[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] No trusted certificate found




Hi!

I'm trying to use iSaSiLk 3.0 in a small client application, but the
library does not seem to verify the server certificate correctly. I know
that the certificate is correct, since the same application works fine
when I use Sun's JSSE 1.0.1. The server is written with OpenSSL and the
certificate is a self signed 1024 bit certificate created with the
openssl tool.

The client code and the corresponding debugging output is below.

Have I forgot something or what could be wrong? 


Kim Gunell


------8<---------8<---------
...
Got verifier: iaik.security.ssl.ChainVerifier@89d6f072
  Trusted: EmailAddress=Kim.Gunell@hut.fi, CN=Kim Gunell, OU=PDMG, O=TAI
Research Centre, L=Mariehamn, ST=Aaland, C=FI
ssl_debug(1): ChainVerifier: Found a trusted certificate, returning true
Certificate is trusted: true
ssl_debug(1): Starting handshake...
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.1.
ssl_debug(1): Server created new session 4A:39:14:71:82:0A:BD:CD...
ssl_debug(1): CipherSuite selected by server:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server
certificate.
ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 1
elements.
ssl_debug(1): ChainVerifier: No trusted certificate found, rejected.
ssl_debug(1): Sending alert: Alert Fatal: bad certificate
ssl_debug(1): Shutting down SSL layer...
ssl_debug(1): SSLException while handshaking: Server certificate
rejected by Cha
inVerifier
ssl_debug(1): Sending alert: Alert Fatal: handshake failure
ssl_debug(1): Shutting down SSL layer...
ssl_debug(1): Shutting down SSL layer...
....
------8<---------8<---------

  ...
  clientContext = new SSLClientContext();
  clientContext.setDebugStream(System.out);
  clientContext.addTrustedCertificate(cert);
  SSLSocket sslSocket = new SSLSocket(host, port, clientContext);
  ChainVerifier verifier = clientContext.getChainVerifier();
  System.out.println("Got verifier: " + verifier);  
  Enumeration enum = verifier.getTrustedPrincipals();
  while (enum.hasMoreElements()) {
    Principal p = (Principal) enum.nextElement();
    System.out.println("  Trusted: " + p.toString());
  }
  X509Certificate chain[] = { cert };
  System.out.println("Certificate is trusted: " 
	              + verifier.verifyChain(chain, null));
	    
  sslSocket.startHandshake();
  ...
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl