Does SSL works at all in JamVm with classpath version 0.98 ???

>
> i am not able to run my web application on HTTPS port (secure port through
> SSL) although it run fine on normal HTTP port.
>
> Environment used to run web application is as-
>        GNU Classpath ver 0.98
>        JamVm ver 1.53
>        Jetty 1.6.8
>        Linux Debian based
>        IE and mozilla browser
>        keystore- type GKR
>        Crypto and SSL implementation-  in GNU Classpath ver 0.98
>
> Basically i got multiple issues while trying to run application on HTTPS
> ports, some of them i was able to resolve after debugging GNU classpath
> source code. Problems faced by me are described below-
>
> Problem # 1
> ----------------------
> -Server socket listening on HTTPS port (8443 in our case) not responding to
> requests coming from browser.
>
> After analysis, i have found that SSL server socket has been listening on
> HTTPS port 8443 and accepting initial request coming from browser for
> connection and creating SSL client socket in response. but after this there
> is no response from SSL client socket created earlier. It seem that no input
> stream is open to the client socket to read data coming from browser.
>
>
> I think above issue is coming due to some bug in the SSLSocketImpl class
> under gnu.javax.net.ssl.provider package. In constructor of this class,a new
> Socket is created (i do not know why??) which is stored in underlyingSocket
> variable of SSLSocketImpl class. All requests of read and write is then
> delegated to member variable underlyingSocket. I think after copying new
> socket reference to underlyingSocket variable, this socket(underlyingSocket)
> is not connected to same native socket which is created in response of
> initial request from browser therefore SSL client socket is not responding
> to the browser request.
>
> I have fixed this issue by not setting underlyingSocket variable to new
> Socket and adding check for null at all places where underlyingSocket is
> refereed. I have diverted all calls on underlyingSocket to super class of
> SSLSocketImpl.
>
> Please confirm whether is this a bug in the SSLSocketImpl class or have i
> done something  wrong?
>
> Problem # 2
> -----------------------
> SSL handshake starts working but IllegalArgumentException exception is
> coming from setLength API in Record class under gnu.javax.net.ssl.provider
> package.
>
>
> i think length check (between 0 and 16384 (2^14)) on SSL record is not
> correct. As per SSL RFC, length of final SSL record after encryption and
> compression may exceed by 2048 bytes.
>
> I have fixed this issue by changing maximum length to 17408.
>
> Please confirm is this the bug in the Record class?
>
> Problem # 3
> ------------------------
> In decrypt API of InputSecurityParameters  class under
> gnu.javax.net.ssl.provider package, sometimes length calculated for padding
> in case of block cipher is more then size of SSL record/fragment resulting
> in  IllegalArgumentException.
>
> I have seen this issue only with Internet explorer browser. At line # 173 in
> this class, IllegalArgumentException comes on calling positing API of
> ByteBuffer due to passing negative index.
>
>
>                                else if (record.version().compareTo(ProtocolVersion.TLS_1) >= 0)
>                                                  {
>                                                        // In TLSv1 and later, the padding must be `padlen' copies of the
>                                                        // value `padlen'.
>                                                        byte[] pad = new byte[padlen];
>
>                                                        //IllegalArgumentException comes at below line
>                                                        ((ByteBuffer) fragment.duplicate().position(record.length() - padlen
> - 1)).get(pad);
>
>
>                                                        for (int i = 0; i < pad.length; i++)
>                                                          if ((pad[i] & 0xFF) != padlen)
>                                                                badPadding = true;
>                                                        if (Debug.DEBUG)
>                                                          logger.logv(Component.SSL_RECORD_LAYER, "TLSv1.x padding\n{0}",
>                                                                                  new ByteArray(pad));
>                                          }
>
>
> To resolve this issue, time being i have put safe check of positive index
> before the line where exception is coming.
>
>
>
>
> Now even after resolving all above mentioned issues, sometimes bad
> certificate or not valid signature error is coming on browser on opening
> pages using HTTPS.
>
> I have to provide HTTPS support and now i am really stuck. please guide me
> in resolving SSL related issues.
> --
> View this message in context: http://www.nabble.com/Does-SSL--works-at-all-in-JamVm-with-classpath-version-0.98-----tp24515753p24515753.html
> Sent from the JamVM mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------------
> Enter the BlackBerry Developer Challenge
> This is your chance to win up to $100,000 in prizes! For a limited time,
> vendors submitting new applications to BlackBerry App World(TM) will have
> the opportunity to enter the BlackBerry Developer Challenge. See full prize
> details at: http://p.sf.net/sfu/Challenge
> _______________________________________________
> Jamvm-general mailing list
> Jamvm-general@...
> https://lists.sourceforge.net/lists/listinfo/jamvm-general
>