug(1): Session added to session cache.
>ssl_debug(1): Handshake completed, statistics:
>ssl_debug(1): Read 2281 bytes in 3 records, wrote 281 bytes in 4 records.
>F
>Time: 7.912
>
>FAILURES!!!
>Test Results:
>Run: 1 Failures: 1 Errors: 0
>There was 1 failure:
>1) testPost(com.lightbridge.webpost.test.LbWebPostSSLClientTestCase)
>"Exception occurred while running testPost: HTTP client error: 403:
>https://cyclops.lightbridge.com/lbportal [[LbWebPost.receive]]"
>
>
>At 09:18 AM 3/19/2002 +0000, Dieter Bratko wrote:
>
> >Hello,
> >
> > > I positively added a Class 3 Verisgin certificate to the client side
> >context.
> >Does client cert you have added via addClientCredentials belong to a
chain
> >that leads to any of the CAs accepted by the server?:
> >
> >CN=VeriSign Class 3 Public Primary Certification Authority - G3,
> >OU=(c) 1999 VeriSign, Inc. - For authorized use only,
> >OU=VeriSign Trust Network,
> >O=VeriSign, Inc.,
> >C=US
> >
> >OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. - For authorized use
> >only,
> >OU=Class 3 Public Primary Certification Authority - G2,
> >O=VeriSign, Inc.,
> >C=US
> >
> >OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,
> >C=US
> >
> >Regards,
> >Dieter Bratko
> >
> >-----Ursprungliche Nachricht-----
> >Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
> >von Lei Gu
> >Gesendet: Dienstag, 19. Marz 2002 03:44
> >An: iaik-ssl@iaik.at
> >Betreff: [iaik-ssl]cu|| Why no client side certificate is available?
> >
> >
> >Hello,
> >I ran into a problem when I turn out client side certificate
>authentication
> >using HTTPS.
> >I add the client side certificate and private key to SSLClientContext but
> >the debug message
> >saying "no certificate was sent".
> >I know this question has been posted a few times and no one has given an
> >answer.
> >
> >Please help.
> >Thanks.
> >
> >Below is the output of the debug info:
> >--------------------------
> >sl_debug(1): Starting handshake (iSaSiLk 3.03)...
> >ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
> >ssl_debug(1): Received v3 server_hello handshake message.
> >ssl_debug(1): Server selected SSL version 3.1.
> >ssl_debug(1): Server created new session 48:71:3E:2A:26:D8:FA:75...
> >ssl_debug(1): CipherSuite selected by server:
>SSL_RSA_WITH_3DES_EDE_CBC_SHA
> >ssl_debug(1): CompressionMethod selected by server: NULL
> >ssl_debug(1): Received certificate handshake message with server
> >certificate.
> >ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 2
>elements.
> >ssl_debug(1): ChainVerifier: No trusted certificate found, OK anyway.
> >ssl_debug(1): Received certificate_request handshake message.
> >ssl_debug(1): Accepted certificate types: RSA, DSA
> >ssl_debug(1): Accepted certificate authorities:
> >ssl_debug(1):   CN=VeriSign Class 3 Public Primary Certification
Authority
> >- G3,
> >OU=(c) 1999 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust
> >Network,O
> >=VeriSign, Inc.,C=US
> >ssl_debug(1):   OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. -
For
> >autho
> >rized use only,OU=Class 3 Public Primary Certification Authority -
> >G2,O=VeriSign
> >, Inc.,C=US
> >ssl_debug(1):   OU=Class 3 Public Primary Certification
> >Authority,O=VeriSign, In
> >c.,C=US
> >ssl_debug(1): Received server_hello_done handshake message.
> >ssl_debug(1): No client certificate available, sending empty certificate
> >message
> >...
> >ssl_debug(1): Sending client_key_exchange handshake message (1024 bit)...
> >ssl_debug(1): Sending change_cipher_spec message...
> >ssl_debug(1): Sending finished message...
> >ssl_debug(1): Received change_cipher_spec message.
> >ssl_debug(1): Received finished message.
> >ssl_debug(1): Session added to session cache.
> >ssl_debug(1): Handshake completed, statistics:
> >ssl_debug(1): Read 2281 bytes in 3 records, wrote 281 bytes in 4 records.
> >F
> >Time: 11.266
> >
> >FAILURES!!!
> >============
> >
> >I positively added a Class 3 Verisgin certificate to the client side
> >context.
> >
> >Thanks again.
> >
> >
> >=====================
> >Lei Gu @ 4055
> >lgu@lightbridge.com
> >=====================
> >
> >--
> >Mailinglist-archive at
> >http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
> >
> >To unsubscribe send an email to listserv@iaik.at with the folowing
>content:
> >UNSUBSCRIBE iaik-ssl
>
>=====================
>Lei Gu @ 4055
>lgu@lightbridge.com
>=====================
>
>--
>Mailinglist-archive at
>http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
>To unsubscribe send an email to listserv@iaik.at with the folowing content:
>UNSUBSCRIBE iaik-ssl
>

=====================
Lei Gu @ 4055
lgu@lightbridge.com
=====================

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl