Re: What does this error mean? sslv3 alert certificate unknown:state 23

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Apr 25, 2017, at 3:17 PM, Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx> wrote:

> Secure Sockets Layer
>     SSL Record Layer: Handshake Protocol: Client Hello
>         Content Type: Handshake (22)
>         Version: TLS 1.2 (0x0303)
>         Length: 228
>         Handshake Protocol: Client Hello
>             Handshake Type: Client Hello (1)
>             Length: 224
>             Version: TLS 1.2 (0x0303)
> ... vanilla client hello ...
> 
> Secure Sockets Layer
>     TLSv1.2 Record Layer: Handshake Protocol: Server Hello
>         Content Type: Handshake (22)
>         Version: TLS 1.2 (0x0303)
>         Length: 89
>         Handshake Protocol: Server Hello
>             Handshake Type: Server Hello (2)
>             Length: 85
>             Version: TLS 1.2 (0x0303)
>             Random
>                 GMT Unix Time: Jan 12, 2043 21:01:43.000000000 EST
>                 Random Bytes: 74befd6060b40803a1f2eeee81de721667ea45ac751fb7cd...
>             Session ID Length: 32
>             Session ID: c07a259d71e9906c44632f6f9e885d40a647d514ef5deb8b...
>             Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
> ... vanilla server hello ...
> 
> Secure Sockets Layer
>     TLSv1.2 Record Layer: Handshake Protocol: Certificate
>         Content Type: Handshake (22)
>         Version: TLS 1.2 (0x0303)
>         Length: 2017
>         Handshake Protocol: Certificate
>             Handshake Type: Certificate (11)
>             Length: 2013
>             Certificates Length: 2010
>             Certificates (2010 bytes)
>                 Certificate Length: 1038
>                 Certificate (id-at-commonName=cs.visual-paradigm.com)
>                     signedCertificate
>                         version: v3 (2)
>                         serialNumber : 0x1c3d07eea2d576e83c60613e5f3c2a18e518b8a0
>                         signature (sha256WithRSAEncryption)
>                             Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)

EE cert sigalg is normal

>                         issuer: rdnSequence (0)
>                             rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,id-at-countryName=US,...
>                                 RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
>                                     RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
>                                         Id: 2.5.4.10 (id-at-organizationName)
>                                         DirectoryString: uTF8String (4)
>                                             uTF8String: MIT Lincoln Laboratory
>                                     . . . . .
>                                 RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
>                                     RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
>                                         Id: 2.5.4.3 (id-at-commonName)
>                                         DirectoryString: uTF8String (4)
>                                             uTF8String: McAfee Web Gateway

EE cert issuer looks OK.

>                         validity
>                             notBefore: utcTime (0)
>                                 utcTime: 17-04-24 18:35:25 (UTC)
>                             notAfter: utcTime (0)
>                                 utcTime: 18-04-24 18:35:25 (UTC)


EE cert validity is one year, looks OK.

>                         subject: rdnSequence (0)
>                             rdnSequence: 1 item (id-at-commonName=cs.visual-paradigm.com)
>                                 RDNSequence item: 1 item (id-at-commonName=cs.visual-paradigm.com)
>                                     RelativeDistinguishedName item (id-at-commonName=cs.visual-paradigm.com)
>                                         Id: 2.5.4.3 (id-at-commonName)
>                                         DirectoryString: uTF8String (4)
>                                             uTF8String: cs.visual-paradigm.com

EE cert Subject looks OK.

>                         subjectPublicKeyInfo
>                             algorithm (rsaEncryption)
>                                 Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
>                             Padding: 0
>                             subjectPublicKey: 3082010a02820101009a686b8a742ec2e4341a6f43e20f71...

The EE public key is 256 octets or 2048 bits, looks OK.

>                         extensions: 5 items
>                             Extension (id-ce-basicConstraints)
>                                 Extension Id: 2.5.29.19 (id-ce-basicConstraints)
>                                 BasicConstraintsSyntax [0 length]

EE empty basicConstraints defaults to CA:FALSE, OK

>                             Extension (id-ce-subjectKeyIdentifier)
>                                 Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
>                                 SubjectKeyIdentifier: 749037cb5eef9dc9b52ade1c2c465c61f1a63206

Not interesting for an EE cert.

>                             Extension (id-ce-authorityKeyIdentifier)
>                                 Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
>                                 AuthorityKeyIdentifier
>                                     authorityCertIssuer: 1 item
>                                         GeneralName: directoryName (4)
>                                             directoryName: rdnSequence (0)
>                                                 rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,...
>                                                     RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
>                                                         RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
>                                                             Id: 2.5.4.10 (id-at-organizationName)
>                                                             DirectoryString: uTF8String (4)
>                                                                 uTF8String: MIT Lincoln Laboratory
>                                                             . . . . .
>                                                     RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
>                                                         RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
>                                                             Id: 2.5.4.3 (id-at-commonName)
>                                                             DirectoryString: uTF8String (4)
>                                                                 uTF8String: McAfee Web Gateway
>                                     authorityCertSerialNumber: 1

EE authority key id has DN and serial

>                             Extension (id-ce-keyUsage)
>                                 Extension Id: 2.5.29.15 (id-ce-keyUsage)
>                                 Padding: 5
>                                 KeyUsage: a0 (digitalSignature, keyEncipherment)
>                                     1... .... = digitalSignature: True
>                                     .0.. .... = contentCommitment: False
>                                     ..1. .... = keyEncipherment: True
>                                     ...0 .... = dataEncipherment: False
>                                     .... 0... = keyAgreement: False
>                                     .... .0.. = keyCertSign: False
>                                     .... ..0. = cRLSign: False
>                                     .... ...0 = encipherOnly: False
>                                     0... .... = decipherOnly: False

EE ku is OK.

>                             Extension (id-ce-extKeyUsage)
>                                 Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
>                                 KeyPurposeIDs: 1 item
>                                     KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)

EE eku is OK

>                     algorithmIdentifier (sha256WithRSAEncryption)
>                         Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
>                     Padding: 0
>                     encrypted: 76a83746f5faf96fe7911ad7fd57c7240262fcec5439075e...

EE cert fine overall.

>                 Certificate Length: 966
>                 Certificate (id-at-commonName=McAfee Web Gateway,. . .
>                     signedCertificate
>                         version: v3 (2)
>                         serialNumber: 1

Issuer serial matches EE cert issuer and authority key id.

>                         signature (shaWithRSAEncryption)
>                             Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)

Self-signature is SHA1, but should be OK on root CA certs.

>                         issuer: rdnSequence (0)
>                             rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,...
>                                 RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
>                                     RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
>                                         Id: 2.5.4.10 (id-at-organizationName)
>                                         DirectoryString: uTF8String (4)
>                                             uTF8String: MIT Lincoln Laboratory
>                                         . . . . .
>                                 RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
>                                     RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
>                                         Id: 2.5.4.3 (id-at-commonName)
>                                         DirectoryString: uTF8String (4)
>                                             uTF8String: McAfee Web Gateway

Issuer is self-signed, see below

>                         validity
>                             notBefore: utcTime (0)
>                                 utcTime: 12-08-07 21:51:05 (UTC)
>                             notAfter: utcTime (0)
>                                 utcTime: 22-08-07 21:51:05 (UTC)

Issuer 10 year validity is fine.

>                         subject: rdnSequence (0)
>                             rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,. . .
>                                 RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
>                                     RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
>                                         Id: 2.5.4.10 (id-at-organizationName)
>                                         DirectoryString: uTF8String (4)
>                                             uTF8String: MIT Lincoln Laboratory
>                                         . . . . .
>                                 RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
>                                     RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
>                                         Id: 2.5.4.3 (id-at-commonName)
>                                         DirectoryString: uTF8String (4)
>                                             uTF8String: McAfee Web Gateway

Same subject/issuer and issuer subject name matches EE cert issuer name, ...

>                         subjectPublicKeyInfo
>                             algorithm (rsaEncryption)
>                                 Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
>                             Padding: 0
>                             subjectPublicKey: 3082010a028201010085b3b7c94a1150fdde952428b6a343...

Issuer cert also 2048-bits.

>                         extensions: 4 items
>                             Extension (ns_cert_exts.comment)
>                                 Extension Id: 2.16.840.1.113730.1.13 (ns_cert_exts.comment)
>                                 BER Error: String with tag=22 expected but class:UNIVERSAL(0) primitive tag:12 was unexpected
>                                     [Expert Info (Warn/Malformed): BER Error: String expected]
>                                         [BER Error: String expected]
>                                         [Severity level: Warn]
>                                         [Group: Malformed]

This is odd, is tshark buggy, too picky, or is the issuer cert actually malformed?

>                             Extension (id-ce-subjectAltName)
>                                 Extension Id: 2.5.29.17 (id-ce-subjectAltName)
>                                 GeneralNames: 1 item
>                                     GeneralName: rfc822Name (1)
>                                         rfc822Name: help@xxxxxxxxxx
>                             Extension (id-ce-basicConstraints)
>                                 Extension Id: 2.5.29.19 (id-ce-basicConstraints)
>                                 BasicConstraintsSyntax
>                                     cA: True

Good, issuer is a CA

>                             Extension (id-ce-keyUsage)
>                                 Extension Id: 2.5.29.15 (id-ce-keyUsage)
>                                 Padding: 1
>                                 KeyUsage: 06 (keyCertSign, cRLSign)
>                                     0... .... = digitalSignature: False
>                                     .0.. .... = contentCommitment: False
>                                     ..0. .... = keyEncipherment: False
>                                     ...0 .... = dataEncipherment: False
>                                     .... 0... = keyAgreement: False
>                                     .... .1.. = keyCertSign: True
>                                     .... ..1. = cRLSign: True
>                                     .... ...0 = encipherOnly: False
>                                     0... .... = decipherOnly: False

Issuer ku is OK

>                     algorithmIdentifier (shaWithRSAEncryption)
>                         Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
>                     Padding: 0
>                     encrypted: 408fc9a991e6cebbec05fa6b2463d89bcb8b2dc888c1a1b6...

Issuer cert is an MiTM proxy, and possibly has encoding errors.

> Secure Sockets Layer
>     TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
>         Content Type: Handshake (22)
>         Version: TLS 1.2 (0x0303)
>         Length: 333
>         Handshake Protocol: Server Key Exchange
>             Handshake Type: Server Key Exchange (12)
>             Length: 329
>             EC Diffie-Hellman Server Params

ECDHE, no problem.

>     TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done

Fine, no request for client cert.

> Secure Sockets Layer
>     TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown)
>         Content Type: Alert (21)
>         Version: TLS 1.2 (0x0303)
>         Length: 2
>         Alert Message
>             Level: Fatal (2)
>             Description: Certificate Unknown (46)

Client objects to the server chain.  Either does not trust the MiTM root CA, or
is unhappy about its encoding (assuming tshark is not generating an FP warning).

-- 
	Viktor.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux