SSL Client - wrong certificate context

GlenVerran · Post by **GlenVerran** » Wed 11 Aug 2010 15:03

Hi there,

I am busy evaluating SecureBridge's SSL component and I've run in to some issues which I hope you'll be able to help me with.

I am running Delphi 5 in Windows Vista.

I created a small client app that connects to a server which is developed in Java using SSLv3. I got everything set up, but when I attempt to connect after it adds the cert, it indicates that it is connected and on the Java side the exception below is thrown. When I connect a second time (this time the storage component reads the certs from the file system, namely cert.cer.crt file is present on the file system), I get the error message "Wrong certificate context".

The cert isn't damaged or anything like that since I simply exported it from a keystore using Portacle. Basically, I selected the only entry in the keystore and exported it as a Head Certificate DER encoded.

The cert is read in by SecureBridge without any issues, but when I attempt to connect, that is when it fails with the above mentioned error.

On the Java side, I get the following exception

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

I know the Java side isn't at fault since we have been doing SSL for ages and it is working fine.

Here is the code that I wrote below.

I hope you'll be able to help me.
Thanks
~Glen

Code: Select all

procedure TForm1.Button1Click(Sender: TObject);
var
  cert : TScCertificate;
  storage : TScFileStorage;
  client : TScSSLClient;
  i : Integer;
  b : boolean;
  certName : String;
begin
  storage := TScFileStorage.Create(Self);
  client := TScSSLClient.Create(Self);
  try
    client.HostName := 'localHost';
    client.Port := 7777;
    client.Protocols := [spSsl3, spTls1];
    storage.Path := 'C:\temp\Cert';

    certName := 'cert.cer';

    b := False;
    for i := 0 to storage.Certificates.Count - 1 do begin
      cert := storage.Certificates[i];
      if (cert.CertName = certName) then begin
        b := True;
      end;
    end;
    if (not b) then begin
      cert := TScCertificate.Create(storage.Certificates);
      cert.CertName := CertName;
      cert.ImportFrom(CertName);
      cert.Ready := True;
    end;

    client.Storage := storage;
    client.CACertName := certName;

    client.Connect;
    if (client.Connected) then begin
      client.IsSecure := True;
      ShowMessage ('Connected');
      // now we do the communication we need to.
    end;
  except
    on E:Exception do begin
      ShowMessage (e.Message);
    end;
  end;
  client.Disconnect;
  client.Free;
  storage.Free;
end;

Dimon · Post by **Dimon** » Fri 13 Aug 2010 13:32

Please specify if the error is arised in the following code line:

Code: Select all

cert.Ready := True;

GlenVerran · Post by **GlenVerran** » Fri 13 Aug 2010 13:50

Hi there

The error appears when the line

Code: Select all

client.IsSecure := True;

is called. There is a pause for a while before the error is raised.

~Glen

Dimon · Post by **Dimon** » Mon 16 Aug 2010 12:48

This problem can arise if the server sends invalid certificate.
Please check if you can connect to your SSL server with any third-party SSL client.
Can I get access to your SSL server?

GlenVerran · Post by **GlenVerran** » Mon 16 Aug 2010 13:03

Unfortunately, I cannot give you access to my SSL server since it is located within my company network.

As for a 3rd party SSL client, can you recommend an app I can use to test this?

The thing is that we have been using SSL between Java apps for sometime now.

Dimon · Post by **Dimon** » Wed 18 Aug 2010 13:15

Please contact us by dmitryg*devart*com email and we will send you a custom build to test the problem.