"Jose Correia (J)" wrote: > > Hi all > > I was wondering if anyone has integrated client authentication through > Java but on a b2b manner (i.e. without using a browser as the client > but rather making use of the .keystore generated by the Java keytool > application). > > Since this list is not "java" related, I don't want to offend anyone > here by describing java related issues. If anyone is willing to share > their experience I would rather then start/continue the conversation > off list.
Well, this reply is half related to OpenSSL, so here goes... My group is building an application in which the server is implemented in C with OpenSSL and clients could be Java, C, or whatever. The initial client was attempted in Java (1.4) with the built-in JSSE. We were unable to get client-side authentication to work, and the proprietary certificate format used by the keytool program added an extra conversion step. Eric Rescorla suggested that I investigate the PureTLS Java SSL implementation that he did under contract with Claymore Systems. In short, it works. The PureTLS API is more sensible, from the point of view of someone familiar with OpenSSL. Both clients and servers can authenticate themselves with certificates that are stored in standard format. The only glitch was that PureTLS does not compile with the 1.4 JDK and our client uses some Swing features that are only in 1.4. It turns out that PureTLS can be built under the 1.3 JDK and the resulting class files work fine with classes compiled under 1.4. The OpenSSL stuff on the server side is modelled closely after Eric's sample code and gave no problems at all. Paul Allen -- Boeing Phantom Works \ Paul L. Allen, (425) 865-3297 Math & Computing Technology \ [EMAIL PROTECTED] POB 3707 M/S 7L-40, Seattle, WA 98124-2207 \ Prototype Systems Group ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
