tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Jeffrey Tucker <mtuc...@eecs.harvard.edu>
Subject Debugging JSSE
Date Wed, 12 Nov 2003 02:19:23 GMT
Hi,

  I am still trying to figure out what is going wrong with my client-side
authentication. I've started using the OpenSSL command line tool to debug,
rather than a web browser. From the command line I am running:

OpenSSL>  s_client -connect localbox:8443 -cert client.pem -CAfile ca.pem
-state

Which open an SSL connection to my Tomcat connector port, with the
provided clientside cert and the cert for my CA. I am getting the
following output:

Loading 'screen' into random state - done
CONNECTED(000002CC)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1
/C=US/ST=Ma/L=Camb/O=MyCompany/OU=MyGroup/CN=ENDECA-CA/emailAddress=mr@e.com
verify return:1
depth=0
/C=US/ST=Ma/O=MyCompany/OU=MyGroup/CN=localbox
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server certificate request A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client certificate A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write certificate verify A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:error in SSLv3 read finished A
SSL_connect:error in SSLv3 read finished A
write:errno=10054

But I can't figure out how to find a log of what is happening on the other
side. I am using Tomcat 4.0.1 on a RedHat 7.3 system, but I don't know
where to look to find the JSSE output. I have looked at the tomcat log
files, and the catalina_log shows "The incoming request has been awaited"
and "The incoming request has been assigned", but there is nothing in my
access log or anything at all related to SSL or JSSE.

If you have any suggestions on how to debug this problem, please let me
know.

Thanks,
Mike

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message