|
From: | Casey Marshall |
Subject: | Re: [Jessie-discuss] TLS client authentication BAD_Certificate |
Date: | Tue, 17 Jun 2008 20:30:45 -0700 |
On Jun 17, 2008, at 12:37 AM, Gerhard Fliess wrote:
Casey Marshall schrieb:On Mon, Jun 16, 2008 at 10:04 AM, Gerhard Fliess <address@hidden> wrote:Hi,I am using gnu classpath.0.97.1 and the included jessie tls implementationin combination with bouncycastle provider for pkcs12 support.The goal is to open a tls connection with client autentication. The serveruses SUN TLS (jdk1.6).The client is running a jamvm compiled for debian linux (target plattform isarm linux).During the handshake I recieve a BAD_Certificate alert from the server.Has anyone exprience with this configuration?My guess is that Jessie is either having trouble verifying yourcertificate, or it is having trouble parsing the certificate. I recallsomeone else running into trouble with Jessie when it runs into certain certificate extensions, so that's what might be happening here.We need more information about your setup and the error you're gettingto help more. Also, for issues with using classpath itself (including Jessie-in-classpath) you can try the classpath list too.[..] I am using this setup: Client: - Debian Linux 2.6.18 - jamvm 1.5.1 - classpath 0.97.1 - bouncycastle provider bcprov15-139 Server: - Debian Linux - Sun jdk 1.6The error occurs during the handshake. The client answers server- hello, with write_certificate, write-client-key-exchange and write_certificate_verify. The client recieves the bad_certificate alert from the server caused by "certificate verify message signature error".
Hm, OK. I think now what might be happening is that Jessie has a bug in its signing code, which SUN TLS is rejecting. You might get further by turning on some debug logging on both ends (I'm pretty sure SUN's implementation has debug logging available; I know Jessie does), which might point out where the issue is.
Client-side certificates are unfortunately under-tested in Jessie.
[Prev in Thread] | Current Thread | [Next in Thread] |