You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/11/10 15:47:25 UTC

DO NOT REPLY [Bug 24563] New: - Problem with SSL authentication

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24563>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=24563

Problem with SSL authentication

           Summary: Problem with SSL authentication
           Product: Tomcat 4
           Version: 4.1.27
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Connector:Coyote HTTP/1.1
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: wtff@freenet.de


My collegue is trying to set up tomcat with client certificate authentication 
but it doesn't seem to work. He has set up a keystore that works with jetty 
and everyhing works. However, we would like to use tomcat instead. 
We are running tomcat/jetty inside a jboss 3.2.2 distribution.

Here is an excerpt of the JSSE logs. We not only tried to authenticate via a 
browser but also via a Java client, so we possess client logs as well.

It seems as if, at some point during the handshake procedure, the server is 
waiting for the client to send further data. However, the client seems to have 
sent all data and is waiting for the server to respond. That way, client and 
server remain in a wait-state until the client finally gets a timeout and 
closes the socket. 

Here are the log excerpts. Any ideas? We are pretty clueless...

CLIENT LOG
Thread-1, WRITE: TLSv1 Change Cipher Spec, length = 1
JsseJCE: Using JSSE internal implementation for cipher RC4
*** Finished
verify_data:  { 89, 42, 241, 220, 59, 116, 135, 170, 54, 230, 112, 71 }
***
Thread-1, WRITE: TLSv1 Handshake, length = 32
waiting for close_notify or alert: state 1
Exception while waiting for close java.net.SocketException: Software caused 
connection abort: recv failed
Thread-1, handling exception: java.net.SocketException: Software caused 
connection abort: recv failed
Thread-1, SEND TLSv1 ALERT:  fatal, description = unexpected_message
Thread-1, WRITE: TLSv1 Alert, length = 18
Exception sending alert: java.net.SocketException: Software caused connection 
abort: socket write error
Thread-1, called closeSocket()

==================================

Server log

2003-11-10 12:54:57,199 INFO  [STDOUT] *** ServerHelloDone
2003-11-10 12:54:57,199 INFO  [STDOUT] Thread-18, WRITE: SSLv3 Handshake, 
length = 3631
2003-11-10 12:54:57,246 INFO  [STDOUT] Thread-18, received EOFException: error
2003-11-10 12:54:57,246 INFO  [STDOUT] Thread-18, handling exception: 
javax.net.ssl.SSLHandshakeException: Remote host closed connection during 
handshake
2003-11-10 12:54:57,262 INFO  [STDOUT] Thread-18
2003-11-10 12:54:57,278 INFO  [STDOUT] , SEND SSLv3 ALERT:  
2003-11-10 12:54:57,278 INFO  [STDOUT] fatal, 
2003-11-10 12:54:57,293 INFO  [STDOUT] description = unexpected_message
2003-11-10 12:54:57,293 INFO  [STDOUT] Thread-18, WRITE: SSLv3 Alert, length = 
2
2003-11-10 12:54:57,309 INFO  [STDOUT] Thread-18, called closeSocket()
2003-11-10 12:54:57,309 INFO  [STDOUT] Thread-18, called close()
2003-11-10 12:54:57,324 INFO  [STDOUT] Thread-18, called closeInternal(true)

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org