Does anybody know why the Kannel security patch's (kwtls) mk_cert command cannot generate valid self-signed certificates to work with kwtls, while it is possible to establish a secure communication by the self-signed built-in certificates? mk_cert does generate the 1024, 768 and 512 bit RSA keys and the corresponding certificates with no error messages, however, these do not work with kwtls. When kwtls is run with the generated certificates, I get an "unsupported certificate" alert at the end. Any idea?
Regards, Mutlu
--------------
Kwtls v 0.1.3 (RSA 1024,768,512) (RSA_anon 1024,768,512) (DH_anon 1024,768,512) (RC5_CBC/56/40) (DES) (MAC)
Initialazing random generator.... Ok
Loaded RSA 1024 Key from file Loaded RSA 768 Key from file Loaded RSA 512 Key from file IP gateway address : localhost listening on port 9203. Received from 217.31.230.62 (37427). No machine found... creating one kannel_socket is 4. client_version is 1.
------------UniClient hello info--------------
>> client_version................. 01 >> client_gmt..................... 3eeeff8c >> client_random.................. b9 7f 44 3f 44 7a 57 c0 72 4a ea fe >> session_id..................... >> key_id_list_size............... 06
>> key_exchange_suit.............. 08
>> param_spec->parameter_index.... 00
>> id->identifier_type............ 00
>>INFO : Method ============================ WTLS_KEY_EXCHG_XYZ(RSA)
>> key_exchange_suit.............. 0a
>> param_spec->parameter_index.... 00
>> id->identifier_type............ 00
>>INFO : Method ============================ WTLS_KEY_EXCHG_XYZ(RSA)_768
>> key_exchange_suit.............. 09
>> param_spec->parameter_index.... 00
>> id->identifier_type............ 00
>>INFO : Method ============================ WTLS_KEY_EXCHG_XYZ(RSA)_512
>> key_exchange_suit.............. 05
>> param_spec->parameter_index.... 00
>> id->identifier_type............ 00
>>INFO : Method ============================ WTLS_KEY_EXCHG_XYZ(RSA)_ANON
>> key_exchange_suit.............. 07
>> param_spec->parameter_index.... 00
>> id->identifier_type............ 00
>>INFO : Method ============================ WTLS_KEY_EXCHG_XYZ_(RSA)ANON_768
>> key_exchange_suit.............. 06
>> param_spec->parameter_index.... 00
>> id->identifier_type............ 00
>>INFO : Method ============================ WTLS_KEY_EXCHG_XYZ(RSA)_ANON_512
>> trusted_keys_ids_size.......... 00
>> cipher_suites->size............ 07
>> cipher_bulk_cipher_algorithm... 03
>> cipher_mac_algorithm........... 03
>>INFO : Cipher:RC5_CBC Export:false Type:Block KeyMat(by):16 ExpKM(by):16 EffKb(bi):128 IV(by):8 Blk(by):8
>>INFO : SHA KS(by):20 MacS:20
>> cipher_bulk_cipher_algorithm... 03
>> cipher_mac_algorithm........... 02
>>INFO : Cipher:RC5_CBC Export:false Type:Block KeyMat(by):16 ExpKM(by):16 EffKb(bi):128 IV(by):8 Blk(by):8
>>INFO : SHA_80 KS(by):20 MacS:10
>> cipher_bulk_cipher_algorithm... 03
>> cipher_mac_algorithm........... 01
>>INFO : Cipher:RC5_CBC Export:false Type:Block KeyMat(by):16 ExpKM(by):16 EffKb(bi):128 IV(by):8 Blk(by):8
>>INFO : SHA_40 KS(by):20 MacS:5
>> cipher_bulk_cipher_algorithm... 02
>> cipher_mac_algorithm........... 03
>>INFO : Cipher:RC5_CBC_56 Export:true Type:Block KeyMat(by):7 ExpKM(by):16 EffKb(bi):56 IV(by):8 Blk(by):8
>>INFO : SHA KS(by):20 MacS:20
>> cipher_bulk_cipher_algorithm... 02
>> cipher_mac_algorithm........... 02
>>INFO : Cipher:RC5_CBC_56 Export:true Type:Block KeyMat(by):7 ExpKM(by):16 EffKb(bi):56 IV(by):8 Blk(by):8
>>INFO : SHA_80 KS(by):20 MacS:10
>> cipher_bulk_cipher_algorithm... 01
>> cipher_mac_algorithm........... 03
>>INFO : Cipher:RC5_CBC_40 Export:true Type:Block KeyMat(by):5 ExpKM(by):16 EffKb(bi):40 IV(by):8 Blk(by):8
>>INFO : SHA KS(by):20 MacS:20
>> cipher_bulk_cipher_algorithm... 01
>> cipher_mac_algorithm........... 02
>>INFO : Cipher:RC5_CBC_40 Export:true Type:Block KeyMat(by):5 ExpKM(by):16 EffKb(bi):40 IV(by):8 Blk(by):8
>>INFO : SHA_80 KS(by):20 MacS:10
>> compression_list_size.......... 01
>> compression_method............. 00
>> sequence_mode.................. 02
>> key_refresh.................... 03
------------End UniClient hello info-----------
Assign NEW machine->current_security.session_id to [1] using YZ5_CBC as bulk algorithm
------------UniServer hello info--------------
>>server_version.............................. 01
>>srver_gmt................................... 3eeeff5d
>>Server_random............................... eb 9a 35 96 a7 84 b6 95 59 77 d5 59
>>session_id_data............................. 31
>>client_key_id..................... 01
>>INFO : Method ============================ WTLS_KEY_EXCHG_XYZ(RSA)
>> cipher_bulk_cipher_algorithm... 03
>> cipher_mac_algorithm........... 03
>>SUMMARY: Cipher:RC5_CBC Export:false Type:Block KeyMat(by):16 ExpKM(by):16 EffKb(bi):128 IV(by):8 Blk(by):8
>>SUMMARY: SHA KS(by):20 MacS:20
>>compression_method............. 00
>>sequence_mode.................. 02
>>key_refresh.................... 03
------------End UniServer hello info-----------
Using a stored crtificate. Received from 217.31.230.62 (37427). one machine SID[1] found in the list. Rising alert >> Num: 43 Desc: WTLS_ALERT_UNSUPPORTED_CERTIFICATE Level: WTLS_ALERT_FATAL
cannot occur, terminating handshake
