[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Java + SSL



Hi,

If you're using simple authentication why are you using ssl port?  In the
example that's provided the use 389 port.  env.put(Context.PROVIDER_URL,
"ldap://localhost:389/o=JNDITutorial";);

It seems to me that the problem is with the certificate and it's not being
accepted.
Leila

----- Original Message -----
From: "Zamangoer, Ferruh" <ferruh.zamangoer@materna.de>
To: "'openldap-software@openldap.org'" <openldap-software@OpenLDAP.org>
Sent: Wednesday, April 03, 2002 5:28 AM
Subject: Re: Java + SSL


> Thanks I think that's right way. I have become communication with the
> server.
> Following Error occurs on slapd:
>
>
> daemon_init: 2 listeners opened
> slapd init: initiated server.
> slap_sasl_init: initialized!
> slapd startup: initiated.
> slapd starting
> ldap_pvt_gethostbyname_a: host=solo, r=0
> connection_get(10): got connid=0
> connection_read(10): checking for input on id=0
> TLS trace: SSL_accept:before/accept initialization
> TLS trace: SSL_accept:SSLv3 read client hello A
> TLS trace: SSL_accept:SSLv3 write server hello A
> TLS trace: SSL_accept:SSLv3 write certificate A
> TLS trace: SSL_accept:SSLv3 write server done A
> TLS trace: SSL_accept:SSLv3 flush data
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> connection_get(10): got connid=0
> connection_read(10): checking for input on id=0
> TLS trace: SSL_accept:error in SSLv3 read client certificate A
> TLS: can't accept.
> connection_read(10): TLS accept error error=-1 id=0, closing
> connection_closing: readying conn=0 sd=10 for close
> connection_close: conn=0 sd=10
>
> The java throws following Exception :
>
> javax.naming.CommunicationException: xxx.xxx.xxx.xxx:636.  Root exception
is
> javax.net.ssl.SSLException: untrusted server cert chain at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198]) at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.a([DashoPro-V1.2-120198])
> at
>
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage([DashoPro-V1.2-
> 120198]) at
>
com.sun.net.ssl.internal.ssl.Handshaker.process_record([DashoPro-V1.2-120198
> ]) at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.a([DashoPro-V1.2-120198])
>
>
> (Thanks)²
>
> regards
> Ferruh
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Rabellino Sergio [mailto:rabellino@di.unito.it]
> Gesendet: Mittwoch, 3. April 2002 14:42
> An: openssl-users@openssl.org
> Betreff: Re: Java + SSL
>
>
> "Zamangoer, Ferruh" wrote:
> >
> > Hi All,
> >
> > have anybody experiences with the following Error, which occurs when I
> want
> > to use the example from the JNDI ==> LDAP ==> Security to connect to an
> LDAP
> > Server over SSL:
> >
> > <cutscence>
> > // Set up the environment for creating the initial context
> > Hashtable env = new Hashtable();
> > env.put(Context.INITIAL_CONTEXT_FACTORY,
> >     "com.sun.jndi.ldap.LdapCtxFactory");
> > env.put(Context.PROVIDER_URL, "ldap://localhost:636/o=JNDITutorial";);
> >
> > // Specify SSL
> > env.put(Context.SECURITY_PROTOCOL, "ssl");
> >
> > // Authenticate as S. User and password "mysecret"
> > env.put(Context.SECURITY_AUTHENTICATION, "simple");
> > env.put(Context.SECURITY_PRINCIPAL, "cn=S. User, ou=NewHires,
> > o=JNDITutorial");
> > env.put(Context.SECURITY_CREDENTIALS, "mysecret");
> >
> > // Create the initial context
> > DirContext ctx = new InitialDirContext(env);
> >
> > // ... do something useful with ctx
> > </cutscence>
> >
> > I become the following Error "Root exception is
java.net.SocketException:
> > SSL implementation not available". I use also jsse.jar which is needed
to
> > run SSL.
> >
> > Can anybody help me :)
> >
> > Thanks in advance
> >
> > regards Ferruh
> It seems that jsse is not correctly installed in you VM. Follow the
> instruction embedded with the jsse for the correct definition of the
> security provider in the
> JRE_HOME/lib/security/java.security
> config file.
> --
> Dott. Sergio Rabellino
>
>  Technical Staff
>  Department of Computer Science
>  University of Torino (Italy)
>  Member of the Internet Society
>
> http://www.di.unito.it/~rabser
> Tel. +39-0116706701
> Fax. +39-011751603
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majordomo@openssl.org
>
>