Re: FW: stunnel and java ---

Bethanapalli Santa Kumar EXT wrote:
> Hi
>       I am new to stunnel.....I need some help .....i want to write some 
> adapter for mycustomer....They opened stunnel for my ipaddress but we did not 
> open an stunnel from ourside  (Thats why i am currently using https to connect 
> to their site .Once S-tunnel enabled from ourside then i should connect only 
> with http ) .So i am currently using  this url in browser.
>
> https://123.456.789.123:12038/lic.cgi?msisdn=+491771234567&serviceid=13&type=getcobyno
>  ..i am getting results
>
> but i am unable to get the results if i am using java program ..... 
>
>
> i am using jdk1.4.1 on windows 2000 ...i hope when we use stunnel there is no 
> necessary to send certificates to server for handshake?Then how should i 
> proceed.
>
> I am not sure whether i should miss something here....like basic steps to 
> enable stunnel.
[SNIP]

>  If i use  https ://123.456.789.123:12038/lic.cgi? ; i am getting following error 
>
>  
>
> IO EXCEPTION: java.security.cert.CertificateException: Could not find trusted 
> certificate
> javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 
> Could not find trusted certificate

This is not an stunnel problem, but a JSSE problem. The client needs to 
trust the server. You need to setup your client TrustStore correctly, or 
tell it to forego all trust (not a great idea).
<http://forum.java.sun.com/thread.jsp?forum=2&thread=300415&message=1190555>

You should also be able to emulate the SSL handshake process using 
s_client, like this...
openssl s_client -connect 123.456.789.123:12038
(server certificate is presented)
(if you get this far, the server does in fact accept non-authenticated 
client connections)
GET /lic.cgi?msisdn=+491771234567&serviceid=13&type=getcobyno
(enter, enter)

You would then be shown the HTML source of the page asked for.
--
Some days it's just not worth chewing through the restraints...
Mark Foster <mark@xxxxxxxxx>  http://mark.foster.cc/