Hi,
I was wondering if people among the happy few who got PureTLS (0.9b3)
running with Tomcat 4.1 or 5.0 post some kind of small HOWTO.
I'm running Linux (RH 7.3, with IBM 1.4.0 or Sun 1.4.1).
I read on the PureTLS website (err, sorry webpage) that it supported
OpenSSL certs. So I should be able to reuse the certs I generated for
mod_ssl ?
Anyway, that's for later. In order to avoid making mistakes, I reused
the .pem files I found in the distribution.
After tweaking my server.xml to point at the right files (of course, I
had to read the sources to know how to do it), I got the following
exceptions:
- with IBM JDK:
Caused by: java.lang.InternalError:
java.security.NoSuchAlgorithmException: class configured for Cipher:
com.ibm.crypto.
provider.DESedeCipher is not a subclass of xjava.security.Cipher
at COM.claymoresystems.crypto.PEMData.readPEMObject(Unknown Source)
at
COM.claymoresystems.crypto.EAYEncryptedPrivateKey.createPrivateKey(Unknown
Source)
at COM.claymoresystems.ptls.SSLContext.loadEAYKeyFile(Unknown
Source)
at COM.claymoresystems.ptls.SSLContext.loadEAYKeyFile(Unknown
Source)
at
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.init(PureTLSSocketFactory.java:165)
at
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.createSocket(PureTLSSocketFactory.java:104)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:275)
- with Sun JDK:
java.io.IOException: PKCS#5: Invalid number of padding bytes
at
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.init(PureTLSSocketFactory.java:175)
at
org.apache.tomcat.util.net.puretls.PureTLSSocketFactory.createSocket(PureTLSSocketFactory.java:104)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:275)
at
org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:150)
If PureTLS isn't compatible with IBM JVM, then fine, but I can't see its
usefulness. As for the error with Sun VM, I don't know what to do (there
doesn't seem to be any docs at all anywhere) ...
Any ideas ?
Remy
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
- Re: DO NOT REPLY [Bug 16001] -... Remy Maucherat
- Re: DO NOT REPLY [Bug 16001] -... Torsten Fohrer
- Re: DO NOT REPLY [Bug 16001] -... Costin Manolache
- Re: DO NOT REPLY [Bug 16001] -... Remy Maucherat
- Re: DO NOT REPLY [Bug 16001] -... Torsten Fohrer
- Re: DO NOT REPLY [Bug 16001] -... Costin Manolache
- Re: DO NOT REPLY [Bug 16001] -... Glenn Nielsen
- Re: DO NOT REPLY [Bug 16001] -... Torsten Fohrer
- Tag Pooling ( was: Re: DO NOT R... Costin Manolache
- Re: Tag Pooling ( was: Re: DO N... Glenn Nielsen
- Re: Making PureTLS work Remy Maucherat
- Re: Making PureTLS work Eric Rescorla
- Re: Making PureTLS work Remy Maucherat
- Re: Making PureTLS work Eric Rescorla
- RE: DO NOT REPLY [Bug 16001] - Tag.release() not invo... Tim Moore
- Re: DO NOT REPLY [Bug 16001] - Tag.release() not... Hans Bergsten
- DO NOT REPLY [Bug 16001] - Tag.release() not invoked bugzilla
- DO NOT REPLY [Bug 16001] - Tag.release() not invoked bugzilla
- DO NOT REPLY [Bug 16001] - Tag.release() not invoked bugzilla
- DO NOT REPLY [Bug 16001] - Tag.release() not invoked bugzilla
- DO NOT REPLY [Bug 16001] - Tag.release() not invoked bugzilla