[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] Client Authentication Problem



Hi folks,

(Please reply to: paul.igoe@sse.ie)

We've got a web proxy that requires the following functionality:

* Negotiate SSL with incoming web browser (no client authentication
required)
* Decide that client needs to be authenticated
* Force client to re-authenticate on the *existing* socket
* Use the client's certificate to make an access control decision

The problem is that when we attempt to re-negotiate the session with client
authentication
enabled, nothing seems to happen. The browser doesn't prompt for a client
certificate, and
no debug output is produced. It's like the re-negotiation simply doesn't
take place... :0(

We're using:

IAIK-JCE2.6.1
iSaSiLk 4.0b1
JSSE 1.0.1

We've encountered the same problem regardless of whether we call
IAIKJSSEProvider.addAsProvider();
(So, it looks like Sun's implementation is experiencing the same problem?)

I've attached a simple example server (a re-hash of Main.java included with
iSaSiLk4.0b1) that can be tested with IE/Netscape web clients.

To run the server, you need:

1) A PKCS#12 file with key and cert of the web server.
2) The certificate of the CA trusted by the web server to issue client
certificates.

Could somebody shed some light on this for us, please!?

Many thanks in advance,

Andy



AlwaysTrustManager.java

TestSSLServer.java