[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl]cu|| SSL Exception question



Hi,

You can call function of SSLSocket class like

socket.setDebugStream(System.out); 

It will display debug output to System command line.

Good Luck
Nick

--- "Stickley, Jim" <JStickley@birch.com> wrote:
> How do I get the "handshake debug output"?
> 
> I will use the getPeerCertificateChain() to see if
> the transmitted
> certificate matches the certificate I have loaded in
> my CahinVerifier.
> 
> Thanks.
> 
> -----Original Message-----
> From: Dieter Bratko [mailto:Dieter.Bratko@iaik.at]
> Sent: Thursday, February 28, 2002 8:04 AM
> To: Stickley, Jim; iaik-ssl@iaik.at
> Subject: AW: [iaik-ssl]cu|| SSL Exception question
> 
> 
> Hello,
> 
> according to TLS spec "certificate unknown"
> indicates some other
> (unspecified) issue arose in processing the
> certificate, rendering
> it unacceptable.
> 
> As you see, this is a more general alert message
> indicating some
> (perhaps parsing) problems with the peer
> certificate? To you have
> a handshake debug output?
> 
> > Also, is there a way to capture the
> > Servers Certificate during runtime so I can
> compare it to the certificate
> I
> > have stored in my trustee certificate file?  I
> would like to be sure that
> > the server certificate I am authenticating against
> matches the one they
> sent
> > me.
> You may call method getPeerCertificateChain() of the
> SSLSocket you are using
> to get the certificates sent by the peer. However,
> if you have added the
> server cert itself as trusted cert to your
> ChainVerifier it is compared
> against the one sent by the server anyway.
> 
> Regards,
> Dieter Bratko
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: iaik-ssl-owner@iaik.at
> [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
> von Stickley, Jim
> Gesendet: Mittwoch, 27. Februar 2002 15:52
> An: 'iaik-ssl@iaik.at'
> Betreff: [iaik-ssl]cu|| SSL Exception question
> 
> 
> I am running a JacORB SSL Client that connects to an
> CORBA SSL Server
> (vendor unknown) which requires client
> authentication to successfully
> authenticate the connection.  I have the client SSL
> key/cert loaded into a
> IAIK cert file and I have the servers certificate
> loaded into a separate
> trustee file these files are referenced as follows:
> 
> 	CLIENT KEY AND CERT IS:
> jacorb.security.keystore=./keystore.iaik.cacerts
> 	SERVERS CERT IS:	
> jacorb.security.trustees=./SBC.cer
> 
> I know I am establishing a good TCP/IP connection
> and that it begins
> negotiating SSL, but for some reason SSL fails to
> authenticate.  What does
> the SSL exception found at the end of this e-mail
> mean and what are possible
> reasons for getting this exception?  Also, is there
> a way to capture the
> Servers Certificate during runtime so I can compare
> it to the certificate I
> have stored in my trustee certificate file?  I would
> like to be sure that
> the server certificate I am authenticating against
> matches the one they sent
> me.
> 
> Thanks.
> 
> EXCEPTION FOLLOWS:
> 
> [ starting authentication ]
> [ added Provider IAIK ]
> [ authentication succeeded ]
> [ AuthenticationStatus.SecAuthSuccess ]
> ############################ StackTrace
> ############################
> iaik.security.ssl.SSLException: Peer sent alert:
> Alert Fatal: certificate
> unknown
>         at iaik.security.ssl.r.f(Unknown Source)
>         at iaik.security.ssl.x.b(Unknown Source)
>         at iaik.security.ssl.x.a(Unknown Source)
>         at iaik.security.ssl.r.d(Unknown Source)
>         at
>
iaik.security.ssl.SSLTransport.startHandshake(Unknown
> Source)
>         at
>
iaik.security.ssl.SSLTransport.getInputStream(Unknown
> Source)
>         at
> iaik.security.ssl.SSLSocket.getInputStream(Unknown
> Source)
>         at
>
org.jacorb.orb.connection.ClientConnection.<init>(Unknown
> Source)
>         at
>
org.jacorb.orb.connection.ConnectionManager._getConnection(Unknown
> Source)
>         at
>
org.jacorb.orb.connection.ConnectionManager._getConnection(Unknown
> Source)
>         at
>
org.jacorb.orb.connection.ConnectionManager.getConnection(Unknown
> Source)
>         at org.jacorb.orb.Delegate.bind(Unknown
> Source)
>         at org.jacorb.orb.Delegate.request(Unknown
> Source)
>         at
>
org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:433)
>         at
>
ansi_t1_267.LSOG6._CustomerServiceInformationStub.submit(_CustomerServiceInf
> ormationStub.java:28)
>         at
>
com.Birch.Preorder.TestClient.ClientMain_JacORB_iaik.main(ClientMain_JacORB_
> iaik.java:271)
>
####################################################################
> [ Retrying connection to 155.179.117.233:28586 ]
> 
> <<<< This exception repeats 5 more times and then
> the following exception is
> thrown>>>>>>>>>>>>
> 
> org.omg.CORBA.TRANSIENT: Retries exceeded, couldn't
> connect to
> 155.179.117.233:28586  minor code: 0  completed: No
>         at
>
org.jacorb.orb.connection.ConnectionManager._getConnection(Unknown
> Source)
>         at
>
org.jacorb.orb.connection.ConnectionManager._getConnection(Unknown
> Source)
>         at
>
org.jacorb.orb.connection.ConnectionManager.getConnection(Unknown
> Source)
>         at org.jacorb.orb.Delegate.bind(Unknown
> Source)
>         at org.jacorb.orb.Delegate.request(Unknown
> Source)
>         at
>
org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:433)
>         at
>
ansi_t1_267.LSOG6._CustomerServiceInformationStub.submit(_CustomerServiceInf
> ormationStub.java:28)
>         at
>
com.Birch.Preorder.TestClient.ClientMain_JacORB_iaik.main(ClientMain_JacORB_
> iaik.java:271)
> 
> 
> Jim Stickley
> Birch Telecom
> jstickley@birch.com
> office: (816) 300-6743
> mobile: (816) 213-4878
> 
> 
> --
> Mailinglist-archive at
>
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
> 
> To unsubscribe send an email to listserv@iaik.at
> with the folowing content:
> UNSUBSCRIBE iaik-ssl
> 
> --
> Mailinglist-archive at
>
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
> 
> To unsubscribe send an email to listserv@iaik.at
> with the folowing content: UNSUBSCRIBE iaik-ssl
>  


__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl