>Note that Eric Young has had some curious
>interpretations of the spec in that area in
>the past -- hard to say what the problem
>really is until more investigation happens.
>That includes Sun knowing which versions of
>all the packages you're using.
Thank you for the response! I am using:
SSLEAY 0.9.0b, NT4.0
JDK1.2beta4
ssl.jar, x509v1.jar bundled with HotJavaBrowser 1.1.5
jafe.dll from the <HotJavaInstalldir>\bin
And I am still looking for some pricing info on this ssl library from Sun.
Is there any published info on the net?
> (With TLS support,
>this was a critical issue since TLS made
>DHE_DSS mandatory.)
Um... I wonder why TLS would push DHE_DSS to be mandatory. I welcome some
education on that.
During the course of the day- I converted a .pem format certificate into
DER using ssleay req -in file.pem -out file.der -outform DER
The certificate is read properly by the x509Certificate class and I can
print issuer and subject information, as well as verify it.
I am going to start working on testing if I can read a DSAPrivateKey using
the jdk1.2beta4 classes.
Thanks.
-Arjun
>
>- Dave
>
>
>Jeff Nisewanger wrote:
>>
>> > Exception while reading/writing data Server key,
>> > java.security.SignatureException: invalid encoding for signature
>> > javax.net.ssl.SSLException: Server key, java.security.SignatureException:
>> > invalid encoding for signature
>> > at
>> >
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:157)
>> > at sun.security.ssl.Handshaker.process_record(Compiled Code)
>> > at sun.security.ssl.SSLSocketImpl.clearPipeline(Compiled Code)
>> > at sun.security.ssl.SSLSocketImpl.write(Compiled Code)
>> > at sun.security.ssl.AppOutputStream.write(Compiled Code)
>> > at DH.<init>(Compiled Code)
>> > at DH.main(DH.java:77)
>>
>> Sigh. This may be a bug in our handling of the signature element
>> in the Server Key Exchange message in SSL_DHE_DSS_* cipher suites.
>> Apparently we are not encoding/decoding the 16-bit length header before
>> the signature bits correctly.
>>
>> > I'd be happy to mail the secserver file and certs if anyone is
interested.
>>
>> Sure. Please send these to me directly.
>>
>>
>>
>> Jeff
>
>