Smalltalk › Cincom › VisualWorks

TLS Handshake CertificateVerify message

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

2 messages Options

Niels Duineveld

TLS Handshake CertificateVerify message

Hi,

I need to establish a secure connection, but i keep getting handshake failures. I noticed in the TLS spec that for a client authenticated handshake, at some point the client should send a CertificateVerify message. But I can't find an implementation of such a message.

The only reference i found is in a comment in
Smalltalk.Xtreams.TLSRSAKeyExchange>>clientHandshake

Am I missing something, or is this type of handshake not supported in VW9.1?

Kind Regards,

Niels Duineveld

--
------------------------------
AG5
Willem Fenengastraat 4C
1096 BN Amsterdam
www.ag5.nl

Tel: 020-4630942
Fax: 020-4630946

----------------------------------------------------------------------------------

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de

geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u
verzocht dat aan de afzender te melden en het bericht te verwijderen. Elk ongeoorloofd gebruik of verspreiding van dit bericht, geheel of gedeeltelijk is strikt verboden.



This message may contain information that is not intended for you. If you are not
the addressee or if this message was sent to you by mistake, you are requested to
inform the sender and delete the message. Any unauthorised use or dissemination of this message in whole or in part is strictly prohibited.

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc

mkobetic

Re: TLS Handshake CertificateVerify message

Yes, the new TLS implementation does not support client authentication yet. If a server sends CertificateRequest, VW will respond with an empty Certificate message, notifying the server that it doesn't have any certificate to offer. In this case the protocol omits the CertificateVerify message. The server then decides whether it will continue the handshake or not, most likely not since server has to be explicitly configured to request client authentication and presumably for a reason.

Best regards,

Martin

"Niels Duineveld"<[hidden email]> wrote:

> Date: March 18, 2013 8:41:44 AM
> From: Niels Duineveld <[hidden email]>
> To: [hidden email]
> Subject: [vwnc] TLS Handshake CertificateVerify message
>
> Hi,
> I need to establish a secure connection, but i keep getting handshake
> failures. I noticed in the TLS spec that for a client authenticated
> handshake, at some point the client should send a
> *CertificateVerify*message. But I can't find an implementation of such
> a message.
>
> The only reference i found is in a comment in
> Smalltalk.Xtreams.TLSRSAKeyExchange>>clientHandshake
>
> Am I missing something, or is this type of handshake not supported in VW9.1?
>
> Kind Regards,
> Niels Duineveld
>
> --
> ------------------------------
> AG5
> Willem Fenengastraat 4C
> 1096 BN Amsterdam
> www.ag5.nl
>
> Tel: 020-4630942
> Fax: 020-4630946
>
> ----------------------------------------------------------------------------------
> Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de
>
> geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u
> verzocht dat aan de afzender te melden en het bericht te verwijderen.
> Elk ongeoorloofd gebruik of verspreiding van dit bericht, geheel of
> gedeeltelijk is strikt verboden.
>
> This message may contain information that is not intended for you. If
> you are not
> the addressee or if this message was sent to you by mistake, you are
> requested to
> inform the sender and delete the message. Any unauthorised use or
> dissemination of this message in whole or in part is strictly
> prohibited.
>
> **
>
> _______________________________________________
> vwnc mailing list
> [hidden email]
> http://lists.cs.uiuc.edu/mailman/listinfo/vwnc
>

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc