Skip to main content

JXTA TLS transport + PSE membership

3 replies [Last post]
sergeya
Offline
Joined: 2007-08-17

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
khalid1966
Offline
Joined: 2007-10-07

HI
I have almost the same config but I would like to know how the peer will use the certificate chain that he will get from the admin.
In my setup the peer continue using the certificate that the jxta platform created for him not the new one.
please help

sergeya
Offline
Joined: 2007-08-17

My last sentences were broken in previous post. See below fix.

One more problem I have found in net.jxta.impl.endpoint.TlsConn$ PSECredentialKeyManager
method getServerAliases
it checks just issuer of top certificate of TLS credential

I have changed the following code
if (allIssuers.contains(cred.getCertificate().getIssuerX500Principal())) {
return new String[] { "theone" };
} else {
return null;
}

To
X509Certificate[] chain = cred.getCertificateChain();
for (int i = 0; i < chain.length; i++)
{
X500Principal principal = chain i .getIssuerX500Principal();
if (allIssuers.contains(principal))
{
return new String[] { "theone" };
}
}
return null;

looks like it is related to issuer 66
Possible it can helps to somebody

https://jxta-jxse.dev.java.net/issues/show_bug.cgi?id=66

Message was edited by: sergeya

bondolo
Offline
Joined: 2003-06-11

I have applied your patch and am now testing it.