db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernt M. Johnsen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (DERBY-3096) SSL handshake throws "bad_certificate" when server tries to authenticate client
Date Fri, 19 Oct 2007 13:17:50 GMT

    [ https://issues.apache.org/jira/browse/DERBY-3096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12536211

Bernt M. Johnsen commented on DERBY-3096:

After wrestling a while with this problem and trying to figure out what I did wrong when I
implemented SSL for Derby I found that everything I had done was according to the JSSE spec
and the TLSv1 spec. So when I found that this feature works when the client is run with IBM
J9 VM 1.5 independent of which platform the server runs on, and fails when the client is run
with any Sun VM (tried 1.4, 1.5 and 1.6) independent of the platform the server is run on,
I suspect this to be a bug in the Sun JSSE implementation.

A workaround is to either Sun VM with IBM (or possibly other) JSSE or another VM altogether.
I have not tested this with other VM's than Sun and IBM.

I will pursue this further with a Derby-independent repro and send my findings to the proper
channels. I'll also try to figure out a workaround in the Derby code to facilitate Sun VM

> SSL handshake throws "bad_certificate" when server tries to authenticate client
> -------------------------------------------------------------------------------
>                 Key: DERBY-3096
>                 URL: https://issues.apache.org/jira/browse/DERBY-3096
>             Project: Derby
>          Issue Type: Bug
>          Components: Network Client, Network Server, Security
>    Affects Versions:
>            Reporter: Bernt M. Johnsen
>            Assignee: Bernt M. Johnsen
>         Attachments: SslTest.zip
> When the server runs with -ssl peerAuthentication and the client with -ssl basic the
SSL handshake gives the error "bad_handshake", e.g. when server shutdown is used:
> Could not connect to Derby Network Server on host localhost, port 1527: Received fatal
alert: bad_certificate

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message