Databases
StackOverflow2013
Postsdbo
POjava secure socket without authentication?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POjava secure socket without authentication?
    text
    copied!<p>I have a trivial secure socket server-client program.<br> For the server certificates, I created a keystore using keytool.<br> When I try to connect to the server by my client I get these exceptions:<br> In server: </p> <pre><code>Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown </code></pre> <p>In client: </p> <pre><code>Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) </code></pre> <p>If my understanding is correct, these exceptions are caused due to the fact, that I am using certificates I created.<br> My question is the following:<br> If I set in the enabled cipher suites, both in server and in client, all the *_anon* cipher suites, shouldn't this solved the problem?<br> I mean If I enable the <code>*_anon_*</code> cipher suites then no authentication would be needed hence no exceptions.<br> Is this correct?<br> Because I still get exceptions. I tried having in the enabled cipher suites all the enabled+the _anon ones. No success. I tried setting only the anon ones and got a new exception: </p> <pre><code>Exception in thread "main" java.lang.IllegalArgumentException: Name must not be null </code></pre> <p>Could someone please explain why I get these exceptions, with the anon cipher suites?<br> <strong>Note:</strong><br> If I set on the client the system property <code>javax.net.ssl.trustStore</code> pointing to the keystore I created and being used by my server, the communication is fine!<br> The program works with no exceptions and the data are send ok, from client to server. </p> <hr> <p><strong>UPDATE:</strong><br> This is the snippet I use to enable the anon ciphers (I have done this for server and client part): </p> <pre><code>String[] supported = server.getSupportedCipherSuites(); String[] anonCipherSuitesSupported = new String[supported.length]; int count = 0; for(int i = 0; i &lt; supported.length; i++) { if(supported[i].indexOf("_anon_") &gt; 0) { anonCipherSuitesSupported[count++] = supported[i]; } } String[] oldEnabled = server.getEnabledCipherSuites(); String[] newEnabled = new String[oldEnabled.length + count]; System.arraycopy(oldEnabled, 0, newEnabled, 0, oldEnabled.length); System.arraycopy(anonCipherSuitesSupported, 0, newEnabled, oldEnabled.length, count); server.setEnabledCipherSuites(newEnabled); </code></pre> <p>The stack trace is on client side: </p> <pre><code>Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source) at sun.nio.cs.StreamEncoder.writeBytes(Unknown Source) at sun.nio.cs.StreamEncoder.implFlushBuffer(Unknown Source) at sun.nio.cs.StreamEncoder.implFlush(Unknown Source) at sun.nio.cs.StreamEncoder.flush(Unknown Source) at java.io.OutputStreamWriter.flush(Unknown Source) at com.client.SSLClient1.main(SSLClient1.java:58) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ... 14 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 20 more </code></pre> <p>and on server side: </p> <pre><code>Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source) at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source) at com.server.SecureOrderTaker.main(SecureOrderTaker.java:92) </code></pre> <p>Now if I simply do:</p> <pre><code>server.setEnabledCipherSuites(anonCipherSuitesSupported); </code></pre> <p>So that <strong>only the anon cipher suites are enabled</strong> I get: </p> <pre><code>Exception in thread "main" java.lang.IllegalArgumentException: Name must not be null at com.sun.net.ssl.internal.ssl.CipherSuite.valueOf(Unknown Source) at com.sun.net.ssl.internal.ssl.CipherSuiteList.&lt;init&gt;(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuites(Unknown Source) at com.server.SecureOrderTaker.main(SecureOrderTaker.java:82) </code></pre> <p>Thank you</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload