[Haskell-cafe] Taking the TLS package for a spin ... and failing
Mads Lindstrøm
mads.lindstroem at gmail.com
Mon Dec 13 01:22:17 CET 2010
Hi again,
I found a simpler way to test the server connection, but it is still not
working. Namely,
> penssl s_client -connect 192.168.1.6:8000
> CONNECTED(00000003)
> 18683:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:188:
Regards,
Mads Lindstrøm
On Sun, 2010-12-12 at 20:14 +0100, Mads Lindstrøm wrote:
> Hi Haskellers,
>
>
> I am trying to connect a Java client to a Haskell server using the
> Haskell tls package, and things are not working out for me. There is a
> lot of steps involved and I do not know what I am doing wrong, so this
> is a long message. But first I create a private/public key-pair:
>
> > openssl genrsa -out privkey.pem 2048
>
> then I make a self-signed certificate:
>
> > openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
>
> > Country Name (2 letter code) [AU]:
> > State or Province Name (full name) [Some-State]:
> > Locality Name (eg, city) []:
> > Organization Name (eg, company) [Internet Widgits Pty Ltd]:
> > Organizational Unit Name (eg, section) []:
> > Common Name (eg, YOUR name) []:192.168.1.6
> > Email Address []:
>
> then I convert the certificate to DER format and stuff it into a Java
> keystore:
>
> > openssl x509 -in cacert.pem -out cert.der -outform DER
> > keytool -keystore myKeystore.store -importcert -storepass foobar -keypass foobar -file cert.der
>
> now I start the Haskell server:
>
> > ghc -hide-package monads-tf Server.hs -e main
>
> and then the Java client:
>
> > javac Client.java
> > java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=myKeystore.store -Djavax.net.ssl.trustStorePassword=foobar Client >JavaClientOutput.txt 2>&1
>
> The server output is:
>
> > <interactive>: user error (unexpected type received. expecting handshake ++ Left (Error_Packet "invalid type"))
>
> and not "Hello world" as expected.
>
> The client output is very long, but the most interesting part is
> properly:
>
> > main, received EOFException: error
> > main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
> > main, SEND TLSv1 ALERT: fatal, description = handshake_failure
>
> I have attached the Haskell server, the Java client and the full java
> output. Hope somebody can help figure out what I do wrong.
>
> I am using the Haskell tsl package version 0.3.1. And I run Debian
> Linux.
>
>
> I also tried connecting a Java client to a Java server. First create
> server keystore:
>
> > openssl pkcs8 -topk8 -nocrypt -in privkey.pem -inform PEM -out privkey.der -outform DER
> > java -Dkeystore=myServerKeystore.store ImportKey privkey.der cert.der
>
> ImportKey.java can be found here
> http://www.agentbob.info/agentbob/79-AB.html .
>
> then start Java server:
>
> > javac JavaServer.java
> > java -Djavax.net.ssl.keyStore=myServerKeystore.store -Djavax.net.ssl.keyStorePassword=importkey JavaServer
>
> and run the client again:
>
> > java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=myKeystore.store -Djavax.net.ssl.trustStorePassword=foobar Client
>
> and the server outputs:
>
> > Hello world
>
> as expected. Thus I think the certificates are fine, and the Java client
> is fine. But what am I doing wrong in the Haskell server?
>
> I have attached JavaServer.java.
>
>
> Regards,
>
> Mads Lindstrøm
>
More information about the Haskell-Cafe
mailing list