[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] KeyManager::chooseClientAlias Fails (SSL, Client Certificates)



I use SUNs JSSE to establish an SSL connection. 

I replaced the standard SUN key store with the IAIKKeyStore key store 

	ks = KeyStore.getInstance("IAIKKeyStore", "IAIK");

I use SUNs standard key manager

	kmf = KeyManagerFactory.getInstance("SunX509");

When the server sends the list of acceptable CAs to the client for the
client to choose a certificate to be sent back to the server, the method 

	public String chooseClientAlias(String keyType, Principal[] issuers)


of the key manager is called. Both keyType (RSA) and the list of principals
looks fine, but the method always returns NULL.

The client certificate in the key store, though, is fine, because if I force
a specific client certificate to be used by explicitly returning the alias
of that certificate in chooseClientAlias, the SSL hand shake is completed
successfully.

Questions: 
(1) how can I use SUNs standard key manager with the IAIKKeyStore key store?
(2) and if that does not work, does IAIK have a replacement key manager that
does work with the IAIKKeyStore key store?

Thanks,
--adrian.

-------------------------------------------------------
Adrian Turtschi, MCSD, MCSE
Senior Developer/Architect
KPMG LLP, Global Knowledge Exchange
99 High Street; 15th floor; #15A-319
Boston, MA 02110
phone: +1 617 988 5431; fax: +1 617 988 6970
Internet e-mail: aturtschi@kpmg.com  
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl