Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

JAVA/JNI Wrapper for OpenSSL.

1,569 views
Skip to first unread message

Hausermann Laurent

unread,
Mar 28, 2001, 10:20:40 AM3/28/01
to
Hi,

Is there someone who knows a good up-to-date implementation of a JNI
glue so you could access OpenSSL library through JAVA Classes (JCE or
JSSE conformance should be great) ?

I found through the www.openssl.org but it seems to be a bit old.

Is the project maintenair interrested in adding that kind of thing to
openssl ?

Regards,

Laurent
Ales School of Mines
France


______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Paulo Matos

unread,
Mar 28, 2001, 12:33:26 PM3/28/01
to
On Wed, 28 Mar 2001, Hausermann Laurent wrote:

> Is there someone who knows a good up-to-date implementation of a JNI
> glue so you could access OpenSSL library through JAVA Classes (JCE or
> JSSE conformance should be great) ?
>
> I found through the www.openssl.org but it seems to be a bit old.

For a free implementation (that works) see:
http://java.sun.com/products/jsse/

For a better (but not free) implementation see:
http://www.phaos.com/e_security/prod_ssl.html

--
Paulo Matos
----------------------------------- ----------------------------------
|Sys & Net Admin | Serviço de Informática |
|Faculdade de Ciências e Tecnologia | Tel: +351-21-2941346 |
|Universidade Nova de Lisboa | Fax: +351-21-2948548 |
|P-2825-114 Caparica | e-Mail: pj...@fct.unl.pt |
----------------------------------- ----------------------------------

Sabyasachi Gupta

unread,
Mar 28, 2001, 4:10:36 PM3/28/01
to
I checked out JSSE and JKS but none provides the functionality to
sign certificates as a CA programmatically (through java code)
I guess the solution would be to write C code to do that using OpenSSL
libraries and provide a JNI wrapper..Does anyone have any idea about
such api in OpenSSL.

thanks.

-----Original Message-----
From: Greg Stark [mailto:gst...@ethentica.com]
Sent: Wednesday, March 28, 2001 12:56 PM
To: openss...@openssl.org
Subject: Re: JAVA/JNI Wrapper for OpenSSL.


How about www.rtfm.com/puretls ?

_____________________________________
Greg Stark
Ethentica, Inc.
gst...@ethentica.com
_____________________________________

----- Original Message -----
From: "Hausermann Laurent" <lhau...@naema.org>
To: "Paulo Matos" <pj...@fct.unl.pt>
Cc: "Hausermann Laurent" <laurent.h...@naema.org>;
<openss...@openssl.org>
Sent: Wednesday, March 28, 2001 1:37 PM
Subject: Re: JAVA/JNI Wrapper for OpenSSL.


> Hi,
>
> Thanks for your answer, but I must consider OpenSSL. Cryptography is too
> important nowadays to trust free or non-free but closed source code.
> I got OpenSSL code, community got it, so I can check the implementation of
> the code I got not some .class or .dll provided by a firm (free or not)
> I am sure you understand.
>
> Regards,
>
> Laurent

Greg Stark

unread,
Mar 28, 2001, 3:58:41 PM3/28/01
to

Hausermann Laurent

unread,
Mar 28, 2001, 4:01:43 PM3/28/01
to

Mads Toftum

unread,
Mar 28, 2001, 4:47:48 PM3/28/01
to
On Wed, Mar 28, 2001 at 01:08:34PM -0800, Sabyasachi Gupta wrote:
> I checked out JSSE and JKS but none provides the functionality to
> sign certificates as a CA programmatically (through java code)

How about http://security.dstc.edu.au/projects/java/jcsi.html ?

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

Vijo Cherian

unread,
Mar 28, 2001, 5:10:36 PM3/28/01
to
saby?
logout...
vijo.

On Wed, 28 Mar 2001, you wrote:
> I checked out JSSE and JKS but none provides the functionality to
> sign certificates as a CA programmatically (through java code)

> I guess the solution would be to write C code to do that using OpenSSL
> libraries and provide a JNI wrapper..Does anyone have any idea about
> such api in OpenSSL.
>
> thanks.
>
> -----Original Message-----
> From: Greg Stark [mailto:gst...@ethentica.com]
> Sent: Wednesday, March 28, 2001 12:56 PM
> To: openss...@openssl.org

> Subject: Re: JAVA/JNI Wrapper for OpenSSL.
>
>
> How about www.rtfm.com/puretls ?
>
> _____________________________________
> Greg Stark
> Ethentica, Inc.
> gst...@ethentica.com
> _____________________________________
>
>
>
> ----- Original Message -----
> From: "Hausermann Laurent" <lhau...@naema.org>
> To: "Paulo Matos" <pj...@fct.unl.pt>
> Cc: "Hausermann Laurent" <laurent.h...@naema.org>;
> <openss...@openssl.org>
> Sent: Wednesday, March 28, 2001 1:37 PM
> Subject: Re: JAVA/JNI Wrapper for OpenSSL.
>
>

> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List openss...@openssl.org
> > Automated List Manager majo...@openssl.org
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openss...@openssl.org
> Automated List Manager majo...@openssl.org

--
vijo

Sabyasachi Gupta

unread,
Mar 28, 2001, 5:11:34 PM3/28/01
to
Thanks. I looked into it.
But it is useful to generate self signed certificates.
What about signing client CSR (Certificate Signing Request) with a Root CA
key
ie signing as a CA? None of these accept CSR in the constructor.

thanks,


-----Original Message-----
From: Mads Toftum [mailto:ma...@toftum.dk]
Sent: Wednesday, March 28, 2001 1:45 PM
To: openss...@openssl.org
Subject: Re: JAVA/JNI Wrapper for OpenSSL.


On Wed, Mar 28, 2001 at 01:08:34PM -0800, Sabyasachi Gupta wrote:
> I checked out JSSE and JKS but none provides the functionality to
> sign certificates as a CA programmatically (through java code)

How about http://security.dstc.edu.au/projects/java/jcsi.html ?

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

______________________________________________________________________

Dr S N Henson

unread,
Mar 28, 2001, 6:58:50 PM3/28/01
to
Sabyasachi Gupta wrote:
>
> Thanks. I looked into it.
> But it is useful to generate self signed certificates.
> What about signing client CSR (Certificate Signing Request) with a Root CA
> key
> ie signing as a CA? None of these accept CSR in the constructor.
>

You can use OpenSSL for this but the relevant part of the API isn't
documented yet. There's a self signing example in demos/selfsign.c.
Handling signing a CSR is similar except you get the subject name from
the req and the issuer from the CA certificate. The serial number is set
to an appropriate value and extensions added as necessary (that part is
documented in doc/openssl.txt).

The stuff that does this is in apps/ca.c or apps/x509.c but there's a
whole load of other stuff going on there too.

Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: she...@drh-consultancy.demon.co.uk
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: d...@celocom.com PGP key: via homepage.

Sabyasachi Gupta

unread,
Mar 28, 2001, 8:42:10 PM3/28/01
to
I wrote a JNI stub myx509.c and compiled it into a shared library.
But while running the java file I get UnsatisfiedLinkError: Undefined
symbol: app_RAND_load_file
The problem is I dont know which are the files to be put in the shared
library
or if there is any single archive file..I tried linking libcrypto.a libssl.a
and libRSAglue.a but still i get errors..

any idea which are the required files..I can find out one by one but is a
long
and painful process.
thanks

qun-ying

unread,
Mar 28, 2001, 9:23:21 PM3/28/01
to
what platform/compiler are you running?
take note of the order you supply the library. move the -lcrypto to the
last of your link command may solve your problem.

Sabyasachi Gupta

unread,
Mar 28, 2001, 9:35:25 PM3/28/01
to
I am using Redhat Linux 6.2 and OpenSSL-0.9.6
well I tried your suggestion but still it is giving undefine symbol:
app_RAND_load_file
thanks

-----Original Message-----
From: qun-ying [mailto:qy...@krdl.org.sg]
Sent: Wednesday, March 28, 2001 6:21 PM
To: openss...@openssl.org
Subject: Re: JAVA/JNI Wrapper for OpenSSL.

what platform/compiler are you running?
take note of the order you supply the library. move the -lcrypto to the
last of your link command may solve your problem.
______________________________________________________________________

I wrote a JNI stub myx509.c and compiled it into a shared library.


But while running the java file I get UnsatisfiedLinkError: Undefined
symbol: app_RAND_load_file
The problem is I dont know which are the files to be put in the shared
library
or if there is any single archive file..I tried linking libcrypto.a libssl.a
and libRSAglue.a but still i get errors..

any idea which are the required files..I can find out one by one but is a
long
and painful process.
thanks

qun-ying

unread,
Mar 28, 2001, 9:49:00 PM3/28/01
to
app_RAND_load_file() is not in the library. it is only a function used
in the openssl command tool. you can get the function definition in
apps/app_rand.c

Kenneth R. Robinette

unread,
Mar 28, 2001, 10:12:43 PM3/28/01
to
Date sent: Thu, 29 Mar 2001 10:46:41 +0800
From: qun-ying <qy...@krdl.org.sg>

To: openss...@openssl.org
Subject: Re: JAVA/JNI Wrapper for OpenSSL.
Send reply to: openss...@openssl.org

Yes, this normally is the result of including several of the source files
from the apps file as a part of another library that links to the
OpenSSL library. When I encountered it, I was including ca.c and
req.c (if I remember correctly) in order to create and sign certs.

If I recall, there were two files (the one you mention being one)
which I had to choose and pick selected functions from in order to
make the whole thing work correctly.

Ken

__________________________________________________
Support
InterSoft International, Inc.
Voice: 888-823-1541, International 281-398-7060
Fax: 888-823-1542, International 281-560-9170
sup...@securenetterm.com
http://www.securenetterm.com

Sabyasachi Gupta

unread,
Mar 28, 2001, 10:14:24 PM3/28/01
to
ok finally no undefined symbol error..but jvm is crashing.
I think using a command shell to execute openssl might be a better
alternative!

SIGSEGV 11* segmentation violation
si_signo [11]: SIGSEGV 11* segmentation violation
si_errno [0]: Success
si_code [0]: SI_USER [pid: 0, uid: 0]
stackpointer=0xbffff530

Full thread dump Classic VM (JDK-1.2.2_007, green threads):
"Finalizer" (TID:0x40ea2320, sys_thread_t:0x8109258, state:CW) prio=8
at java.lang.Object.wait(Native Method)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:112)
at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:127)
at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:174)
"Reference Handler" (TID:0x40ea23b0, sys_thread_t:0x8104790, state:CW)
prio=10
at java.lang.Object.wait(Native Method)
at java.lang.Object.wait(Object.java:424)
at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:114)
"Signal dispatcher" (TID:0x40ea23e0, sys_thread_t:0x8102b90, state:CW)
prio=5
"main" (TID:0x40ea21e0, sys_thread_t:0x804c240, state:R) prio=5
at test.GenerateX509Cert(Native Method)
at test.main(test.java:11)
Monitor Cache Dump:
java.lang.ref.Reference$Lock@40EA23C0/40ED7B20: <unowned>
Waiting to be notified:
"Reference Handler" (0x8104790)
java.lang.ref.ReferenceQueue$Lock@40EA2338/40ED8028: <unowned>
Waiting to be notified:
"Finalizer" (0x8109258)
Registered Monitor Dump:
utf8 hash table: <unowned>
JNI pinning lock: <unowned>
JNI global reference lock: <unowned>
BinClass lock: <unowned>
Class linking lock: <unowned>
System class loader lock: <unowned>
Code rewrite lock: <unowned>
Heap lock: <unowned>
Monitor cache lock: owner "main" (0x804c240) 1 entry
Dynamic loading lock: <unowned>
Monitor IO lock: <unowned>
User signal monitor: <unowned>
Waiting to be notified:
"Signal dispatcher" (0x8102b90)
Child death monitor: <unowned>
I/O monitor: <unowned>
Alarm monitor: <unowned>
Waiting to be notified:
<unknown thread> (0x80577e0)
Thread queue lock: owner "main" (0x804c240) 1 entry
Monitor registry: owner "main" (0x804c240) 1 entry

-----Original Message-----
app_RAND_load_file() is not in the library. it is only a function used
in the openssl command tool. you can get the function definition in
apps/app_rand.c
______________________________________________________________________

I wrote a JNI stub myx509.c and compiled it into a shared library.


But while running the java file I get UnsatisfiedLinkError: Undefined
symbol: app_RAND_load_file
The problem is I dont know which are the files to be put in the shared
library
or if there is any single archive file..I tried linking libcrypto.a libssl.a
and libRSAglue.a but still i get errors..

any idea which are the required files..I can find out one by one but is a
long

and painful process.I am using Redhat Linux 6.2 and OpenSSL-0.9.6


well I tried your suggestion but still it is giving undefine symbol:

thanks

qun-ying

unread,
Mar 28, 2001, 10:35:50 PM3/28/01
to
the Java thread dump gives a lot of information unralted(I don't know
how to interprete it either). try to insert a lot of debug print in your
C code and find out exactly where it fails and check every return code
from the OpenSSL library calll, from there it is much easier to find the
problem..

Hausermann Laurent

unread,
Mar 29, 2001, 5:30:05 AM3/29/01
to
Yeah it's really well documented and full fonctionnal but not opensourced
!
Thanks
-Laurent
Mads Toftum wrote:

> On Wed, Mar 28, 2001 at 01:08:34PM -0800, Sabyasachi Gupta wrote:
> > I checked out JSSE and JKS but none provides the functionality to
> > sign certificates as a CA programmatically (through java code)
>
> How about http://security.dstc.edu.au/projects/java/jcsi.html ?
>
> vh
>
> Mads Toftum
> --
> `Darn it, who spiked my coffee with water?!' - lwall
>

0 new messages