[stunnel-users] Stunnel & Java SSL

• Previous message (by thread): [stunnel-users] Stunnel & Java SSL
• Next message (by thread): [stunnel-users] SSL read returned WANT_: retrying
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Managed to sort this issue out by upgrading my JVM to 1.5.0 and adding the
certificated in under the Java control panel.
Ran into another problem afterwards with my application generating an
UNKNOWN PROTOCOL error on the 3rd TCP session after successfully accepting
the first two... very strange.  I think I'm going to have to give up on
the idea of using Java's or IE's SSL system and use Stunnel as a client
too.   Found a great GUI for Stunnel on Mac OS X called SSL Enabler, shame
theres not one as nice for Windows!

Richard Watson


> Upgrade your OpenSSL package for a start... it's up to .9.7d, tho I use
> .9.7a.  Re-compile OpenSSL on your machine... try then.
>
> Did you download a binary of STunnel?
>
> -----Original Message-----
> From: stunnel-users-bounces at mirt.net
> [mailto:stunnel-users-bounces at mirt.net] On Behalf Of
> richard at oversight.co.nz
> Sent: Friday, 29 October 2004 11:47 a.m.
> To: stunnel-users at mirt.net
> Subject: [stunnel-users] Stunnel & Java SSL
>
> I'm developing a website where a java applet is downloaded over an
> https session provided by Stunnel (stunnel 4.04 on i586-pc-linux-gnu
> PTHREAD with OpenSSL 0.9.6c 21 dec 2001) running on port 1080.
> The applet codebase in the html code is set to
> https://x.x.x.x:1080/xxxx.jar
>
> To complicate this issue, Stunnel is set to verify=3 i.e. it requires a
> valid client certificate.
> It seems that the java implementation of SSL (JVM  1.4.1_03) won't
> respond to prompts for client certificates??
> Stunnel simply times out with the following error....
>
> 2004.10.29 11:45:34 LOG7[6881:1024]: service accepted FD=10 from
> 192.168.1.2:19302004.10.29 11:45:34 LOG7[6881:1024]: FD 10 in
> non-blocking mode
> 2004.10.29 11:45:34 LOG7[6897:6146]: service finished (0 left)
> 2004.10.29 11:45:34 LOG7[6898:7171]: service started
> 2004.10.29 11:45:34 LOG5[6898:7171]: service connected from
> 192.168.1.2:1930 2004.10.29 11:45:34 LOG7[6898:7171]: SSL state
> (accept): before/accept initialization2004.10.29 11:45:34
> LOG7[6898:7171]: waitforsocket: FD=10, DIR=read
> 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: ok
> 2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 read
> client hello A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept):
> SSLv3 write server hello A2004.10.29 11:45:39 LOG7[6898:7171]: SSL
> state (accept): SSLv3 write
> certificate A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept):
> SSLv3 write
> certificate request A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state
> (accept): SSLv3 flush data
> 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: FD=10, DIR=read
> 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: ok
> 2004.10.29 11:45:39 LOG7[6898:7171]: SSL alert (read): warning: no
> certificate2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: FD=10,
> DIR=read
> 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: ok
> 2004.10.29 11:45:39 LOG7[6898:7171]: SSL alert (write): fatal:
> handshake failure2004.10.29 11:45:39 LOG3[6898:7171]: SSL_accept:
> 140890C7:
> error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not
> return a certificate2004.10.29 11:45:39 LOG7[6898:7171]: service
> finished (0 left)
>
> Does anyone know a way around this?
>
> Thank you,
>
> Richard Watson
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users

• Previous message (by thread): [stunnel-users] Stunnel & Java SSL
• Next message (by thread): [stunnel-users] SSL read returned WANT_: retrying
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]