[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] How to do client authentication only?



I noticed that my problem has to do with native threads
on Solaris (we're using 2.8). If I run my programs on Windows
NT or on Solaris using Java's green threads on the client
side, the code (without any autohandshake settings) runs fine. 
This seems to indicate some (potential) synchronization problem 
somewhere in the background.

Regards and thanks, Gerald Brose.

Andreas Sterbenz wrote:
> 
> The code snippets you post seem to be ok but there must be a problem
> somewhere. A "deadlock" would indicate that both peers are in server mode
> and waiting for the other to send the first message. The second error
> looks like the handshake is not performed at all by one peer and plain
> application data is sent instead.
> 
> Note that you do not need to make any calls to setAutoHandshake() for
> client server reversal, you only need to make the calls to
> setUseClientMode() on both ends at a convenient place between socket
> creation and handshake start. AND you need to use an SSLServerContext on
> the peer then acting as the SSL server as it needs to get its
> certificates from somewhere.
> 
> Regards,
> 
>  Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.at
> 
> -----Ursprüngliche Nachricht-----
> Von: "Gerald Brose" <brose@inf.fu-berlin.de>
> An: <iaik-ssl@iaik.tu-graz.ac.at>
> Gesendet: Mittwoch, 06. September 2000 16:40
> Betreff: Re: [iaik-ssl] Hw to do client authentication only?
> 
> > Andreas Sterbenz wrote:
> > > ...
> > > Getting back to the original question, client-only authentication is
> not
> > > specified in the SSL/TLS protocol. Assuming you are using iSaSiLk (or
> > > some other product with this feature) on both ends of the connection
> you
> > > can somewhat achieve the equivalent by manually reversing the client
> and
> > > server roles using setUseClientMode().
> >
> > Ok, it seems a bit unwieldy, but alright. However, I run into
> > a deadlock when trying to do it like this:
> >
> > Client Server
> >
> > ss = new SSLServerSocket();
> > SSLSocket ssock = (SSLSocket)s.accept();
> > SSLServerContext cctx = new ...()
> > cctx.addServerCredentials(..)
> > SSLSocket csock = new SSLSocket(..., cctx);
> > ssock.setAutoHandshake(false);
> > ssock.setUseClientMode(true);
> > ssock.startHandshake();
> >
> > csock.setAutoHandshake(false);
> > csock.setUseClientMode(false);
> > csock.setAutoHandshake(true);

--
Gerald Brose,                       Mail:       brose@inf.fu-berlin.de
FU Berlin        (for PGP key see:) http://www.inf.fu-berlin.de/~brose
Institut f. Informatik              Ph-one:        (++49-30) 838-75112
Berlin, Germany                     Ph-ax:         (++49-30) 838-75109
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl