[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: [iaik-ssl]cu|| Intermittent SSL connections from an Applet



Attached is the stack dump.  I'll try to get the client context config...

[ Adding CA x:\twall\dome\cas\771ac538.0 ]
[ Adding CA x:\twall\dome\cas\snowwhite.pem ]
[ Adding CA x:\twall\dome\cas\oculus-ca.pem ]
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Starting handshake...
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Sending v3 client_hello message, requesting version 3.1...
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Received v3 server_hello handshake message.
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Server selected SSL version 3.1.
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Server created new session 52:78:1B:A1:11:71:B3:60...
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: CipherSuite selected by server: SSL_RSA_WITH_3DES_EDE_CBC_SHA
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: CompressionMethod selected by server: NULL
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Received certificate handshake message with server certificate.
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Server sent a 1024 bit RSA certificate, chain has 2 elements.
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.ChainVerifier.verifyChain(ChainVerifier.java:22): Cert 0
 *.security.ChainVerifier.verifyChain(ChainVerifier.java:23): DN: EMail=demo@show.me,CN=Demo Guy,O=OTC,ST=MA,C=US
 *.security.ChainVerifier.verifyChain(ChainVerifier.java:24): Issuer: EMail=snowwhite@small.door,CN=Snowwhite,O=OTC,L=Boston,ST=MA,C=US
 *.security.ChainVerifier.verifyChain(ChainVerifier.java:22): Cert 1
 *.security.ChainVerifier.verifyChain(ChainVerifier.java:23): DN: EMail=snowwhite@small.door,CN=Snowwhite,O=OTC,L=Boston,ST=MA,C=US
 *.security.ChainVerifier.verifyChain(ChainVerifier.java:24): Issuer: EMail=snowwhite@small.door,CN=Snowwhite,O=OTC,L=Boston,ST=MA,C=US
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: ChainVerifier: Found a trusted certificate, returning true
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.ChainVerifier.verifyChain(ChainVerifier.java:27): Certificate chain, accepted
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Received certificate_request handshake message.
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Received server_hello_done handshake message.
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Sending certificate handshake message with RSA client certificate...
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Sending client_key_exchange handshake message (1024 bit)...
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Sending certificate_verify handshake message...
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Sending change_cipher_spec message...
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Shutting down SSL layer...
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Ignoring exception sending closure alert: java.net.SocketException: Connection aborted by peer: socket write error
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: IOException while handshaking: Connection aborted by peer: socket write error
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Sending alert: Alert Fatal: handshake failure
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Shutting down SSL layer...
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

 *.security.SSLWriter.write(SSLWriter.java:15): SSL: Shutting down SSL layer...
 *.security.SSLWriter.write(SSLWriter.java:15): SSL: 

############################ StackTrace ############################
java.net.SocketException: Connection aborted by peer: socket write error
	at java.net.SocketOutputStream.socketWrite(Native Method)
	at java.net.SocketOutputStream.write(Unknown Source)
	at iaik.security.ssl.OutputRecord.h(Unknown Source)
	at iaik.security.ssl.OutputRecord.d(Unknown Source)
	at iaik.security.ssl.r.b(Unknown Source)
	at iaik.security.ssl.x.a(Unknown Source)
	at iaik.security.ssl.x.f(Unknown Source)
	at iaik.security.ssl.r.c(Unknown Source)
	at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
	at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)
	at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)
	at org.jacorb.orb.connection.ClientConnection.<init>(ClientConnection.java:93)
	at org.jacorb.orb.connection.ConnectionManager._getConnection(ConnectionManager.java:261)
	at org.jacorb.orb.connection.ConnectionManager._getConnection(ConnectionManager.java:117)
	at org.jacorb.orb.connection.ConnectionManager.getConnection(ConnectionManager.java:368)
	at org.jacorb.orb.Delegate.bind(Delegate.java:187)
	at org.jacorb.orb.Delegate.request(Delegate.java:1159)
	at org.omg.CORBA.portable.ObjectImpl._request(Unknown Source)
	at com.oculustech.DOME.CORBA._ServerStub.getModule(_ServerStub.java:831)
	at com.oculustech.DOME.client.api.Server.getModule(Server.java:46)
	at com.oculustech.DOME.client.api.DOME.getModule(DOME.java:204)
	at com.oculustech.DOME.client.applet.NumberGraphDemo.connect(NumberGraphDemo.java:100)
	at com.oculustech.DOME.client.applet.COApplet$3.run(COApplet.java:139)
####################################################################


On Monday, April 15, 2002, at 11:39 AM, Dieter Bratko wrote:

> Hello,
>
> do you have any (client and server) side handshake debug output
> and information about the SSLClientContext configuration
> (sslClientContext.toString())?
>
>> I installed the stack overflow workaround (putting the IAIK provider
>> second).  But now it seems that 90% of the time, the applet can not
>> establish a server connection (I'm using the jdk1.3_rc02 plugin for 
>> w32,
>> with OBJECT and EMBED tags in the html).
> This may not be required for JDK1.3 (except when using SUN?s JCE1.2.1
> framework).
>
> Alternatively you may try to use our applet edition.
>
> Regards,
> Dieter Bratko
>
>
> -----Ursprungliche Nachricht-----
> Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
> von Timothy Wall
> Gesendet: Freitag, 12. April 2002 17:14
> An: iaik-jce@iaik.at; iaik-ssl@iaik.at
> Betreff: [iaik-ssl]cu|| Intermittent SSL connections from an Applet
>
>
> I'm trying to get a signed applet to communicate with my server, but the
> SSL connection is nearly always being terminated after the handshake
> (the last messages output by the ssl layer are "Sending
> change_ccipher_spec message, Sending finished message", then connection
> reset by peer: JVM_recv, as if the server shut down the connection).
>
> I installed the stack overflow workaround (putting the IAIK provider
> second).  But now it seems that 90% of the time, the applet can not
> establish a server connection (I'm using the jdk1.3_rc02 plugin for w32,
> with OBJECT and EMBED tags in the html).
>
> None of this is an issue from normal java application code (the
> application can connect every time).  The applet and the application are
> using the same application-level connection code.  I've set the applet
> up with a "reconnect" button that re-attempts the connection; after 10
> or so tries, it'll finally connect.
>
> Any clues as to what's going on here?  I'm using mico+openssl on the
> server side, jacorb + iaik on the client side.
>
> --
> Mailinglist-archive at
> http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
>
> To unsubscribe send an email to listserv@iaik.at with the folowing 
> content:
> UNSUBSCRIBE iaik-ssl
>
>