[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: Re: Java + SSL

Only use the uri: ldaps://host.domain/.
Don't use the start_tls_s command.
Tls is already started on the server.
Your programm starts to communicate using ldaps and cannot use start_tls_s
because it is already started.


____________________________________________________
Franz Skale
mainwork information technology AG
IT-Services
Tech Gate Vienna
Donaucitystrasse 1
A-1220 Wien
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
e-mail: f.skale@mainwork.com
Internet: http://www.mainwork.com


                                                                                                                                 
                    "Zamangoer, Ferruh"                                                                                          
                    <ferruh.zamangoer@materna.        An:     "'openldap-software@openldap.org'"                                 
                    de>                               <openldap-software@OpenLDAP.org>                                           
                    Gesendet von:                     Kopie:                                                                     
                    owner-openldap-software@Op        Thema:  Re: Java + SSL                                                     
                    enLDAP.org                                                                                                   
                                                                                                                                 
                                                                                                                                 
                    03.04.2002 15:28                                                                                             
                                                                                                                                 
                                                                                                                                 




Thanks I think that's right way. I have become communication with the
server.
Following Error occurs on slapd:


daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
slapd startup: initiated.
slapd starting
ldap_pvt_gethostbyname_a: host=solo, r=0
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS: can't accept.
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10

The java throws following Exception :

javax.naming.CommunicationException: xxx.xxx.xxx.xxx:636.  Root exception
is
javax.net.ssl.SSLException: untrusted server cert chain            at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
 at
com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage
([DashoPro-V1.2-
120198])        at
com.sun.net.ssl.internal.ssl.Handshaker.process_record
([DashoPro-V1.2-120198
])         at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])


(Thanks)²

regards
Ferruh



-----Ursprüngliche Nachricht-----
Von: Rabellino Sergio [mailto:rabellino@di.unito.it]
Gesendet: Mittwoch, 3. April 2002 14:42
An: openssl-users@openssl.org
Betreff: Re: Java + SSL


"Zamangoer, Ferruh" wrote:
>
> Hi All,
>
> have anybody experiences with the following Error, which occurs when I
want
> to use the example from the JNDI ==> LDAP ==> Security to connect to an
LDAP
> Server over SSL:
>
> <cutscence>
> // Set up the environment for creating the initial context
> Hashtable env = new Hashtable();
> env.put(Context.INITIAL_CONTEXT_FACTORY,
>     "com.sun.jndi.ldap.LdapCtxFactory");
> env.put(Context.PROVIDER_URL, "ldap://localhost:636/o=JNDITutorial";);
>
> // Specify SSL
> env.put(Context.SECURITY_PROTOCOL, "ssl");
>
> // Authenticate as S. User and password "mysecret"
> env.put(Context.SECURITY_AUTHENTICATION, "simple");
> env.put(Context.SECURITY_PRINCIPAL, "cn=S. User, ou=NewHires,
> o=JNDITutorial");
> env.put(Context.SECURITY_CREDENTIALS, "mysecret");
>
> // Create the initial context
> DirContext ctx = new InitialDirContext(env);
>
> // ... do something useful with ctx
> </cutscence>
>
> I become the following Error "Root exception is java.net.SocketException:
> SSL implementation not available". I use also jsse.jar which is needed to
> run SSL.
>
> Can anybody help me :)
>
> Thanks in advance
>
> regards Ferruh
It seems that jsse is not correctly installed in you VM. Follow the
instruction embedded with the jsse for the correct definition of the
security provider in the
JRE_HOME/lib/security/java.security
config file.
--
Dott. Sergio Rabellino

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)
 Member of the Internet Society

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org