强制 Chrome 在 TLS 期间发送链中的所有证书
Force Chrome to send all certificates in chain during TLS
我写了一个在 Java 进行相互认证的 TLS 代码,因此客户端在服务器发送其证书后发送其证书。我想通过 OCSP 验证从客户端到服务器端的证书链中的所有证书。
我已经编写了我的循环逻辑,假设最后一个证书是链中的根 (CA) 证书并且不为其发送任何 OCSP 查询;
int certificateChainSize= x509Certificates.length;
// Verifies certificate chain respectively (issuer certificate required).
CertificateResult response = null;
try {
for (int i = 0; i < certificateChainSize-1 ; i++) {
response = client.verify(x509Certificates[i], x509Certificates[i+1]);
}
} catch (OcspException e) {
e.printStackTrace();
}
当我测试 TLS 并获取 Wireshark 捕获时,我意识到 Google Chrome 作为客户端一直在发送没有根的证书链。因此;由于循环逻辑,未查询中间证书,因为我的代码假定中间证书是根证书。
如何强制客户端发送证书链的所有节点?
谢谢
I realized that Google Chrome as client has been sending certificate chain without root.
这是完全正常的,也是唯一正确的行为。
根证书是信任锚,对于验证证书的一方来说必须是本地的。即使它已发送,在验证证书时也应该忽略它,即只应使用本地信任锚 - 否则中间人可以只提供他自己的证书链,包括他自己的根证书。这意味着在这种情况下,服务器必须已经在本地拥有根证书,因此客户端无需发送它。
换句话说:不要试图改变 Chrome 的行为方式,而是调整您对正确行为的期望(和您的代码)。
我同意 Steffen 的观点,但为了提供更多事实,这里是 TLS 1.3 明确指出的内容:
certificate_list: A sequence (chain) of CertificateEntry structures,
each containing a single certificate and set of extensions.
和
The sender's certificate MUST come in the first
CertificateEntry in the list. Each following certificate SHOULD
directly certify the one immediately preceding it. Because
certificate validation requires that trust anchors be distributed
independently, a certificate that specifies a trust anchor MAY be
omitted from the chain, provided that supported peers are known to
possess any omitted certificates.
最后关于订购:
Note: Prior to TLS 1.3, "certificate_list" ordering required each
certificate to certify the one immediately preceding it; however,
some implementations allowed some flexibility. Servers sometimes
send both a current and deprecated intermediate for transitional
purposes, and others are simply configured incorrectly, but these
cases can nonetheless be validated properly. For maximum
compatibility, all implementations SHOULD be prepared to handle
potentially extraneous certificates and arbitrary orderings from any
TLS version, with the exception of the end-entity certificate which
MUST be first.
所以 Chrome 正确地应用了这个规范。你需要改变你的结局来应对它。
我写了一个在 Java 进行相互认证的 TLS 代码,因此客户端在服务器发送其证书后发送其证书。我想通过 OCSP 验证从客户端到服务器端的证书链中的所有证书。
我已经编写了我的循环逻辑,假设最后一个证书是链中的根 (CA) 证书并且不为其发送任何 OCSP 查询;
int certificateChainSize= x509Certificates.length;
// Verifies certificate chain respectively (issuer certificate required).
CertificateResult response = null;
try {
for (int i = 0; i < certificateChainSize-1 ; i++) {
response = client.verify(x509Certificates[i], x509Certificates[i+1]);
}
} catch (OcspException e) {
e.printStackTrace();
}
当我测试 TLS 并获取 Wireshark 捕获时,我意识到 Google Chrome 作为客户端一直在发送没有根的证书链。因此;由于循环逻辑,未查询中间证书,因为我的代码假定中间证书是根证书。
如何强制客户端发送证书链的所有节点?
谢谢
I realized that Google Chrome as client has been sending certificate chain without root.
这是完全正常的,也是唯一正确的行为。
根证书是信任锚,对于验证证书的一方来说必须是本地的。即使它已发送,在验证证书时也应该忽略它,即只应使用本地信任锚 - 否则中间人可以只提供他自己的证书链,包括他自己的根证书。这意味着在这种情况下,服务器必须已经在本地拥有根证书,因此客户端无需发送它。
换句话说:不要试图改变 Chrome 的行为方式,而是调整您对正确行为的期望(和您的代码)。
我同意 Steffen 的观点,但为了提供更多事实,这里是 TLS 1.3 明确指出的内容:
certificate_list: A sequence (chain) of CertificateEntry structures, each containing a single certificate and set of extensions.
和
The sender's certificate MUST come in the first CertificateEntry in the list. Each following certificate SHOULD directly certify the one immediately preceding it. Because certificate validation requires that trust anchors be distributed independently, a certificate that specifies a trust anchor MAY be omitted from the chain, provided that supported peers are known to possess any omitted certificates.
最后关于订购:
Note: Prior to TLS 1.3, "certificate_list" ordering required each certificate to certify the one immediately preceding it; however, some implementations allowed some flexibility. Servers sometimes send both a current and deprecated intermediate for transitional purposes, and others are simply configured incorrectly, but these cases can nonetheless be validated properly. For maximum compatibility, all implementations SHOULD be prepared to handle potentially extraneous certificates and arbitrary orderings from any TLS version, with the exception of the end-entity certificate which MUST be first.
所以 Chrome 正确地应用了这个规范。你需要改变你的结局来应对它。