Hi again, I found a simpler way to test the server connection, but it is still not working. Namely,
> penssl s_client -connect 192.168.1.6:8000 > CONNECTED(00000003) > 18683:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > > failure:s23_lib.c:188: Regards, Mads Lindstrøm On Sun, 2010-12-12 at 20:14 +0100, Mads Lindstrøm wrote: > Hi Haskellers, > > > I am trying to connect a Java client to a Haskell server using the > Haskell tls package, and things are not working out for me. There is a > lot of steps involved and I do not know what I am doing wrong, so this > is a long message. But first I create a private/public key-pair: > > > openssl genrsa -out privkey.pem 2048 > > then I make a self-signed certificate: > > > openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 > > > Country Name (2 letter code) [AU]: > > State or Province Name (full name) [Some-State]: > > Locality Name (eg, city) []: > > Organization Name (eg, company) [Internet Widgits Pty Ltd]: > > Organizational Unit Name (eg, section) []: > > Common Name (eg, YOUR name) []:192.168.1.6 > > Email Address []: > > then I convert the certificate to DER format and stuff it into a Java > keystore: > > > openssl x509 -in cacert.pem -out cert.der -outform DER > > keytool -keystore myKeystore.store -importcert -storepass foobar -keypass > > foobar -file cert.der > > now I start the Haskell server: > > > ghc -hide-package monads-tf Server.hs -e main > > and then the Java client: > > > javac Client.java > > java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=myKeystore.store > > -Djavax.net.ssl.trustStorePassword=foobar Client >JavaClientOutput.txt 2>&1 > > The server output is: > > > <interactive>: user error (unexpected type received. expecting handshake ++ > > Left (Error_Packet "invalid type")) > > and not "Hello world" as expected. > > The client output is very long, but the most interesting part is > properly: > > > main, received EOFException: error > > main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host > > closed connection during handshake > > main, SEND TLSv1 ALERT: fatal, description = handshake_failure > > I have attached the Haskell server, the Java client and the full java > output. Hope somebody can help figure out what I do wrong. > > I am using the Haskell tsl package version 0.3.1. And I run Debian > Linux. > > > I also tried connecting a Java client to a Java server. First create > server keystore: > > > openssl pkcs8 -topk8 -nocrypt -in privkey.pem -inform PEM -out privkey.der > > -outform DER > > java -Dkeystore=myServerKeystore.store ImportKey privkey.der cert.der > > ImportKey.java can be found here > http://www.agentbob.info/agentbob/79-AB.html . > > then start Java server: > > > javac JavaServer.java > > java -Djavax.net.ssl.keyStore=myServerKeystore.store > > -Djavax.net.ssl.keyStorePassword=importkey JavaServer > > and run the client again: > > > java -Djavax.net.debug=all -Djavax.net.ssl.trustStore=myKeystore.store > > -Djavax.net.ssl.trustStorePassword=foobar Client > > and the server outputs: > > > Hello world > > as expected. Thus I think the certificates are fine, and the Java client > is fine. But what am I doing wrong in the Haskell server? > > I have attached JavaServer.java. > > > Regards, > > Mads Lindstrøm > _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe