Speak now
Please Wait Image Converting Into Text...
Embark on a journey of knowledge! Take the quiz and earn valuable credits.
Challenge yourself and boost your learning! Start the quiz now to earn credits.
Unlock your potential! Begin the quiz, answer questions, and accumulate credits along the way.
General Tech QA/Testing 2 years ago
Posted on 16 Aug 2022, this text provides information on QA/Testing related to General Tech. Please note that while accuracy is prioritized, the data presented might not be entirely correct or up-to-date. This information is offered for general knowledge and informational purposes only, and should not be considered as a substitute for professional advice.
Turn Your Knowledge into Earnings.
I'm writing a project that could get Ldap certificate from a remote server. It works fine for the general mode when the server does not require mutual certification. But when I try a server that requires mutual certification, it fails. Here is the code:
String serverSpec = null; boolean enableAnonSuites = false; boolean isTracing = false; // Try and parse command line arguments. try { serverSpec = "ldap://10.47.16.60:389"; } catch (Exception e) { trace(true,e.toString()); usage(); return; } try { // Create a SocketFactory that will be given to LDAP for // building SSL sockets MySocketFactory msf = new MySocketFactory(isTracing, enableAnonSuites); // Set up environment for creating initial context Hashtable env = new Hashtable(11); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); // Must use the name of the server that is found in its certificate env.put(Context.PROVIDER_URL, serverSpec ); // Create initial context trace(isTracing,"Creating new Ldapcontext"); LdapContext ctx = new InitialLdapContext(env, null); // Start trace(isTracing,"Performing StartTlsRequest"); StartTlsResponse tls = null; try { tls = (StartTlsResponse)ctx.extendedOperation(new StartTlsRequest()); } catch (NamingException e) { trace(true,"Unable to establish SSL connection:\n" +e); return; } // The default JSSE implementation will compare the hostname of // the server with the hostname in the server's certificate, and // will not proceed unless they match. To override this behaviour, // you have to provide your own HostNameVerifier object. The // example below simply bypasses the check tls.setHostnameVerifier(new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true; } }); // Negotiate SSL on the connection using our own SocketFactory trace(isTracing,"Negotiating SSL"); SSLSession sess = null; sess = tls.negotiate(msf); X509Certificate[] cert = sess.getPeerCertificateChain();
The exception information is as follows: "javax.net.ssl.SSLException: Received fatal alert: internal error", and it happens at the "negotiate" method. And I analyzed the wireshark trace information and am sure this is because the server requires mutual certification. Right now, I'm wondering if there are certain class that is in the com.sun.jndi.ldap package that could be useful for this problem. Could anyone help?
You can't. If there was such a class in the JDK it would be insecure. If the server requires a client certificate and won't operate without one, you have to provide one. That's the point of the exception.
No matter what stage you're at in your education or career, TuteeHub will help you reach the next level that you're aiming for. Simply,Choose a subject/topic and get started in self-paced practice sessions to improve your knowledge and scores.
General Tech 10 Answers
General Tech 7 Answers
General Tech 3 Answers
General Tech 9 Answers
General Tech 2 Answers
Ready to take your education and career to the next level? Register today and join our growing community of learners and professionals.