[Da du ja anscheinend aus Oesterreich bist, antworte ich dir mal off-list auf Deutsch.] On Tue, 2008-06-17 at 09:56 +0200, Gerhard Fliess wrote: > Hi, > > I am working an a project that needs TLS with client authentication on > an embedded system (ARM-linux) with keys stored in pkcs12. I have > successfully ported the jamvm and classpath on this plattform. Now > I am working on the TLS part on a virtual machine not directly on the > embedded bord. In this development-environment I am using this setup: > > Client: > > - Debian Linux 2.6.18-6-686 > - jamvm 1.5.1 > - classpath 0.97.1 > - bouncycastle provider bcprov15-139 (pkcs12 support) > > Server: > > - Debian Linux > - Sun jdk 1.6 > > > The problem is, a BAD_CERTIFICATE error occurs during the handshake. > > The client answers server-hello, with write_certificate, > write-client-key-exchange and write_certificate_verify. After that the > client recieves the bad_certificate alert from the server caused by > "certificate verify message signature error". > > The private key of the client is sored in a pkcs12 file loaded via > bcprovider, the trusted key of the server is stored in a gkr. Hallo! Ich weiss zwar nicht ob ich dir mit dem GNU Classpath Problem helfen kann, aber ich wollte einfach mal fragen, was das fuer ein Projekt ist? Und vorallem, wie gross dieses Embedded System ist (CPU, Memory, Flash)? Man koennte das ganze naemlich mit CACAO und OpenJDK auf ARM auch machen... - twisti
