Re: What does this error mean? sslv3 alert certificate unknown:state 23

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



    >                         extensions: 4 items
    >                             Extension (ns_cert_exts.comment)
    >                                 Extension Id: 2.16.840.1.113730.1.13 (ns_cert_exts.comment)
    >                                 BER Error: String with tag=22 expected but class:UNIVERSAL(0)
    >                                                               primitive tag:12 was unexpected
    >                                     [Expert Info (Warn/Malformed): BER Error: String expected]
    >                                         [BER Error: String expected]
    >                                         [Severity level: Warn]
    >                                         [Group: Malformed]
    
    This is odd, is tshark buggy, too picky, or is the issuer cert actually malformed?

I don’t know off-hand, will check, and bring to the attention of those who run the proxy.

    
    >                     algorithmIdentifier (shaWithRSAEncryption)
    >                         Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
    >                     Padding: 0
    >                     encrypted: 408fc9a991e6cebbec05fa6b2463d89bcb8b2dc888c1a1b6...
    
    Issuer cert is an MiTM proxy, and possibly has encoding errors.
   
Got it, thanks.



    > Secure Sockets Layer
    >     TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown)
    >         Content Type: Alert (21)
    >         Version: TLS 1.2 (0x0303)
    >         Length: 2
    >         Alert Message
    >             Level: Fatal (2)
    >             Description: Certificate Unknown (46)
    
    Client objects to the server chain.  Either does not trust the MiTM root CA, or
    is unhappy about its encoding (assuming tshark is not generating an FP warning).
    
Thank you!  So it is the *client* that breaks the connection, and it is unhappy either about MiTM, or the encoding. I will check for both (though not much I can do about either).

Thanks! (At least I have an idea now what’s going on.) 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux