I'm developing a website where a java applet is downloaded over an https session provided by Stunnel (stunnel 4.04 on i586-pc-linux-gnu PTHREAD with OpenSSL 0.9.6c 21 dec 2001) running on port 1080. The applet codebase in the html code is set to https://x.x.x.x:1080/xxxx.jar
To complicate this issue, Stunnel is set to verify=3 i.e. it requires a valid client certificate. It seems that the java implementation of SSL (JVM 1.4.1_03) won't respond to prompts for client certificates?? Stunnel simply times out with the following error....
2004.10.29 11:45:34 LOG7[6881:1024]: service accepted FD=10 from 192.168.1.2:19302004.10.29 11:45:34 LOG7[6881:1024]: FD 10 in non-blocking mode 2004.10.29 11:45:34 LOG7[6897:6146]: service finished (0 left) 2004.10.29 11:45:34 LOG7[6898:7171]: service started 2004.10.29 11:45:34 LOG5[6898:7171]: service connected from 192.168.1.2:1930 2004.10.29 11:45:34 LOG7[6898:7171]: SSL state (accept): before/accept initialization2004.10.29 11:45:34 LOG7[6898:7171]: waitforsocket: FD=10, DIR=read 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: ok 2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 read client hello A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 write server hello A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 write certificate A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 write certificate request A2004.10.29 11:45:39 LOG7[6898:7171]: SSL state (accept): SSLv3 flush data 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: FD=10, DIR=read 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: ok 2004.10.29 11:45:39 LOG7[6898:7171]: SSL alert (read): warning: no certificate2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: FD=10, DIR=read 2004.10.29 11:45:39 LOG7[6898:7171]: waitforsocket: ok 2004.10.29 11:45:39 LOG7[6898:7171]: SSL alert (write): fatal: handshake failure2004.10.29 11:45:39 LOG3[6898:7171]: SSL_accept: 140890C7: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate2004.10.29 11:45:39 LOG7[6898:7171]: service finished (0 left)
Does anyone know a way around this?
Thank you,
Richard Watson