[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl] No trusted certificate found



Hello,

the cert added via clientContext.addTrustedCertificate(cert); is the
self-signed cert you mention?

Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.tu-graz.ac.at
[mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]Im Auftrag von Kim Gunell
Gesendet: Mittwoch, 14. Juni 2000 11:19
An: iaik-ssl@iaik.at
Betreff: [iaik-ssl] No trusted certificate found



Hi!

I'm trying to use iSaSiLk 3.0 in a small client application, but the
library does not seem to verify the server certificate correctly. I know
that the certificate is correct, since the same application works fine
when I use Sun's JSSE 1.0.1. The server is written with OpenSSL and the
certificate is a self signed 1024 bit certificate created with the
openssl tool.

The client code and the corresponding debugging output is below.

Have I forgot something or what could be wrong?


Kim Gunell


------8<---------8<---------
...
Got verifier: iaik.security.ssl.ChainVerifier@89d6f072
  Trusted: EmailAddress=Kim.Gunell@hut.fi, CN=Kim Gunell, OU=PDMG, O=TAI
Research Centre, L=Mariehamn, ST=Aaland, C=FI
ssl_debug(1): ChainVerifier: Found a trusted certificate, returning true
Certificate is trusted: true
ssl_debug(1): Starting handshake...
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1...
ssl_debug(1): Received v3 server_hello handshake message.
ssl_debug(1): Server selected SSL version 3.1.
ssl_debug(1): Server created new session 4A:39:14:71:82:0A:BD:CD...
ssl_debug(1): CipherSuite selected by server:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): CompressionMethod selected by server: NULL
ssl_debug(1): Received certificate handshake message with server
certificate.
ssl_debug(1): Server sent a 1024 bit RSA certificate, chain has 1
elements.
ssl_debug(1): ChainVerifier: No trusted certificate found, rejected.
ssl_debug(1): Sending alert: Alert Fatal: bad certificate
ssl_debug(1): Shutting down SSL layer...
ssl_debug(1): SSLException while handshaking: Server certificate
rejected by Cha
inVerifier
ssl_debug(1): Sending alert: Alert Fatal: handshake failure
ssl_debug(1): Shutting down SSL layer...
ssl_debug(1): Shutting down SSL layer...
....
------8<---------8<---------

  ...
  clientContext = new SSLClientContext();
  clientContext.setDebugStream(System.out);
  clientContext.addTrustedCertificate(cert);
  SSLSocket sslSocket = new SSLSocket(host, port, clientContext);
  ChainVerifier verifier = clientContext.getChainVerifier();
  System.out.println("Got verifier: " + verifier);
  Enumeration enum = verifier.getTrustedPrincipals();
  while (enum.hasMoreElements()) {
    Principal p = (Principal) enum.nextElement();
    System.out.println("  Trusted: " + p.toString());
  }
  X509Certificate chain[] = { cert };
  System.out.println("Certificate is trusted: "
	              + verifier.verifyChain(chain, null));

  sslSocket.startHandshake();
  ...
--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl




smime.p7s