[Date Prev][Date Next] [Chronological] [Thread] [Top]

Antwort: Re: Java + SSL

Only use the uri: ldaps://host.domain/.
Don't use the start_tls_s command.
Tls is already started on the server.
Your programm starts to communicate using ldaps and cannot use start_tls_s
because it is already started.

Franz Skale
mainwork information technology AG
Tech Gate Vienna
Donaucitystrasse 1
A-1220 Wien
Tel: +43 1 333 48 58-0
Fax: +43 1 333 48 58-24
e-mail: f.skale@mainwork.com
Internet: http://www.mainwork.com

                    "Zamangoer, Ferruh"                                                                                          
                    <ferruh.zamangoer@materna.        An:     "'openldap-software@openldap.org'"                                 
                    de>                               <openldap-software@OpenLDAP.org>                                           
                    Gesendet von:                     Kopie:                                                                     
                    owner-openldap-software@Op        Thema:  Re: Java + SSL                                                     
                    03.04.2002 15:28                                                                                             

Thanks I think that's right way. I have become communication with the
Following Error occurs on slapd:

daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
slapd startup: initiated.
slapd starting
ldap_pvt_gethostbyname_a: host=solo, r=0
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
connection_get(10): got connid=0
connection_read(10): checking for input on id=0
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS: can't accept.
connection_read(10): TLS accept error error=-1 id=0, closing
connection_closing: readying conn=0 sd=10 for close
connection_close: conn=0 sd=10

The java throws following Exception :

javax.naming.CommunicationException: xxx.xxx.xxx.xxx:636.  Root exception
javax.net.ssl.SSLException: untrusted server cert chain            at
120198])        at
])         at



-----Ursprüngliche Nachricht-----
Von: Rabellino Sergio [mailto:rabellino@di.unito.it]
Gesendet: Mittwoch, 3. April 2002 14:42
An: openssl-users@openssl.org
Betreff: Re: Java + SSL

"Zamangoer, Ferruh" wrote:
> Hi All,
> have anybody experiences with the following Error, which occurs when I
> to use the example from the JNDI ==> LDAP ==> Security to connect to an
> Server over SSL:
> <cutscence>
> // Set up the environment for creating the initial context
> Hashtable env = new Hashtable();
>     "com.sun.jndi.ldap.LdapCtxFactory");
> env.put(Context.PROVIDER_URL, "ldap://localhost:636/o=JNDITutorial";);
> // Specify SSL
> env.put(Context.SECURITY_PROTOCOL, "ssl");
> // Authenticate as S. User and password "mysecret"
> env.put(Context.SECURITY_AUTHENTICATION, "simple");
> env.put(Context.SECURITY_PRINCIPAL, "cn=S. User, ou=NewHires,
> o=JNDITutorial");
> env.put(Context.SECURITY_CREDENTIALS, "mysecret");
> // Create the initial context
> DirContext ctx = new InitialDirContext(env);
> // ... do something useful with ctx
> </cutscence>
> I become the following Error "Root exception is java.net.SocketException:
> SSL implementation not available". I use also jsse.jar which is needed to
> run SSL.
> Can anybody help me :)
> Thanks in advance
> regards Ferruh
It seems that jsse is not correctly installed in you VM. Follow the
instruction embedded with the jsse for the correct definition of the
security provider in the
config file.
Dott. Sergio Rabellino

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)
 Member of the Internet Society

Tel. +39-0116706701
Fax. +39-011751603
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org