hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Damian.R...@ubs.com>
Subject Unable to perform client authentication: client certificates not accessed from system certificate store by commons-httpclient
Date Thu, 11 Sep 2008 15:20:17 GMT
Setup:

commons-httpclient-3.1
java 1.6.0_04
java WebStart 6
client OS: windows XP professional
browser/certificate store: IE/Windows XP

I am trying to use commons-httpclient-3.1 from a WebStart-deployed
application to communicate through a web proxy over SSL with an HTTPS
URL that requires client authentication with a certificate retrieved
from the system certificate store, not a standalone one in the local
file system (e.g. a PKCS#12 file).

I can get this to work using a straight HttpsURLConnection, which
successfully accesses the client certificate from IE's personal
certificate store. The handshake succeeds, the connection is made and
the request is served. Below is the successful code using
HttpsUrlConnection:

        private static String getURLConnectionCertTestResult() throws
URISyntaxException, IOException {
            final String urlString =
"https://an.internet.url.requiring.mandatory.client.authentication";
            final URI uri = new URI(urlString);
            final ProxySelector ps = ProxySelector.getDefault();
            final List<Proxy> pss = ps.select(uri);
            Proxy proxy = null;
            final Iterator<Proxy> pssi = pss.iterator();
            while (null == proxy && pssi.hasNext()) {
                final Proxy np = pssi.next();
                if (Type.HTTP == np.type()) {
                    proxy = np;
                }
            }

            final URL url = new URL(urlString);
            final HttpsURLConnection conn;
            if (null != proxy) {
                conn = (HttpsURLConnection) url.openConnection(proxy);
            } else {
                conn = (HttpsURLConnection) url.openConnection();
            }
            final BufferedReader in = new BufferedReader(new
InputStreamReader(conn.getInputStream()));
            String line;
            final StringBuilder sb = new StringBuilder();
            while (null != (line = in.readLine())) {
                sb.append(line).append("\n");
            }

            return sb.toString();
        }

However, I am unable to establish a connection to the same URL via
httpsclient, instead I receive a fatal handshake error:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure
	at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:
1657)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java
:932)
	at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.
java:746)
	at
com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
	at
java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
	at
java.io.BufferedInputStream.read(BufferedInputStream.java:237)
	at
org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
	at
org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
	at
org.apache.commons.httpclient.HttpConnection.readLine(HttpConnection.jav
a:1116)
	at
org.apache.commons.httpclient.HttpMethodBase.readStatusLine(HttpMethodBa
se.java:1973)
	at
org.apache.commons.httpclient.HttpMethodBase.readResponse(HttpMethodBase
.java:1735)
	at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java
:1098)
	at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMe
thodDirector.java:398)
	at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMetho
dDirector.java:171)
	at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:3
97)
	at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:3
23)
	at ...

Sample code:

        private static String getHTTPClientCertTestResult() throws
URISyntaxException, IOException {
            final String urlString =
"https://an.internet.url.requiring.mandatory.client.authentication";
            final URI uri = new URI(urlString);
            final ProxySelector ps = ProxySelector.getDefault();
            final List<Proxy> pss = ps.select(uri);
            Proxy proxy = null;
            final Iterator<Proxy> pssi = pss.iterator();
            while (null == proxy && pssi.hasNext()) {
                final Proxy np = pssi.next();
                if (Type.HTTP == np.type()) {
                    proxy = np;
                }
            }
            final HttpClient client = new HttpClient();
 
client.getHttpConnectionManager().getParams().setConnectionTimeout(10000
);
            if (null != proxy) {
                final SocketAddress sa = proxy.address();
                if (sa instanceof InetSocketAddress) {
                    final InetSocketAddress isa = (InetSocketAddress)
sa;
 
client.getHostConfiguration().setProxy(isa.getHostName(),
isa.getPort());
                }
            }

            final HttpMethod get = new GetMethod(urlString);
            get.setFollowRedirects(true);
            client.executeMethod(get);
            final BufferedReader br = new BufferedReader(new
InputStreamReader(get.getResponseBodyAsStream()));
            final StringBuilder sb = new StringBuilder();
            String nextLine;
            while (null != (nextLine = br.readLine())) {
                sb.append(nextLine).append('\n');
            }
            return sb.toString();
        }

Looking at the SSL and handshake debugging output, it is clear that
httpclient is not accessing the client certificate out of the system
certificate store, and this is why the handshake fails: 

###################### START TRACE ######################

11 09 08 15:56:18.948 [                main] INFO  [
HttpMethodBase]  Response content length is not known
keyStore is : 
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: C:\dev\java\jdk1.6.0_04\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP
Network, O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust External CA Root, OU=AddTrust External TTP
Network, O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 11:48:38 BST 2000 until Sat May 30 11:48:38 BST
2020

adding as trusted cert:
  Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Issuer:  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
  Algorithm: RSA; Serial number: 0x20000000000d678b79405
  Valid from Tue Sep 01 13:00:00 BST 1998 until Tue Jan 28 12:00:00 GMT
2014

adding as trusted cert:
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Issuer:  OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Algorithm: RSA; Serial number: 0x35def4cf
  Valid from Sat Aug 22 17:41:51 BST 1998 until Wed Aug 22 17:41:51 BST
2018

adding as trusted cert:
  Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
ST=Greater Manchester, C=GB
  Issuer:  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
ST=Greater Manchester, C=GB
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Jan 01 00:00:00 GMT 2004 until Sun Dec 31 23:59:59 GMT
2028

adding as trusted cert:
  Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer:  CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0x4
  Valid from Mon Jun 21 05:00:00 BST 1999 until Sun Jun 21 05:00:00 BST
2020

adding as trusted cert:
  Subject: CN=VeriSign Class 2 Public Primary Certification Authority -
G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign
Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 2 Public Primary Certification Authority -
G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign
Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
  Valid from Fri Oct 01 01:00:00 BST 1999 until Thu Jul 17 00:59:59 BST
2036

adding as trusted cert:
  Subject: OU=Starfield Class 2 Certification Authority, O="Starfield
Technologies, Inc.", C=US
  Issuer:  OU=Starfield Class 2 Certification Authority, O="Starfield
Technologies, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Jun 29 18:39:16 BST 2004 until Thu Jun 29 18:39:16 BST
2034

adding as trusted cert:
  Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal
Freemail CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x0
  Valid from Mon Jan 01 00:00:00 GMT 1996 until Thu Dec 31 23:59:59 GMT
2020

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 1 Public Primary Certification Authority
- G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 1 Public Primary Certification Authority
- G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
  Valid from Mon May 18 01:00:00 BST 1998 until Wed Aug 02 00:59:59 BST
2028

adding as trusted cert:
  Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town,
ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Aug 01 01:00:00 BST 1996 until Thu Dec 31 23:59:59 GMT
2020

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 3 Public Primary Certification Authority
- G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 3 Public Primary Certification Authority
- G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
  Valid from Mon May 18 01:00:00 BST 1998 until Wed Aug 02 00:59:59 BST
2028

adding as trusted cert:
  Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network,
O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network,
O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 11:44:50 BST 2000 until Sat May 30 11:44:50 BST
2020

adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure
Inc., C=US
  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure
Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Mon Jun 21 05:00:00 BST 1999 until Sun Jun 21 05:00:00 BST
2020

adding as trusted cert:
  Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
  Issuer:  OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
  Algorithm: RSA; Serial number: 0x3770cfb5
  Valid from Wed Jun 23 13:14:45 BST 1999 until Sun Jun 23 13:14:45 BST
2019

adding as trusted cert:
  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
  Algorithm: RSA; Serial number: 0x400000000010f8626e60d
  Valid from Fri Dec 15 08:00:00 GMT 2006 until Wed Dec 15 08:00:00 GMT
2021

adding as trusted cert:
  Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
  Issuer:  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1a5
  Valid from Thu Aug 13 01:29:00 BST 1998 until Tue Aug 14 00:59:00 BST
2018

adding as trusted cert:
  Subject: OU=Secure Server Certification Authority, O="RSA Data
Security, Inc.", C=US
  Issuer:  OU=Secure Server Certification Authority, O="RSA Data
Security, Inc.", C=US
  Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
  Valid from Wed Nov 09 00:00:00 GMT 1994 until Thu Jan 07 23:59:59 GMT
2010

adding as trusted cert:
  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref.
(limits liab.), O=Entrust.net
  Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c)
2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref.
(limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x389b113c
  Valid from Fri Feb 04 17:20:00 GMT 2000 until Tue Feb 04 17:50:00 GMT
2020

adding as trusted cert:
  Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal
Premium CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x0
  Valid from Mon Jan 01 00:00:00 GMT 1996 until Thu Dec 31 23:59:59 GMT
2020

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
C=IE
  Issuer:  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore,
C=IE
  Algorithm: RSA; Serial number: 0x20000b9
  Valid from Fri May 12 19:46:00 BST 2000 until Tue May 13 00:59:00 BST
2025

adding as trusted cert:
  Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal
Basic CA, OU=Certification Services Division, O=Thawte Consulting,
L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x0
  Valid from Mon Jan 01 00:00:00 GMT 1996 until Thu Dec 31 23:59:59 GMT
2020

adding as trusted cert:
  Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000
Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits
liab.), O=Entrust.net
  Issuer:  CN=Entrust.net Client Certification Authority, OU=(c) 2000
Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits
liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x389ef6e4
  Valid from Mon Feb 07 16:16:40 GMT 2000 until Fri Feb 07 16:46:40 GMT
2020

adding as trusted cert:
  Subject: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
  Valid from Mon Jan 29 00:00:00 GMT 1996 until Wed Aug 02 00:59:59 BST
2028

adding as trusted cert:
  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x23456
  Valid from Tue May 21 05:00:00 BST 2002 until Sat May 21 05:00:00 BST
2022

adding as trusted cert:
  Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
  Issuer:  CN=Sonera Class1 CA, O=Sonera, C=FI
  Algorithm: RSA; Serial number: 0x24
  Valid from Fri Apr 06 11:49:13 BST 2001 until Tue Apr 06 11:49:13 BST
2021

adding as trusted cert:
  Subject: OU=Class 1 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 1 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
  Valid from Mon Jan 29 00:00:00 GMT 1996 until Wed Aug 02 00:59:59 BST
2028

adding as trusted cert:
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US
  Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy
Group, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Jun 29 18:06:20 BST 2004 until Thu Jun 29 18:06:20 BST
2034

adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE
  Issuer:  CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust,
O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000bf
  Valid from Wed May 17 15:01:00 BST 2000 until Sun May 18 00:59:00 BST
2025

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Client Authentication and Email,
OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City,
ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Client Authentication and Email,
OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City,
ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
  Valid from Fri Jul 09 18:28:50 BST 1999 until Tue Jul 09 18:36:58 BST
2019

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
  Valid from Fri Jul 09 19:10:42 BST 1999 until Tue Jul 09 19:19:22 BST
2019

adding as trusted cert:
  Subject: CN=VeriSign Class 1 Public Primary Certification Authority -
G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign
Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 1 Public Primary Certification Authority -
G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign
Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
  Valid from Fri Oct 01 01:00:00 BST 1999 until Thu Jul 17 00:59:59 BST
2036

adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 2 Public Primary Certification Authority
- G2, O="VeriSign, Inc.", C=US
  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For
authorized use only", OU=Class 2 Public Primary Certification Authority
- G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
  Valid from Mon May 18 01:00:00 BST 1998 until Wed Aug 02 00:59:59 BST
2028

adding as trusted cert:
  Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.), O=Entrust.net
  Issuer:  CN=Entrust.net Certification Authority (2048), OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x3863b966
  Valid from Fri Dec 24 17:50:51 GMT 1999 until Tue Dec 24 18:20:51 GMT
2019

adding as trusted cert:
  Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
  Issuer:  CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions,
Inc.", O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1b6
  Valid from Fri Aug 14 15:50:00 BST 1998 until Thu Aug 15 00:59:00 BST
2013

adding as trusted cert:
  Subject: OU=Class 2 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  Issuer:  OU=Class 2 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
  Valid from Mon Jan 29 00:00:00 GMT 1996 until Wed Aug 02 00:59:59 BST
2028

adding as trusted cert:
  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c)
1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
liab.), O=Entrust.net, C=US
  Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c)
1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits
liab.), O=Entrust.net, C=US
  Algorithm: RSA; Serial number: 0x374ad243
  Valid from Tue May 25 17:09:40 BST 1999 until Sat May 25 17:39:40 BST
2019

adding as trusted cert:
  Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
  Valid from Fri Jul 09 19:31:20 BST 1999 until Tue Jul 09 19:40:36 BST
2019

adding as trusted cert:
  Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium
Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
L=Cape Town, ST=Western Cape, C=ZA
  Issuer:  EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium
Server CA, OU=Certification Services Division, O=Thawte Consulting cc,
L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x1
  Valid from Thu Aug 01 01:00:00 BST 1996 until Thu Dec 31 23:59:59 GMT
2020

adding as trusted cert:
  Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by
ref. limits liab., O=Entrust.net, C=US
  Issuer:  CN=Entrust.net Client Certification Authority, OU=(c) 1999
Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by
ref. limits liab., O=Entrust.net, C=US
  Algorithm: RSA; Serial number: 0x380391ee
  Valid from Tue Oct 12 20:24:30 BST 1999 until Sat Oct 12 20:54:30 BST
2019

adding as trusted cert:
  Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Issuer:  CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The
USERTRUST Network, L=Salt Lake City, ST=UT, C=US
  Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
  Valid from Thu Jun 24 19:57:21 BST 1999 until Mon Jun 24 20:06:30 BST
2019

adding as trusted cert:
  Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
  Issuer:  CN=Sonera Class2 CA, O=Sonera, C=FI
  Algorithm: RSA; Serial number: 0x1d
  Valid from Fri Apr 06 08:29:40 BST 2001 until Tue Apr 06 08:29:40 BST
2021

adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority -
G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign
Trust Network, O="VeriSign, Inc.", C=US
  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority -
G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign
Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Fri Oct 01 01:00:00 BST 1999 until Thu Jul 17 00:59:59 BST
2036

adding as trusted cert:
  Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
  Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/,
OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.",
L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Sat Jun 26 01:19:54 BST 1999 until Wed Jun 26 01:19:54 BST
2019

adding as trusted cert:
  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network,
O=AddTrust AB, C=SE
  Issuer:  CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network,
O=AddTrust AB, C=SE
  Algorithm: RSA; Serial number: 0x1
  Valid from Tue May 30 11:38:31 BST 2000 until Sat May 30 11:38:31 BST
2020

trigger seeding of SecureRandom
done seeding SecureRandom
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1204367507 bytes = { 194, 47, 62, 174, 192, 133,
181, 38, 6, 13, 97, 91, 94, 12, 32, 163, 122, 70, 23, 15, 247, 197, 150,
67, 69, 11, 193, 144 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie:  GMT: 1204367507 bytes = { 200, 223, 34, 134, 222, 202,
93, 90, 104, 108, 231, 129, 10, 213, 231, 53, 253, 206, 252, 245, 3, 41,
24, 154, 83, 69, 222, 86 }
Session ID:  {10, 144, 125, 86, 111, 163, 177, 197, 68, 77, 58, 188,
254, 109, 141, 240, 200, 154, 242, 190, 174, 12, 73, 37, 112, 140, 59,
202, 160, 10, 166, 176}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
main, READ: TLSv1 Handshake, length = 1994
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=clientlogin.ibb.ubstest.com, OU=UBSIB, O=UBS AG, L=London,
ST=London, C=GB
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
129447541890145071991101022832002158109224708439675452036468410592539104
637620478652526718037227906229222675361363850333837737575329466356863962
392654796921872195279584926011841169198219527620607459149008274790934011
223281850698270175234503465747086981862399311660626647499698802797322295
858505156739339909657
  public exponent: 65537
  Validity: [From: Tue Apr 01 01:00:00 BST 2008,
               To: Thu Apr 02 00:59:59 BST 2009]
  Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97
VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign,
Inc.", O=VeriSign Trust Network
  SerialNumber: [    7f3da1e2 8d621fba 18475783 c7a092d8]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 62 30 60 A1 5E A0 5C   30 5A 30 58 30 56 16 09
.b0`.^.\0Z0X0V..
0010: 69 6D 61 67 65 2F 67 69   66 30 21 30 1F 30 07 06
image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14   4B 6B B9 28 96 06 0C BB
.+......Kk.(....
0030: D0 52 38 9B 29 AC 4B 07   8B 21 05 18 30 26 16 24
.R8.).K..!..0&.$
0040: 68 74 74 70 3A 2F 2F 6C   6F 67 6F 2E 76 65 72 69
http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D   2F 76 73 6C 6F 67 6F 31
sign.com/vslogo1
0060: 2E 67 69 66                                        .gif


[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.verisign.com/Class3InternationalServer.crl]
]]

[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  2.16.840.1.113730.4.1
  serverAuth
  clientAuth
]

[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 76 65
..https://www.ve
0010: 72 69 73 69 67 6E 2E 63   6F 6D 2F 72 70 61        risign.com/rpa

]]  ]
]

[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.verisign.com]
]

[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 7B D1 C1 72 D7 F0 EF 59   61 22 DC E2 7E 8F D0 20  ...r...Ya".....

0010: F8 67 9A F9 C5 D4 91 87   EB 7F BE 2E C4 21 BF 9B
.g...........!..
0020: 55 98 A6 3A 4A 3B 46 6D   86 28 73 2C 11 46 23 C3
U..:J;Fm.(s,.F#.
0030: 47 30 E7 59 C6 4B E6 31   F3 47 A5 C0 B3 38 DF 71
G0.Y.K.1.G...8.q
0040: 8B F8 14 51 3D 2D 49 52   AC 01 88 A5 DA 2B EA 67
...Q=-IR.....+.g
0050: 82 60 F0 E3 B6 45 1C 31   15 FD 2B 78 E8 26 E9 0E
.`...E.1..+x.&..
0060: 4C 91 46 25 C9 CA FE 17   0B 49 0A 7D 41 0A 01 C4
L.F%.....I..A...
0070: 98 C1 1F B7 10 F5 ED BB   2F C9 DC 60 7B 9F 79 64
......../..`..yd

]
chain [1] = [
[
  Version: V3
  Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97
VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign,
Inc.", O=VeriSign Trust Network
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
152038337595048255423847391294280316829513160608880590645748454678611296
410614722508245144022405726502805452059694145417254341557335953427821740
975082044924575579268245924346494324451976855998250066581618028401376050
836623416546828558818294849045727347102003201845243865318616842453964918
804144784127904873327
  public exponent: 65537
  Validity: [From: Thu Apr 17 01:00:00 BST 1997,
               To: Tue Oct 25 00:59:59 BST 2011]
  Issuer: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  SerialNumber: [    254b8a85 3842cce3 58f8c5dd ae226ea4]

Certificate Extensions: 6
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL CA
   S/MIME CA
]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.verisign.com/pca3.crl]
]]

[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
  2.16.840.1.113730.4.1
  2.16.840.1.113733.1.8.1
]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 76 65
..https://www.ve
0010: 72 69 73 69 67 6E 2E 63   6F 6D 2F 43 50 53        risign.com/CPS

]]  ]
]

[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:0
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 08 01 EC E4 68 94 03 42   F1 73 F1 23 A2 3A DE E9
....h..B.s.#.:..
0010: F1 DA C6 54 C4 23 3E 86   EA CF 6A 3A 33 AB EA 9C
...T.#>...j:3...
0020: 04 14 07 36 06 0B F9 88   6F D5 13 EE 29 2B C3 E4
...6....o...)+..
0030: 72 8D 44 ED D1 AC 20 09   2D E1 F6 E1 19 05 38 B0  r.D...
.-.....8.
0040: 3D 0F 9F 7F F8 9E 02 DC   86 02 86 61 4E 26 5F 5E
=..........aN&_^
0050: 9F 92 1E 0C 24 A4 F5 D0   70 13 CF 26 C3 43 3D 49
....$...p..&.C=I
0060: 1D 9E 82 2E 52 5F BC 3E   C6 66 29 01 8E 4E 92 2C
....R_.>.f)..N.,
0070: BC 46 75 03 82 AC 73 E9   D9 7E 0B 67 EF 54 52 1A
.Fu...s....g.TR.

]
***
Found trusted certificate:
[
[
  Version: V1
  Subject: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

  Key:  Sun RSA public key, 1024 bits
  modulus:
141400322044550516865173371773024584879899609644618927642375342633349057
300960400037232334924701046781298765077061770383151646234219179990772047
200045837817821582483532549791304588064624083040538534190301571832597441
704620988055765289140138246856927863523873759538652326729606982847841094
220861282830980236711
  public exponent: 65537
  Validity: [From: Mon Jan 29 00:00:00 GMT 1996,
               To: Wed Aug 02 00:59:59 BST 2028]
  Issuer: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  SerialNumber: [    70bae41d 10d92934 b638ca7b 03ccbabf]

]
  Algorithm: [MD2withRSA]
  Signature:
0000: BB 4C 12 2B CF 2C 26 00   4F 14 13 DD A6 FB FC 0A
.L.+.,&.O.......
0010: 11 84 8C F3 28 1C 67 92   2F 7C B6 C5 FA DF F0 E8
....(.g./.......
0020: 95 BC 1D 8F 6C 2C A8 51   CC 73 D8 A4 C0 53 F0 4E
....l,.Q.s...S.N
0030: D6 26 C0 76 01 57 81 92   5E 21 F1 D1 B1 FF E7 D0
.&.v.W..^!......
0040: 21 58 CD 69 17 E3 44 1C   9C 19 44 39 89 5C DC 9C
!X.i..D...D9.\..
0050: 00 0F 56 8D 02 99 ED A2   90 45 4C E4 BB 10 A4 3D
..V......EL....=
0060: F0 32 03 0E F1 CE F8 E8   C9 51 8C E6 62 9F E6 9F
.2.......Q..b...
0070: C0 7D B7 72 9C C9 36 3A   6B 9F 4E A8 FF 64 0D 64
...r..6:k.N..d.d

]
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 06 F5 AC 8B 2E 92   8C 47 7D B4 62 85 82 5A
.........G..b..Z
0010: F1 D2 66 9F 25 99 17 F2   81 43 B7 91 05 3D 31 91
..f.%....C...=1.
0020: 95 07 10 61 1B 5C 9F 26   E0 58 E2 E4 6B D3 15 9F
...a.\.&.X..k...
CONNECTION KEYGEN:
Client Nonce:
0000: 48 C9 31 93 C2 2F 3E AE   C0 85 B5 26 06 0D 61 5B
H.1../>....&..a[
0010: 5E 0C 20 A3 7A 46 17 0F   F7 C5 96 43 45 0B C1 90  ^.
.zF.....CE...
Server Nonce:
0000: 48 C9 31 93 C8 DF 22 86   DE CA 5D 5A 68 6C E7 81
H.1..."...]Zhl..
0010: 0A D5 E7 35 FD CE FC F5   03 29 18 9A 53 45 DE 56
...5.....)..SE.V
Master Secret:
0000: 33 3D 5B 57 E2 45 F2 C0   02 A2 4A A2 D3 3B C3 1C
3=[W.E....J..;..
0010: 1B C3 CD 95 D6 F1 F7 71   32 A8 57 67 B2 86 61 99
.......q2.Wg..a.
0020: B2 3E 0A F9 CF EF 9F 6C   FB 8C 7A CE 69 67 17 67
.>.....l..z.ig.g
Client MAC write Secret:
0000: AB 1A 43 F5 6F 62 63 55   20 28 25 FD B8 2A 78 D3  ..C.obcU
(%..*x.
Server MAC write Secret:
0000: 51 3B 92 00 8D 29 73 96   7C D3 32 75 FD 4D C6 D9
Q;...)s...2u.M..
Client write key:
0000: 2F 89 D3 DF CE A4 16 74   88 EE AA E7 E1 2E C6 8A
/......t........
Server write key:
0000: CE 27 E7 9F B9 8E EE 7E   02 4F 92 44 26 26 AC E8
.'.......O.D&&..
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 83, 24, 211, 131, 24, 49, 1, 20, 66, 105, 111, 52 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data:  { 23, 242, 151, 202, 207, 47, 19, 137, 71, 238, 3, 53 }
***
%% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, WRITE: TLSv1 Application Data, length = 208
main, READ: TLSv1 Handshake, length = 20
*** HelloRequest (empty)
%% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
%% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 2187
*** ClientHello, TLSv1
RandomCookie:  GMT: 1204367508 bytes = { 123, 215, 110, 26, 233, 90,
151, 142, 150, 46, 45, 150, 251, 142, 55, 149, 141, 75, 92, 219, 135,
130, 192, 253, 12, 23, 245, 215 }
Session ID:  {10, 144, 125, 86, 111, 163, 177, 197, 68, 77, 58, 188,
254, 109, 141, 240, 200, 154, 242, 190, 174, 12, 73, 37, 112, 140, 59,
202, 160, 10, 166, 176}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 121
main, READ: TLSv1 Handshake, length = 90
*** ServerHello, TLSv1
RandomCookie:  GMT: 1204367508 bytes = { 242, 228, 202, 127, 93, 171,
183, 117, 77, 96, 121, 125, 21, 15, 182, 103, 171, 5, 55, 6, 219, 130,
36, 64, 126, 189, 104, 228 }
Session ID:  {20, 85, 43, 79, 160, 43, 14, 213, 190, 145, 167, 197, 159,
117, 40, 204, 145, 250, 143, 55, 75, 251, 121, 120, 111, 163, 74, 108,
109, 192, 48, 182}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created:  [Session-2, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
main, READ: TLSv1 Handshake, length = 2010
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=clientlogin.ibb.ubstest.com, OU=UBSIB, O=UBS AG, L=London,
ST=London, C=GB
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
129447541890145071991101022832002158109224708439675452036468410592539104
637620478652526718037227906229222675361363850333837737575329466356863962
392654796921872195279584926011841169198219527620607459149008274790934011
223281850698270175234503465747086981862399311660626647499698802797322295
858505156739339909657
  public exponent: 65537
  Validity: [From: Tue Apr 01 01:00:00 BST 2008,
               To: Thu Apr 02 00:59:59 BST 2009]
  Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97
VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign,
Inc.", O=VeriSign Trust Network
  SerialNumber: [    7f3da1e2 8d621fba 18475783 c7a092d8]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 62 30 60 A1 5E A0 5C   30 5A 30 58 30 56 16 09
.b0`.^.\0Z0X0V..
0010: 69 6D 61 67 65 2F 67 69   66 30 21 30 1F 30 07 06
image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14   4B 6B B9 28 96 06 0C BB
.+......Kk.(....
0030: D0 52 38 9B 29 AC 4B 07   8B 21 05 18 30 26 16 24
.R8.).K..!..0&.$
0040: 68 74 74 70 3A 2F 2F 6C   6F 67 6F 2E 76 65 72 69
http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D   2F 76 73 6C 6F 67 6F 31
sign.com/vslogo1
0060: 2E 67 69 66                                        .gif


[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.verisign.com/Class3InternationalServer.crl]
]]

[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  2.16.840.1.113730.4.1
  serverAuth
  clientAuth
]

[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 76 65
..https://www.ve
0010: 72 69 73 69 67 6E 2E 63   6F 6D 2F 72 70 61        risign.com/rpa

]]  ]
]

[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.verisign.com]
]

[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 7B D1 C1 72 D7 F0 EF 59   61 22 DC E2 7E 8F D0 20  ...r...Ya".....

0010: F8 67 9A F9 C5 D4 91 87   EB 7F BE 2E C4 21 BF 9B
.g...........!..
0020: 55 98 A6 3A 4A 3B 46 6D   86 28 73 2C 11 46 23 C3
U..:J;Fm.(s,.F#.
0030: 47 30 E7 59 C6 4B E6 31   F3 47 A5 C0 B3 38 DF 71
G0.Y.K.1.G...8.q
0040: 8B F8 14 51 3D 2D 49 52   AC 01 88 A5 DA 2B EA 67
...Q=-IR.....+.g
0050: 82 60 F0 E3 B6 45 1C 31   15 FD 2B 78 E8 26 E9 0E
.`...E.1..+x.&..
0060: 4C 91 46 25 C9 CA FE 17   0B 49 0A 7D 41 0A 01 C4
L.F%.....I..A...
0070: 98 C1 1F B7 10 F5 ED BB   2F C9 DC 60 7B 9F 79 64
......../..`..yd

]
chain [1] = [
[
  Version: V3
  Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97
VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign,
Inc.", O=VeriSign Trust Network
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
152038337595048255423847391294280316829513160608880590645748454678611296
410614722508245144022405726502805452059694145417254341557335953427821740
975082044924575579268245924346494324451976855998250066581618028401376050
836623416546828558818294849045727347102003201845243865318616842453964918
804144784127904873327
  public exponent: 65537
  Validity: [From: Thu Apr 17 01:00:00 BST 1997,
               To: Tue Oct 25 00:59:59 BST 2011]
  Issuer: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  SerialNumber: [    254b8a85 3842cce3 58f8c5dd ae226ea4]

Certificate Extensions: 6
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL CA
   S/MIME CA
]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.verisign.com/pca3.crl]
]]

[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
  2.16.840.1.113730.4.1
  2.16.840.1.113733.1.8.1
]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 76 65
..https://www.ve
0010: 72 69 73 69 67 6E 2E 63   6F 6D 2F 43 50 53        risign.com/CPS

]]  ]
]

[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:0
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 08 01 EC E4 68 94 03 42   F1 73 F1 23 A2 3A DE E9
....h..B.s.#.:..
0010: F1 DA C6 54 C4 23 3E 86   EA CF 6A 3A 33 AB EA 9C
...T.#>...j:3...
0020: 04 14 07 36 06 0B F9 88   6F D5 13 EE 29 2B C3 E4
...6....o...)+..
0030: 72 8D 44 ED D1 AC 20 09   2D E1 F6 E1 19 05 38 B0  r.D...
.-.....8.
0040: 3D 0F 9F 7F F8 9E 02 DC   86 02 86 61 4E 26 5F 5E
=..........aN&_^
0050: 9F 92 1E 0C 24 A4 F5 D0   70 13 CF 26 C3 43 3D 49
....$...p..&.C=I
0060: 1D 9E 82 2E 52 5F BC 3E   C6 66 29 01 8E 4E 92 2C
....R_.>.f)..N.,
0070: BC 46 75 03 82 AC 73 E9   D9 7E 0B 67 EF 54 52 1A
.Fu...s....g.TR.

]
***
Found trusted certificate:
[
[
  Version: V1
  Subject: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

  Key:  Sun RSA public key, 1024 bits
  modulus:
141400322044550516865173371773024584879899609644618927642375342633349057
300960400037232334924701046781298765077061770383151646234219179990772047
200045837817821582483532549791304588064624083040538534190301571832597441
704620988055765289140138246856927863523873759538652326729606982847841094
220861282830980236711
  public exponent: 65537
  Validity: [From: Mon Jan 29 00:00:00 GMT 1996,
               To: Wed Aug 02 00:59:59 BST 2028]
  Issuer: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  SerialNumber: [    70bae41d 10d92934 b638ca7b 03ccbabf]

]
  Algorithm: [MD2withRSA]
  Signature:
0000: BB 4C 12 2B CF 2C 26 00   4F 14 13 DD A6 FB FC 0A
.L.+.,&.O.......
0010: 11 84 8C F3 28 1C 67 92   2F 7C B6 C5 FA DF F0 E8
....(.g./.......
0020: 95 BC 1D 8F 6C 2C A8 51   CC 73 D8 A4 C0 53 F0 4E
....l,.Q.s...S.N
0030: D6 26 C0 76 01 57 81 92   5E 21 F1 D1 B1 FF E7 D0
.&.v.W..^!......
0040: 21 58 CD 69 17 E3 44 1C   9C 19 44 39 89 5C DC 9C
!X.i..D...D9.\..
0050: 00 0F 56 8D 02 99 ED A2   90 45 4C E4 BB 10 A4 3D
..V......EL....=
0060: F0 32 03 0E F1 CE F8 E8   C9 51 8C E6 62 9F E6 9F
.2.......Q..b...
0070: C0 7D B7 72 9C C9 36 3A   6B 9F 4E A8 FF 64 0D 64
...r..6:k.N..d.d

]
main, READ: TLSv1 Handshake, length = 446
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=UBS Investment Bank External Client CA MANUAT, OU=CH 998, O=UBS,
C=CH>
<CN=clientlogin.ibb.ubstest.com, OU=UBSIB, O=UBS AG, L=London,
ST=London, C=GB>
<OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,
OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.",
O=VeriSign Trust Network>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 157
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 CC E9 A5 19 46 57   62 86 75 0C CF A8 41 08
......FWb.u...A.
0010: 9E D3 62 58 9F 3C 9F 88   E5 47 83 BD CB 43 AD 98
..bX.<...G...C..
0020: C2 10 4B 57 DE 62 04 62   99 ED 60 6D 09 4D 92 EA
..KW.b.b..`m.M..
CONNECTION KEYGEN:
Client Nonce:
0000: 48 C9 31 94 7B D7 6E 1A   E9 5A 97 8E 96 2E 2D 96
H.1...n..Z....-.
0010: FB 8E 37 95 8D 4B 5C DB   87 82 C0 FD 0C 17 F5 D7
..7..K\.........
Server Nonce:
0000: 48 C9 31 94 F2 E4 CA 7F   5D AB B7 75 4D 60 79 7D
H.1.....]..uM`y.
0010: 15 0F B6 67 AB 05 37 06   DB 82 24 40 7E BD 68 E4
...g..7...$@..h.
Master Secret:
0000: 0A BD AB 76 A0 E1 DD ED   70 94 A9 B1 9D C1 1A F9
...v....p.......
0010: 52 E0 28 5E 8C B5 A2 D8   1D 03 D6 0A 63 E2 8C 49
R.(^........c..I
0020: A4 DB E6 E7 36 EF E3 24   CB EC 9E 40 DB DB 7C 83
....6..$...@....
Client MAC write Secret:
0000: E4 FF 6E 9D 9A 92 7E 34   D3 78 40 55 F4 04 1D A8
..n....4.x@U....
Server MAC write Secret:
0000: 1F 6C 16 BA BD 59 94 AC   0B 02 D5 23 E2 C8 F2 73
.l...Y.....#...s
Client write key:
0000: 9E 4A 2F 22 0F C0 EF AC   4E C0 92 CF 12 71 0E E5
.J/"....N....q..
Server write key:
0000: 16 09 B8 79 D5 58 D7 97   5D 1A FD 65 A5 84 9B A4
...y.X..]..e....
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 17
*** Finished
verify_data:  { 44, 49, 175, 236, 21, 127, 88, 19, 136, 220, 0, 77 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Alert, length = 18
main, RECV TLSv1 ALERT:  fatal, handshake_failure
%% Invalidated:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)

###################### END TRACE ######################

I say "it's clear" because when I compare this debug output with that
from using an HttpsURLConnection, I see the client certificate being
accessed:

###################### START TRACE ######################

...
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=UBS Investment Bank External Client CA MANUAT, OU=CH 998, O=UBS,
C=CH>
<CN=clientlogin.ibb.ubstest.com, OU=UBSIB, O=UBS AG, L=London,
ST=London, C=GB>
<OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,
OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.",
O=VeriSign Trust Network>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 157
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 88 18 17 93 3F 09   00 99 12 6B 79 37 7C 39
......?....ky7.9
0010: 21 10 EE 34 CB 14 71 FE   2F 98 4A 66 4C 34 8F AC
!..4..q./.JfL4..
0020: B4 2D 6C D6 47 48 8A 55   7C ED B5 D3 9B A1 77 D1
.-l.GH.U......w.
CONNECTION KEYGEN:
Client Nonce:
0000: 48 C9 34 56 9C 76 CB C4   4F 58 56 35 14 10 CF 06
H.4V.v..OXV5....
0010: D5 BE E0 9B 09 1B 13 CE   CC 96 98 ED 58 1F 5C 7A
............X.\z
Server Nonce:
0000: 48 C9 34 56 6C 2D 83 73   30 5F 5E F3 CB A6 29 84
H.4Vl-.s0_^...).
0010: 05 45 2C C0 AB D7 2C 71   B8 14 92 7F C8 0E A1 66
.E,...,q.......f
Master Secret:
0000: 70 23 D6 89 E5 0A 92 52   CD CB 31 A4 4D 53 8E 13
p#.....R..1.MS..
0010: E6 9A 16 5A A6 2A D3 9E   E3 72 15 4B E1 0B EE 05
...Z.*...r.K....
0020: 43 52 0E 88 B8 E7 74 40   7F EF FF 8D C9 46 6F 17
CR....t@.....Fo.
Client MAC write Secret:
0000: 35 01 8A A4 E9 9D 40 7F   ED CD 6E EA 5A BB 25 BF
5.....@...n.Z.%.
Server MAC write Secret:
0000: CF 03 27 B0 D2 5B AD 57   A5 E6 B3 25 C5 76 48 A1
..'..[.W...%.vH.
Client write key:
0000: 79 D7 43 BB 1F C6 F3 EB   82 9D DA E6 68 01 82 71
y.C.........h..q
Server write key:
0000: F3 B0 25 86 43 1D 66 A5   24 7F F4 B1 B7 9B F2 15
..%.C.f.$.......
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 17
*** Finished
verify_data:  { 203, 74, 205, 61, 80, 111, 247, 82, 197, 135, 13, 247 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Alert, length = 18
main, RECV TLSv1 ALERT:  fatal, handshake_failure
%% Invalidated:  [Session-1, SSL_RSA_WITH_RC4_128_MD5]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure
main, called close()
main, called closeInternal(true)
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1204368470 bytes = { 242, 162, 42, 240, 240, 151,
191, 232, 130, 131, 103, 126, 152, 230, 13, 133, 239, 38, 138, 147, 248,
230, 54, 47, 194, 221, 64, 161 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie:  GMT: 1204368470 bytes = { 88, 97, 73, 197, 26, 138, 164,
214, 82, 34, 8, 2, 71, 208, 153, 137, 119, 3, 76, 93, 215, 245, 176, 26,
7, 21, 127, 225 }
Session ID:  {229, 91, 138, 60, 67, 6, 25, 127, 52, 21, 50, 155, 113,
176, 7, 63, 200, 188, 88, 93, 185, 52, 122, 232, 184, 5, 92, 128, 141,
215, 47, 160}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created:  [Session-3, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
main, READ: TLSv1 Handshake, length = 1994
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=clientlogin.ibb.ubstest.com, OU=UBSIB, O=UBS AG, L=London,
ST=London, C=GB
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
129447541890145071991101022832002158109224708439675452036468410592539104
637620478652526718037227906229222675361363850333837737575329466356863962
392654796921872195279584926011841169198219527620607459149008274790934011
223281850698270175234503465747086981862399311660626647499698802797322295
858505156739339909657
  public exponent: 65537
  Validity: [From: Tue Apr 01 01:00:00 BST 2008,
               To: Thu Apr 02 00:59:59 BST 2009]
  Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97
VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign,
Inc.", O=VeriSign Trust Network
  SerialNumber: [    7f3da1e2 8d621fba 18475783 c7a092d8]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.12 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 62 30 60 A1 5E A0 5C   30 5A 30 58 30 56 16 09
.b0`.^.\0Z0X0V..
0010: 69 6D 61 67 65 2F 67 69   66 30 21 30 1F 30 07 06
image/gif0!0.0..
0020: 05 2B 0E 03 02 1A 04 14   4B 6B B9 28 96 06 0C BB
.+......Kk.(....
0030: D0 52 38 9B 29 AC 4B 07   8B 21 05 18 30 26 16 24
.R8.).K..!..0&.$
0040: 68 74 74 70 3A 2F 2F 6C   6F 67 6F 2E 76 65 72 69
http://logo.veri
0050: 73 69 67 6E 2E 63 6F 6D   2F 76 73 6C 6F 67 6F 31
sign.com/vslogo1
0060: 2E 67 69 66                                        .gif


[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.verisign.com/Class3InternationalServer.crl]
]]

[3]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  2.16.840.1.113730.4.1
  serverAuth
  clientAuth
]

[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 76 65
..https://www.ve
0010: 72 69 73 69 67 6E 2E 63   6F 6D 2F 72 70 61        risign.com/rpa

]]  ]
]

[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.verisign.com]
]

[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 7B D1 C1 72 D7 F0 EF 59   61 22 DC E2 7E 8F D0 20  ...r...Ya".....

0010: F8 67 9A F9 C5 D4 91 87   EB 7F BE 2E C4 21 BF 9B
.g...........!..
0020: 55 98 A6 3A 4A 3B 46 6D   86 28 73 2C 11 46 23 C3
U..:J;Fm.(s,.F#.
0030: 47 30 E7 59 C6 4B E6 31   F3 47 A5 C0 B3 38 DF 71
G0.Y.K.1.G...8.q
0040: 8B F8 14 51 3D 2D 49 52   AC 01 88 A5 DA 2B EA 67
...Q=-IR.....+.g
0050: 82 60 F0 E3 B6 45 1C 31   15 FD 2B 78 E8 26 E9 0E
.`...E.1..+x.&..
0060: 4C 91 46 25 C9 CA FE 17   0B 49 0A 7D 41 0A 01 C4
L.F%.....I..A...
0070: 98 C1 1F B7 10 F5 ED BB   2F C9 DC 60 7B 9F 79 64
......../..`..yd

]
chain [1] = [
[
  Version: V3
  Subject: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97
VeriSign, OU=VeriSign International Server CA - Class 3, OU="VeriSign,
Inc.", O=VeriSign Trust Network
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
152038337595048255423847391294280316829513160608880590645748454678611296
410614722508245144022405726502805452059694145417254341557335953427821740
975082044924575579268245924346494324451976855998250066581618028401376050
836623416546828558818294849045727347102003201845243865318616842453964918
804144784127904873327
  public exponent: 65537
  Validity: [From: Thu Apr 17 01:00:00 BST 1997,
               To: Tue Oct 25 00:59:59 BST 2011]
  Issuer: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  SerialNumber: [    254b8a85 3842cce3 58f8c5dd ae226ea4]

Certificate Extensions: 6
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL CA
   S/MIME CA
]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.verisign.com/pca3.crl]
]]

[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
  2.16.840.1.113730.4.1
  2.16.840.1.113733.1.8.1
]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.113733.1.7.1.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 76 65
..https://www.ve
0010: 72 69 73 69 67 6E 2E 63   6F 6D 2F 43 50 53        risign.com/CPS

]]  ]
]

[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:0
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 08 01 EC E4 68 94 03 42   F1 73 F1 23 A2 3A DE E9
....h..B.s.#.:..
0010: F1 DA C6 54 C4 23 3E 86   EA CF 6A 3A 33 AB EA 9C
...T.#>...j:3...
0020: 04 14 07 36 06 0B F9 88   6F D5 13 EE 29 2B C3 E4
...6....o...)+..
0030: 72 8D 44 ED D1 AC 20 09   2D E1 F6 E1 19 05 38 B0  r.D...
.-.....8.
0040: 3D 0F 9F 7F F8 9E 02 DC   86 02 86 61 4E 26 5F 5E
=..........aN&_^
0050: 9F 92 1E 0C 24 A4 F5 D0   70 13 CF 26 C3 43 3D 49
....$...p..&.C=I
0060: 1D 9E 82 2E 52 5F BC 3E   C6 66 29 01 8E 4E 92 2C
....R_.>.f)..N.,
0070: BC 46 75 03 82 AC 73 E9   D9 7E 0B 67 EF 54 52 1A
.Fu...s....g.TR.

]
***
Found trusted certificate:
[
[
  Version: V1
  Subject: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  Signature Algorithm: MD2withRSA, OID = 1.2.840.113549.1.1.2

  Key:  Sun RSA public key, 1024 bits
  modulus:
141400322044550516865173371773024584879899609644618927642375342633349057
300960400037232334924701046781298765077061770383151646234219179990772047
200045837817821582483532549791304588064624083040538534190301571832597441
704620988055765289140138246856927863523873759538652326729606982847841094
220861282830980236711
  public exponent: 65537
  Validity: [From: Mon Jan 29 00:00:00 GMT 1996,
               To: Wed Aug 02 00:59:59 BST 2028]
  Issuer: OU=Class 3 Public Primary Certification Authority,
O="VeriSign, Inc.", C=US
  SerialNumber: [    70bae41d 10d92934 b638ca7b 03ccbabf]

]
  Algorithm: [MD2withRSA]
  Signature:
0000: BB 4C 12 2B CF 2C 26 00   4F 14 13 DD A6 FB FC 0A
.L.+.,&.O.......
0010: 11 84 8C F3 28 1C 67 92   2F 7C B6 C5 FA DF F0 E8
....(.g./.......
0020: 95 BC 1D 8F 6C 2C A8 51   CC 73 D8 A4 C0 53 F0 4E
....l,.Q.s...S.N
0030: D6 26 C0 76 01 57 81 92   5E 21 F1 D1 B1 FF E7 D0
.&.v.W..^!......
0040: 21 58 CD 69 17 E3 44 1C   9C 19 44 39 89 5C DC 9C
!X.i..D...D9.\..
0050: 00 0F 56 8D 02 99 ED A2   90 45 4C E4 BB 10 A4 3D
..V......EL....=
0060: F0 32 03 0E F1 CE F8 E8   C9 51 8C E6 62 9F E6 9F
.2.......Q..b...
0070: C0 7D B7 72 9C C9 36 3A   6B 9F 4E A8 FF 64 0D 64
...r..6:k.N..d.d

]
main, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 134
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 17 2E 8D 74 15 0C   D5 16 58 87 90 F4 60 3A
.....t....X...`:
0010: D8 41 06 E7 85 8A A7 F7   D5 28 F9 D3 71 AA D1 47
.A.......(..q..G
0020: EB 80 8B 05 5D D7 DD ED   58 79 06 1B E1 20 8E DE  ....]...Xy...
..
CONNECTION KEYGEN:
Client Nonce:
0000: 48 C9 34 56 F2 A2 2A F0   F0 97 BF E8 82 83 67 7E
H.4V..*.......g.
0010: 98 E6 0D 85 EF 26 8A 93   F8 E6 36 2F C2 DD 40 A1
.....&....6/..@.
Server Nonce:
0000: 48 C9 34 56 58 61 49 C5   1A 8A A4 D6 52 22 08 02
H.4VXaI.....R"..
0010: 47 D0 99 89 77 03 4C 5D   D7 F5 B0 1A 07 15 7F E1
G...w.L]........
Master Secret:
0000: FA C1 83 6E 31 63 EF 1C   B1 E1 C5 AF F6 D7 28 24
...n1c........($
0010: DE FD 55 49 0F C9 04 F8   5D 81 DD AD 9A 24 67 36
..UI....]....$g6
0020: 15 26 CA 5F 0D 71 6B 6F   81 9A E4 03 1E 58 D9 27
.&._.qko.....X.'
Client MAC write Secret:
0000: 61 83 E3 AB 94 05 AE FA   C3 66 47 EA 22 21 7D 57
a........fG."!.W
Server MAC write Secret:
0000: C3 00 10 52 7B 19 9A 6A   00 E7 47 85 F4 8C F7 B2
...R...j..G.....
Client write key:
0000: 3C AA AE C9 11 F9 19 18   E4 83 B8 96 D8 0E BB E7
<...............
Server write key:
0000: 34 75 B0 D6 FA 4A 2B AB   E9 3F 60 F8 97 EF 03 B9
4u...J+..?`.....
... no IV used for this cipher
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 198, 118, 20, 25, 4, 49, 8, 153, 177, 95, 97, 83 }
***
main, WRITE: TLSv1 Handshake, length = 32
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 32
*** Finished
verify_data:  { 213, 190, 225, 76, 127, 110, 180, 89, 1, 115, 48, 64 }
***
%% Cached client session: [Session-3, SSL_RSA_WITH_RC4_128_MD5]
main, WRITE: TLSv1 Application Data, length = 142
main, READ: TLSv1 Application Data, length = 283
main, READ: TLSv1 Alert, length = 18
main, RECV TLSv1 ALERT:  warning, close_notify
main, called closeInternal(false)
main, SEND TLSv1 ALERT:  warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 18
main, called close()
main, called closeInternal(true) 

###################### END TRACE ######################

I have a suspicion the solution may involve a custom
SecureProtocolSocketFactory, but I have been unable to solve the problem
myself.

Can anyone give me any pointers?

Thanks,

Damian

Visit our website at http://www.ubs.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.
	
E-mails are not encrypted and cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses.  The sender 
therefore does not accept liability for any errors or omissions in the 
contents of this message which arise as a result of e-mail transmission.  
If verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities 
or related financial instruments.

UBS Limited is a company registered in England & Wales under company
number 2035362, whose registered office is at 1 Finsbury Avenue,
London, EC2M 2PP, United Kingdom.

UBS AG (London Branch) is registered as a branch of a foreign company
under number BR004507, whose registered office is at
1 Finsbury Avenue, London, EC2M 2PP, United Kingdom.

UBS Clearing and Execution Services Limited is a company registered
in England & Wales under company number 03123037, whose registered
office is at 1 Finsbury Avenue, London, EC2M 2PP, United Kingdom.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message