Tuesday Jun 16, 2009

JSSE Troubleshooting: Certificates Order in TLS Handshaking

Issue:

Failed with a exception: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed.

Example:

Test case:
     1  //
     2  // JSSE Troubleshooting: Disordered Certificate List in TLS Handshaking
     3  //
     4  import java.net.\*;
     5
     6  public class DisorderedCertificateList {
     7      public static void main(String[] Arguments) throws Exception {
     8          URL url = new URL("https://myservice.example.com/");
     9          URLConnection connection = url.openConnection();
    10
    11          connection.getInputStream().close();
    12      }
    13  }
	
Test environment:

The HTTPS server, myservice.example.com, is configurated with a certificate path that the certificates in the path is out of order. For example, the expected certificate path is server_certificate -> intermediate ca -> seld-signed root ca. However, the certificate path is configurated as server_certificate -> seld-signed root ca -> intermediate ca.

Test Result:
	Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
		at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
		at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1627)
		at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:204)
		at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:198)
		at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:994)
		at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
		at sun.security.ssl.Handshaker.processLoop(Handshaker.java:533)
		at sun.security.ssl.Handshaker.process_record(Handshaker.java:471)
		at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
		at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1132)
		at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1159)
		at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1143)
		at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:423)
		at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
		at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:997)
		at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
		at DisorderedCertificateList.main(DisorderedCertificateList.java:11)
	Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
		at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:266)
		at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:249)
		at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:172)
		at sun.security.validator.Validator.validate(Validator.java:235)
		at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
		at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
		at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
		at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
		... 12 more
	Caused by: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
		at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:153)
		at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:321)
		at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:186)
		at java.security.cert.CertPathValidator.validate(CertPathValidator.java:267)
		at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:261)
		... 19 more
	

Cause:

Per the TLS specification (page 39, section 7.4.2, RFC2246), the certificate list passed to server Certificate message or client Certificate message "is a sequence (chain) of X.509v3 certificates. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it."

So, the certificate order of the above test case, server_certificate -> seld-signed root ca -> intermediate ca, is not a TLS specification compliant behavior, the TLS handshaking is expected to fail.

Solution:

Checking the TLS/SSL configuration, and make sure that the certificate list sent to peer is properly configuated and in order.


Linkage to the blog entry at simabc.blogspot.com

Tuesday Dec 30, 2008

Understanding TLS protocol -- Certificate Status Request

For better understanding TLS protocol extensions, I draw a few sequence diagrams of TLS handshaking with extension, and marked the differences from the normal handshaking processes. Share them now. For legible image, please open the following image in new page or download the raw image from here.

TLS Handshaking, Certificate Status Request 

Understanding TLS protocol -- Maximum Fragment Length Negotiation

For better understanding TLS protocol extensions, I draw a few sequence diagrams of TLS handshaking with extension, and marked the differences from the normal handshaking processes. Share them now. For legible image, please open the following image in new page or download the raw image from here.

 

Understanding TLS protocol -- Truncated HMAC

For better understanding TLS protocol extensions, I draw a few sequence diagrams of TLS handshaking with extension, and marked the differences from the normal handshaking processes. Share them now. For legible image, please open the following image in new page or download the raw image from here.

TLS Extension, Truncated HMAC 

Understanding TLS protocol -- Trusted CA Indication

For better understanding TLS protocol extensions, I draw a few sequence diagrams of TLS handshaking with extension, and marked the differences from the normal handshaking processes. Share them now. For legible image, please open the following image in new page or download the raw image from here.

Trusted CA Indication 

About

A blog on security and networking

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today