Managed to sort this issue out by upgrading my JVM to 1.5.0 and adding the certificated in under the Java control panel. Ran into another problem afterwards with my application generating an UNKNOWN PROTOCOL error on the 3rd TCP session after successfully accepting the first two... very strange. I think I'm going to have to give up on the idea of using Java's or IE's SSL system and use Stunnel as a client too. Found a great GUI for Stunnel on Mac OS X called SSL Enabler, shame theres not one as nice for Windows!
Richard Watson
Upgrade your OpenSSL package for a start... it's up to .9.7d, tho I use .9.7a. Re-compile OpenSSL on your machine... try then.
Did you download a binary of STunnel?
-----Original Message----- From: stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net] On Behalf Of richard@oversight.co.nz Sent: Friday, 29 October 2004 11:47 a.m. To: stunnel-users@mirt.net Subject: [stunnel-users] Stunnel & Java SSL
I'm developing a website where a java applet is downloaded over an https session provided by Stunnel (stunnel 4.04 on i586-pc-linux-gnu PTHREAD with OpenSSL 0.9.6c 21 dec 2001) running on port 1080. The applet codebase in the html code is set to https://x.x.x.x:1080/xxxx.jar
To complicate this issue, Stunnel is set to verify=3 i.e. it requires a valid client certificate. It seems that the java implementation of SSL (JVM 1.4.1_03) won't respond to prompts for client certificates?? Stunnel simply times out with the following error....
2004.10.29 11:45:34 LOG7[6881:1024]: service accepted FD=10 from 192.168.1.2:19302004.10.29 11:45:34 LOG7[6881:1024]: FD 10 in non-blocking mode 2004.10.29 11:45:34 LOG7[6897:6146]: service finished (0 left) 2004.10.29 11:45:34 LOG7[6898:7171]: service started 2004.10.29 11:45:34 LOG5[6898:7171]: service connected from 192.168.1.2:1930 2004.10.29 11:45:34 LOG7[6898:7171]: SSL state (accept): before/accept initialization2004.10.29 11:45:34 LOG7[6898:7171]: waitforsocket: FD=10, DIR=read 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: ok 2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 read client hello A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 write server hello A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 write certificate A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 write certificate request A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 flush data 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: FD=10, DIR=read 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: ok 2004.10.29 11:45:39 LOG7[6898:7171]: SSL alert (read): warning: no certificate2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: FD=10, DIR=read 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: ok 2004.10.29 11:45:39 LOG7[6898:7171]: SSL alert (write): fatal: handshake failure2004.10.29 11:45:39 LOG3[6898:7171]: SSL_accept: 140890C7: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate2004.10.29 11:45:39 LOG7[6898:7171]: service finished (0 left)
Does anyone know a way around this?
Thank you,
Richard Watson
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users