You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Nancee Riehl <na...@gmail.com> on 2013/12/06 09:46:59 UTC

Different SSLHandshakeExceptions tomcat 6.0.35 and 7.0.47

Hi all,

I've implemented my own JSSE-Implemantation to do some special
Client-Certificate Validations.
When I sent a Client Certificate with length 0 I get in tomcat 6.0.35 this
Exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

This is good because I can check it in my JUnit-Test.

When I do the same test with tomcat 7.0.47 I get only this Exception:
java.net.SocketException: Software caused connection abort: recv failed

My Implemation for further Certificate Validations is not affected at this
moment.

The Handshake in my own Socket-Factory looks like this:
try {
 super.handshake(sock);
} catch (IOException e) {
 LOGGER.error(e);
throw new SSLHandshakeException("Test");
} catch (Exception e) {
 LOGGER.error(e);
throw new SSLException(e);
}

I've also created wireshark traces there I could see that with tomcat
6.0.35 I get an Alert Message with Level Fatal (2) and Description Bad
Certificate (42)

With tomcat 7.0.47 I get an Encrypted Alert without further information.

Best regards,
Nancee

Re: Different SSLHandshakeExceptions tomcat 6.0.35 and 7.0.47

Posted by Nancee Riehl <na...@gmail.com>.

Hi all,

I've no found that with tomcat 7.0.19 I get a
javax.net.ssl.SSLHandshakeException:
Received fatal alert: bad_certificate

With tomcat 7.0.20 I get the SocketException.

But I don't understand which change in 7.0.20 could cause my problem?

Best regards,
Nancee


2013/12/6 Nancee Riehl <na...@gmail.com>

> Hi all,
>
> I've implemented my own JSSE-Implemantation to do some special
> Client-Certificate Validations.
> When I sent a Client Certificate with length 0 I get in tomcat 6.0.35 this
> Exception:
> javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
>
> This is good because I can check it in my JUnit-Test.
>
> When I do the same test with tomcat 7.0.47 I get only this Exception:
> java.net.SocketException: Software caused connection abort: recv failed
>
> My Implemation for further Certificate Validations is not affected at this
> moment.
>
> The Handshake in my own Socket-Factory looks like this:
> try {
>  super.handshake(sock);
> } catch (IOException e) {
>  LOGGER.error(e);
> throw new SSLHandshakeException("Test");
> } catch (Exception e) {
>  LOGGER.error(e);
> throw new SSLException(e);
> }
>
> I've also created wireshark traces there I could see that with tomcat
> 6.0.35 I get an Alert Message with Level Fatal (2) and Description Bad
> Certificate (42)
>
> With tomcat 7.0.47 I get an Encrypted Alert without further information.
>
> Best regards,
> Nancee
>