Re: [Simpleweb-Support] SSL client certificate request: Safari 5 problem?
Brought to you by:
niallg
Menu
▾
▴
Re: [Simpleweb-Support] SSL client certificate request: Safari 5 problem?
|
From: Andrew B. <and...@sd...> - 2010-07-27 08:01:19
|
Thanks Niall - works like a charm on Safari 5 now... AndyB On 26 Jul 2010, at 20:48, Niall Gallagher wrote: > Hi, > > I have released 4.1.21 which fixes this issue by not requesting client authentication. If client authentication is needed it can be done just before the handshake begins by setting it on the SSLEngine associated with the org.simpleframework.transport.Socket. > > Regards, > Niall > > --- On Thu, 7/8/10, Andrew Barlow <and...@sd...> wrote: > > From: Andrew Barlow <and...@sd...> > Subject: [Simpleweb-Support] SSL client certificate request: Safari 5 problem? > To: sim...@li... > Date: Thursday, July 8, 2010, 1:14 AM > > Niall and Fabio kindly sent me links to example code for delivering web content over SSL, see http://sourceforge.net/mailarchive/forum.php?thread_name=AANLkTilp2LqrCGMJ5Io6hxFOJMLZqIYGNutDmYslm-gP%40mail.gmail.com&forum_name=simpleweb-support. > > As I need to use an existing signed certificate inside a Java keystore I've adopted/adapted Fabio's example which reads from the keystore file. > > I have set the SSLContext to "TLS". > > I've tested against a keystore containing a bona-fide signed certificate issued by Thawte and all is well across a range of browsers: Internet Explorer on Windows and Firefox, Opera, Chrome on Windows and Mac. > > However on Safari 5 (but NOT 4) on the Mac I encounter a message asking for a client certificate, see screenshot: > <clientcertificate.png> > > > Upon selecting a certificate (doesn't matter which), Safari then gives a message: > > "Safari can’t open the page “xxxx” because Safari can’t establish a secure connection to the server “xxxx”. > > On Windows behaviour is slightly different, Safari 5 simply displays the message without prompting for client certificate. > > As this works fine with other browsers, including earlier version of Safari could this be an Safari 5 issue that needs to be addressed by Apple? > > Andy Barlow - Chief Technology Officer - MBCS CENG EURING CITP > > e: and...@sd... > t: +44 (0)7830 302 268 > > The information in this email or facsimile is confidential and is intended solely for the addressee(s) and access to this email or facsimile by anyone else is unauthorised. If you are not the intended recipient then any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Information expressed in this email or facsimile is not given or endorsed by my firm or employer unless otherwise indicated by an authorised representative independent of this message. > > > -----Inline Attachment Follows----- > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Sprint > What will you do first with EVO, the first 4G phone? > Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first > > -----Inline Attachment Follows----- > > _______________________________________________ > Simpleweb-Support mailing list > Sim...@li... > https://lists.sourceforge.net/lists/listinfo/simpleweb-support > > ------------------------------------------------------------------------------ > The Palm PDK Hot Apps Program offers developers who use the > Plug-In Development Kit to bring their C/C++ apps to Palm for a share > of $1 Million in cash or HP Products. Visit us here for more details: > http://ad.doubleclick.net/clk;226879339;13503038;l? > http://clk.atdmt.com/CRS/go/247765532/direct/01/_______________________________________________ > Simpleweb-Support mailing list > Sim...@li... > https://lists.sourceforge.net/lists/listinfo/simpleweb-support Andy Barlow - Chief Technology Officer - MBCS CENG EURING CITP e: and...@sd... t: +44 (0)7830 302 268 The information in this email or facsimile is confidential and is intended solely for the addressee(s) and access to this email or facsimile by anyone else is unauthorised. If you are not the intended recipient then any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Information expressed in this email or facsimile is not given or endorsed by my firm or employer unless otherwise indicated by an authorised representative independent of this message. |
