Re: [Jessie-discuss] Re: TLS Client Peer not verified

[Casey Marshall]

On Apr 17, 2007, at 7:10 AM, chinmaya wrote:

> Hi
>
> Any one has used this stack for client side usage. Am I doing  
> anything wrong.
> Any feedback is greatly appreciated.

You are likely missing the CA certificates on the client side. I  
don't know what "TLSTrustManager.getManagers()" returns.

If you are using Jessie's trust manager (see the class  
X509TrustManagerFactory), you can instrument it to figure out why  
your certificate isn't verifying properly.

> thanks
> chinmaya
>
> On 4/9/07, chinmaya <address@hidden> wrote: Hi the  
> following TLS Client code works fine with Sun JSSE but when I  
> change it to Jessie, I get following errors
> On Client Side
> Exception in thread "main"  
> javax.net.ssl.SSLPeerUnverifiedException: peer not verified
>         at gnu.javax.net.ssl.Session.getPeerCertificateChain  
> (Session.java:161)
>         at TLSClient.startClient(TLSClient.java:132)
>         at TLSClient.main(TLSClient.java:261)
>
> On Server Side
> 09 Apr 2007 18:39:56,275 ERROR [ 10.1.0.18:59575] TLSServer: Error  
> while processing data
> java.io.EOFException
>         at gnu.javax.net.ssl.provider.SSLSocketImpl.doHandshake 
> (SSLSocketImpl.java:455)
>         at gnu.javax.net.ssl.provider.SSLSocketImpl 
> $SocketInputStream.read (SSLSocketImpl.java:150)
>         at sun.nio.cs.StreamDecoder$CharsetSD.readBytes 
> (StreamDecoder.java:411)
>         at sun.nio.cs.StreamDecoder$CharsetSD.implRead 
> (StreamDecoder.java:453)
>         at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183)
>         at java.io.InputStreamReader.read(InputStreamReader.java:167)
>         at java.io.BufferedReader.fill (BufferedReader.java:136)
>         at java.io.BufferedReader.read(BufferedReader.java:157)
>         at TLSDataListener.processData(TLSDataListener.java:26)
>         at TLSServer$2.run(TLSServer.java:200)
>
>
> Can you please tell me what is going wrong ?
> thanks in advance
> chinmaya
>
> -- code -- 
> SSLContext ctx;
> KeyManagerFactory kmf;
> KeyStore ks;
>
> String keyAlgo = null;
> //keyAlgo = "SunX509";
> keyAlgo = "JessieX509";
>
> Provider provider = null;
> provider = new Jessie();
> //provider = new com.sun.net.ssl.internal.ssl.Provider();
>
> ctx = SSLContext.getInstance("TLS", provider);
> kmf = KeyManagerFactory.getInstance(keyAlgo, provider);
> log.info("Loading pfx file: " + pfxFile);
>
> SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
> if(pfxFile != null) {
>   ks = KeyStore.getInstance("PKCS12", "BC");
>   fis = new FileInputStream(pfxFile);
>   ks.load(fis, pfxPass);
>   kmf.init(ks, pfxPass);
>   ctx.init(kmf.getKeyManagers(), TLSTrustManager.getManagers(),  
> random);
> } else {
>   ctx.init(null, TLSTrustManager.getManagers(), random);
> }
>
> SSLSocketFactory factory = ctx.getSocketFactory()
> SSLSocket sock = (SSLSocket)factory.createSocket(host, port);
> sock.setEnabledProtocols(new String[]{"TLSv1"});
> sock.setUseClientMode (true);
> sock.setEnabledCipherSuites(cipherSuits);
> sock.startHandshake();
>
> SSLSession sslsession = sock.getSession();
> log.debug ("TLS Session Details follows ... ");
> log.debug("Peer Host Address : " + sslsession.getPeerHost());
> log.debug("Protocol : " + sslsession.getProtocol());
> log.debug("Ciphersuite : " + sslsession.getCipherSuite ());
>
> String[] enP = sock.getEnabledProtocols();
> if(enP == null) {
>   log.error("Enabled protocols is null");
> } else {
>   for(int i=0;i<enP.length;i++) {
>     log.debug("Enabled Protocol: " + i + "=" + enP[i]);
>   }
> }
>
> X509Certificate[] peerCerts = sslsession.getPeerCertificateChain();
> log.debug("No. of Peer Certificates : " + peerCerts.length);
>
>
> _______________________________________________
> Jessie-discuss mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/jessie-discuss