Re: [Jessie-discuss] TLS client authentication BAD

jessie-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Jessie-discuss] TLS client authentication BAD_Certificate

From:	Casey Marshall
Subject:	Re: [Jessie-discuss] TLS client authentication BAD_Certificate
Date:	Tue, 17 Jun 2008 20:30:45 -0700

On Jun 17, 2008, at 12:37 AM, Gerhard Fliess wrote:

Casey Marshall schrieb:
On Mon, Jun 16, 2008 at 10:04 AM, Gerhard Fliess <address@hidden> wrote:
Hi,
I am using gnu classpath.0.97.1 and the included jessie tlsimplementation
in combination with bouncycastle provider for pkcs12 support.
The goal is to open a tls connection with client autentication.The server
uses SUN TLS (jdk1.6).
The client is running a jamvm compiled for debian linux (targetplattform is
arm linux).
During the handshake I recieve a BAD_Certificate alert from theserver.
Has anyone exprience with this configuration?
My guess is that Jessie is either having trouble verifying your
certificate, or it is having trouble parsing the certificate. Irecall
someone else running into trouble with Jessie when it runs into
certain certificate extensions, so that's what might be happening
here.
We need more information about your setup and the error you'regetting
to help more. Also, for issues with using classpath itself (including
Jessie-in-classpath) you can try the classpath list too.
[..]

I am using this setup:

Client:

- Debian Linux 2.6.18
- jamvm 1.5.1
- classpath 0.97.1
- bouncycastle provider bcprov15-139

Server:

- Debian Linux
- Sun jdk 1.6
The error occurs during the handshake. The client answers server-hello, with write_certificate, write-client-key-exchange andwrite_certificate_verify. The client recieves the bad_certificatealert from the server caused by "certificate verify messagesignature error".

Hm, OK. I think now what might be happening is that Jessie has a bugin its signing code, which SUN TLS is rejecting. You might get furtherby turning on some debug logging on both ends (I'm pretty sure SUN'simplementation has debug logging available; I know Jessie does), whichmight point out where the issue is.


Client-side certificates are unfortunately under-tested in Jessie.

[Prev in Thread]

Current Thread

[Next in Thread]

[Jessie-discuss] TLS client authentication BAD_Certificate, Gerhard Fliess, 2008/06/16
- Re: [Jessie-discuss] TLS client authentication BAD_Certificate, Casey Marshall, 2008/06/16
  - Re: [Jessie-discuss] TLS client authentication BAD_Certificate, Gerhard Fliess, 2008/06/17
    - Re: [Jessie-discuss] TLS client authentication BAD_Certificate, Casey Marshall <=
    - Re: [Jessie-discuss] TLS client authentication BAD_Certificate, Gerhard Fliess, 2008/06/18
    - Re: [Jessie-discuss] TLS client authentication BAD_Certificate, Casey Marshall, 2008/06/18

Prev by Date: Re: [Jessie-discuss] TLS client authentication BAD_Certificate
Next by Date: Re: [Jessie-discuss] TLS client authentication BAD_Certificate
Previous by thread: Re: [Jessie-discuss] TLS client authentication BAD_Certificate
Next by thread: Re: [Jessie-discuss] TLS client authentication BAD_Certificate
Index(es):
- Date
- Thread