Authenticated Client Handshake SMTP STARTTLS
843834Oct 9 2008 — edited Oct 9 2008Hi,
Someone can help me ? I'm searching to send client certificat to my postfix's server.
With Wireshark (Ethereal), i can see :
* the request STARTTLS and reply
* the presentation of server certificate
After the postfix'server close the connexion because "No client certificate presented"
My "gestionnaire.absence.p12" is a certificat create with YAST include : (key 1024)
- digital signature
- Non repudation
- Key encipherment
- Key Agreement
- Certificate Sign
I've used too the Keytool command to include CA certificats.
if I desactive the "smtpd_tls_requert_cert = true" in postfix, there is no problem. But it's not the solution for me.
Thanks.
ps: sorry for my English.
********** code and debug ************
try {
Properties props = new Properties ();
props = System.getProperties();
props.put("mail.smtp.host", "mail.info1.fr");
props.put("mail.smtp.port", 25);
props.put("mail.smtp.debug", "true");
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.auth.plain.disable", "true");
props.put("mail.transport.protocol","smtp");
props.put("mail.from","gestionnaire.absence@info1.fr");
KeyManagerFactory mgrFact = KeyManagerFactory.getInstance("SunX509");
KeyStore clientStore = KeyStore.getInstance("PKCS12");
clientStore.load(new FileInputStream("/root/gestionnaire.absence.p12"),"azerty".toCharArray());
mgrFact.init(clientStore, "azerty".toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(mgrFact.getKeyManagers(), null, null);
SSLSocketFactory fact = sslContext.getSocketFactory();
props.put("mail.smtp.socketFactory.port", 25);
/*
* So here :
* props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory" );
*/ bug : i can't receive server certificat. The connexion close at the begining.
props.put("mail.smtp.socketFactory.class", fact);
props.put("mail.smtp.socketFactory.fallback","false");
props.put("mail.smtp.starttls.enable", "true");
System.setProperty("javax.net.debug","ssl,handshake");
Authenticator auth = new SMTPAuthenticator();
Session session = Session.getDefaultInstance(props,auth);
// Message mime
MimeMessage message = new MimeMessage(session);
message.setFrom(new InternetAddress("gestionnaire.absence@info1.fr"));
message.addRecipient(MimeMessage.RecipientType.TO, new InternetAddress("mr.xyz@info1.fr"));
message.setSubject("SUJET TEST");
message.setText("message de test");
// Envoie
session.setDebug(true);
Transport.send(message);
}
catch (Exception ae){
//log.error(" Erreur création / envoie d'un nouveau message ! ");
//log.error("Unexpected exception", ae);
}
********************************************************************************************
consol DEBUG :
DEBUG: setDebug: JavaMail version 1.4.1
DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "mail.info1.fr", port 25, isSSL false
220 Veuillez vous deconnecter si vous n'etes pas autorise.
DEBUG SMTP: connected to host "mail.info1.fr", port: 25
EHLO mail
250-mail.info1.fr
250-PIPELINING
250-SIZE 5242880
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
DEBUG SMTP: Found extension "PIPELINING", arg ""
DEBUG SMTP: Found extension "SIZE", arg "5242880"
DEBUG SMTP: Found extension "ETRN", arg ""
DEBUG SMTP: Found extension "STARTTLS", arg ""
DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
DEBUG SMTP: Found extension "8BITMIME", arg ""
DEBUG SMTP: Found extension "DSN", arg ""
STARTTLS
220 2.0.0 Ready to start TLS
EHLO mail
421 4.7.1 mail.info1.fr Error: No client certificate presented
DEBUG SMTP: use8bit false
MAIL FROM:<gestionnaire.absence@info1.fr>
DEBUG SMTP: EOF: [EOF]
DEBUG SMTP: got response code -1, with response: [EOF]
RSET
javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
java.net.SocketException: Connection closed by remote host
and a lot of exception more