JSSE Troubleshooting: Certificates Order in TLS Handshaking

Issue:

Failed with a exception: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed.

Example:

Test case:
     1  //
     2  // JSSE Troubleshooting: Disordered Certificate List in TLS Handshaking
     3  //
     4  import java.net.\*;
     5
     6  public class DisorderedCertificateList {
     7      public static void main(String[] Arguments) throws Exception {
     8          URL url = new URL("https://myservice.example.com/");
     9          URLConnection connection = url.openConnection();
    10
    11          connection.getInputStream().close();
    12      }
    13  }
	
Test environment:

The HTTPS server, myservice.example.com, is configurated with a certificate path that the certificates in the path is out of order. For example, the expected certificate path is server_certificate -> intermediate ca -> seld-signed root ca. However, the certificate path is configurated as server_certificate -> seld-signed root ca -> intermediate ca.

Test Result:
	Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
		at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
		at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1627)
		at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:204)
		at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:198)
		at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:994)
		at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
		at sun.security.ssl.Handshaker.processLoop(Handshaker.java:533)
		at sun.security.ssl.Handshaker.process_record(Handshaker.java:471)
		at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
		at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1132)
		at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1159)
		at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1143)
		at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:423)
		at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
		at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:997)
		at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
		at DisorderedCertificateList.main(DisorderedCertificateList.java:11)
	Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
		at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:266)
		at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:249)
		at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:172)
		at sun.security.validator.Validator.validate(Validator.java:235)
		at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
		at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
		at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
		at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
		... 12 more
	Caused by: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
		at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:153)
		at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:321)
		at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:186)
		at java.security.cert.CertPathValidator.validate(CertPathValidator.java:267)
		at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:261)
		... 19 more
	

Cause:

Per the TLS specification (page 39, section 7.4.2, RFC2246), the certificate list passed to server Certificate message or client Certificate message "is a sequence (chain) of X.509v3 certificates. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it."

So, the certificate order of the above test case, server_certificate -> seld-signed root ca -> intermediate ca, is not a TLS specification compliant behavior, the TLS handshaking is expected to fail.

Solution:

Checking the TLS/SSL configuration, and make sure that the certificate list sent to peer is properly configuated and in order.


Linkage to the blog entry at simabc.blogspot.com

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

A blog on security and networking

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today