SSL Exception
I am getting the foolowing error trying to connect to a secure server:
java.net.SocketException: Default SSL context init failed: DerInputStream.getLength(): lengthTag=109, too big.
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(DashoA6275)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:125)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:683)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:662)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:529)
I have tried replacing the export jars on my mahince like was suggestion by someone but that did not seem to help
[761 byte] By [
Bigdukea] at [2007-10-1 16:49:58]
it is quite hard to guess without viewing the code leading to this, but i suggest you first try to see if you can load the keystore and list the certificates from it; get the privatekey from the key entry, as well as read and parse the certificate of the peer in the communication.
Then you are sure that your input parameters can be parsed as it should in the first term and border the problem to the code using them not the information provided.
You might use java.security.KeyStore, java.security.KeyFactory resp. java.security.cert.CertificateFactory to deal with your data.
If your pkcs12 file is the problem try importing it into mozilla and export it from mozilla there after, if you had it in IE or vise versa. openssl is another tool you might use to make ur pkcs12 keystore digestable for sun provider :-)
If you are using a client SSL certificate in a keystore file specified by a System property, then your keystore file is most likely corrupted. Try looking at its contents with the keytool again.
I had a very similar error message after a keystore file was checked into CVS without the binary flag set (cvs admin -kb), then checked out and deployed within an EAR file.
It took the better part of a day to determine the problem because the web application was making an SSL connection to a server that didn't require the client SSL certificate, although the keystore was being read anyway due to the System property being set.
Dave
