[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-ssl] KeyManager blues




The KeyManager thing seems to only look for keys and certificates that
can match the cipher suite. ( wonder if it even looks at the "trusted
authority"). Are you sure you have a certificate compatible with the
ciphersuite that was selected?

-Polar

 On Wed, 15 Aug 2001, [iso-8859-1] Søren Hilmer wrote:

> Hi,
>
> I am trying to use JSSE with IAIK_JSSE as the underlying provider.
> I have one problem though, the Client SSL connection does not seam
> to be able to find a key/cert for doing client authentication.
>
> What I have is a keytool generated keystore, with an imported
> Verisign test certificate and rootcertificate.
>
> I then do:
>
> ctx = SSLContext.getInstance("SSLv3", "IAIK_JSSE");
>
> ks = KeyStore.getInstance("JKS");
> ks.load(new FileInputStream(keyStore),
>         keyStorePassword.getCharArray());
>
> kmf = KeyManagerFactory.getInstance("SunX509");
> kmf.init(ks, keyPassword.getCharArray());
> km = kmf.getKeyManagers();
>
> /*dumping of the keyManagers certifiCateChain, seams ok! (code removed
> for clarity)*/
>
> /*initialisation of trust manager removed for clarity */
>
> ctx.init(km,tms, null);
>
> /*socket/socketfactory creation code removed for clarity */
>
>
> This should be fairly straightforward, but when run I get:
>  [java] _____________________________________________
>  [java]
>  [java] installing IAIK JSSE provider
>  [java] This is only an early beta release!
>  [java] Be sure to use the right iSaSiLk version
>  [java] _____________________________________________
>  [java]
>  [java] IAIKJSSEProvider.getProperty SSLContext.SSLv3
>  [java] returning: iaik.security.jsse.IAIKSSLContextSSLv3
>  [java] IAIKSSLContext.enigneInit()
>  [java] IAIKSSLContext.engineGetSocketFactory()
>  [java] SSLSocketFactory Constructor called
>  [java] New Context : KeyManager
>  [java] JSSE CCTX
>  [java] Creating Socket 127.0.0.1:2000
>  [java] ssl_debug(1): Starting handshake (iSaSiLk 3.03)...
>  [java] ssl_debug(1): Sending v3 client_hello message, requesting
> version 3.0...
>  [java] ssl_debug(1): Received v3 server_hello handshake message.
>  [java] ssl_debug(1): Server selected SSL version 3.0.
>  [java] ssl_debug(1): Server created new session
> 73:9A:15:01:21:1B:01:B5...
>  [java] ssl_debug(1): CipherSuite selected by server:
> SSL_RSA_EXPORT_WITH_RC4_40_MD5
>  [java] ssl_debug(1): CompressionMethod selected by server: NULL
>  [java] ssl_debug(1): Received certificate handshake message with server
> certificate.
>  [java] ssl_debug(1): Server sent a 1023 bit RSA certificate, chain has
> 2 elements.
>  [java] Verify chain ...
>  [java] ssl_debug(1): Received server_key_exchange handshake message.
>  [java] ssl_debug(1): Received certificate_request handshake message.
>  [java] ssl_debug(1): Accepted certificate types: RSA, DSA
>  [java] ssl_debug(1): Accepted certificate authorities:
>  [java] ssl_debug(1):   (empty list)
>  [java] ssl_debug(1): Received server_hello_done handshake message.
>  [java] ssl_debug(1): No client certificate available, sending
> no_certificate warning...
>  [java] ssl_debug(1): Sending alert: Alert Warning: no certificate
>  [java] ssl_debug(1): Sending client_key_exchange handshake message (512
> bit)...
>  [java] ssl_debug(1): Sending change_cipher_spec message...
>  [java] ssl_debug(1): Exception sending message: java.io.IOException:
> Broken pipe
>
>
> Hope someone can help
>    Søren
>
>
> "When in doubt, it's a classpath problem."
>
> ----------------------------------------------------------------------
> Søren Hilmer, M.Sc.
> R&D manager                             Phone:  +45 86 78 21 00
> IT+ A/S                                	Fax:    +45 86 78 21 02
> Brendstrupgårdsvej 7                    Direct: +45 87 40 08 44
> 8200 Århus N                            Email:  sh@itplus.dk
> Denmark                                 WWW:    http://www.itplus.dk
> ----------------------------------------------------------------------
> --
> Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
> To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl
>
>

-------------------------------------------------------------------
Polar Humenn                  Adiron, LLC
mailto:polar@adiron.com       2-212 CST
Phone: 315-443-3171           Syracuse, NY 13244-4100
Fax:   315-443-4745           http://www.adiron.com

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl