[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] Client Authentication Problem

Hi folks,

(Please reply to: paul.igoe@sse.ie)

We've got a web proxy that requires the following functionality:

* Negotiate SSL with incoming web browser (no client authentication
* Decide that client needs to be authenticated
* Force client to re-authenticate on the *existing* socket
* Use the client's certificate to make an access control decision

The problem is that when we attempt to re-negotiate the session with client
enabled, nothing seems to happen. The browser doesn't prompt for a client
certificate, and
no debug output is produced. It's like the re-negotiation simply doesn't
take place... :0(

We're using:

iSaSiLk 4.0b1
JSSE 1.0.1

We've encountered the same problem regardless of whether we call
(So, it looks like Sun's implementation is experiencing the same problem?)

I've attached a simple example server (a re-hash of Main.java included with
iSaSiLk4.0b1) that can be tested with IE/Netscape web clients.

To run the server, you need:

1) A PKCS#12 file with key and cert of the web server.
2) The certificate of the CA trusted by the web server to issue client

Could somebody shed some light on this for us, please!?

Many thanks in advance,