[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] DSA certificate problem



Hello.
I'm nodifying a client/server app. to use DSA certificates instead
of RSA ones. At this point in time, I keep getting a handshake error
whose source I can't figure out:
[client output]
 ssl_debug(2): Received server_key_exchange handshake message.
 ssl_debug(2): Sending alert: Alert Fatal: decrypt error
 ssl_debug(2): Shutting down SSL layer...
 ssl_debug(2): SSLException while handshaking: ServerKeyExchange signature error.

(the complete debug outputs of the client and the server are appended
at the end of this message). 
My setup is as follows. I have two DSA certificates, one self-signed,
the other signed with the former's DSA private key. The signature
algorithm I'm using is AlgorithmID.dsaWithSHA. I'm able to manually verify each
certificate; ChainVerifier is able to verify the certificate chain I'm
using as the server's credentials (which consists of the self-signed
cert. followed by the second cert.) Thus I don't think it's the
certificates that are the problem. I'm using
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA as the cipher suite, and I've added
the IAIK provider.

Does anybody have a clue as to what's happening? Your help would be
greatly appreciated.
Thanks!

-Vadim G.
Imagine Software

output fro client and server follow:
[client output]
ssl_debug(1): Starting handshake...
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.1.
ssl_debug(1): Server created new session 1E:64:E7:D6:14:F9:CF:D8...
ssl_debug(1): CipherSuite selected by server: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server certificate.
ssl_debug(1): Server sent a 1024 bit DSA certificate, chain has 2 elements.
ssl_debug(1): ChainVerifier: Found a trusted certificate, returning true
ssl_debug(1): Received server_key_exchange handshake message.
ssl_debug(1): Sending alert: Alert Fatal: decrypt error
ssl_debug(1): Shutting down SSL layer...
ssl_debug(1): SSLException while handshaking: ServerKeyExchange signature error.
ssl_debug(1): Sending alert: Alert Fatal: handshake failure
ssl_debug(1): Shutting down SSL layer...
SSL Connection failed! iaik.security.ssl.SSLException: ServerKeyExchange signature error.

[server output]
ssl_debug(2): Starting handshake...
ssl_debug(2): Received v3 client_hello handshake message.
ssl_debug(2): Client requested SSL version 3.1, selecting version 3.1.
ssl_debug(2): Creating new session 53:C1:CC:77:64:64:11:D8...
ssl_debug(2): CipherSuites supported by the client:
ssl_debug(2): SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
ssl_debug(2): SSL_RSA_WITH_RC4_128_MD5
ssl_debug(2): CompressionMethods supported by the client:
ssl_debug(2): NULL
ssl_debug(2): Sending server_hello handshake message.
ssl_debug(2): Selecting CipherSuite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
ssl_debug(2): Selecting CompressionMethod: NULL
ssl_debug(2): Temporary domestic DH parameters not set, using defaults.
ssl_debug(2): Sending certificate handshake message with server certificate...
ssl_debug(2): Sending server_key_exchange handshake message...
ssl_debug(2): Sending server_hello_done handshake message...
ssl_debug(2): Received alert message: Alert Fatal: decrypt error
ssl_debug(2): SSLException while handshaking: Peer sent alert: Alert Fatal: decrypt error
ssl_debug(2): Sending alert: Alert Fatal: handshake failure
ssl_debug(2): Shutting down SSL layer...
ssl_debug(2): Shutting down SSL layer...
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl