为什么开放 OpenSSL 客户端证书不能对我使用 TLSv1.3?-allqahome-开发者的问答家园

English 中文(简体)

为什么开放 OpenSSL 客户端证书不能对我使用 TLSv1.3?

原标题：Why is open OpenSSL client certificate not working for me with TLSv1.3?

I am using below command line for OpenSSL: openssl s_server -tls1_3 -state -Verify 1 -key Nexus_Dev.pk8 -cert Nexus_Dev.crt -CAfile NexusDevCA.my.cer -accept 3443 -tlsextdebug I want to create server requesting client certificate over TLS1.3. First request browser do show prompt for certificate. After selecting certificate it is asking to enter commands on command prompt. I am enterign c which means re-requesting certificate from client. but it is giving me error 8002943DE27F0000:error:0A000117:SSL routines:SSL_verify_client_post_handshake:extension not received:ssl/ssl_lib.c:5848: I am pasting full output here.Looks like might be some bug in OpenSSL. vijay@vijay-dev-machine:~/openssl/OpenSSL_1_1_0-stable/apps$ openssl s_server -tls1_3 -state -Verify 1 -key Mytest_Dev.pk8 -cert Mytest_Dev.crt -CAfile MytestDevCA.my.cer -accept 3443 -tlsextdebug verify depth is 1, must return a certificate Using default temp DH parameters ACCEPT SSL_accept:before SSL initialization SSL_accept:before SSL initialization TLS client extension "server name" (id=0), len=14 0000 - 00 0c 00 00 09 6c 6f 63-61 6c 68 6f 73 74 .....localhost TLS client extension "extended master secret" (id=23), len=0 TLS client extension "renegotiation info" (id=65281), len=1 0000 - 00 . TLS client extension "supported_groups" (id=10), len=14 0000 - 00 0c 00 1d 00 17 00 18-00 19 01 00 01 01 .............. TLS client extension "EC point formats" (id=11), len=2 0000 - 01 00 .. TLS client extension "session ticket" (id=35), len=0 TLS client extension "application layer protocol negotiation" (id=16), len=14 0000 - 00 0c 02 68 32 08 68 74-74 70 2f 31 2e 31 ...h2.http/1.1 TLS client extension "status request" (id=5), len=5 0000 - 01 00 00 00 00 ..... TLS client extension "key share" (id=51), len=107 0000 - 00 69 00 1d 00 20 28 0d-42 4f 38 0b 7b 26 7c 87 .i... (.BO8.{&|. 0010 - d1 82 25 db e6 9e 4d e3-31 9f d2 4e 68 76 bc 5a ..%...M.1..Nhv.Z 0020 - 4c bd f2 55 47 3c 00 17-00 41 04 d8 b0 e9 90 e5 L..UG<...A...... 0030 - 3e b4 4e 14 ac 0b b1 5f-9f 11 08 69 e7 58 50 bb >.N...._...i.XP. 0040 - 73 05 33 f2 62 2e 9c 06-6e d1 8b aa cf 3b 91 19 s.3.b...n....;.. 0050 - 20 00 44 fa ff 83 8e c4-60 c7 35 fb 5f 3d 8b 71 .D.....`.5._=.q 0060 - 98 de 77 72 80 fc 71 ad-c6 84 06 ..wr..q.... TLS client extension "supported versions" (id=43), len=5 0000 - 04 03 04 03 03 ..... TLS client extension "signature algorithms" (id=13), len=24 0000 - 00 16 04 03 05 03 06 03-08 04 08 05 08 06 04 01 ................ 0010 - 05 01 06 01 02 03 02 01- ........ TLS client extension "psk kex modes" (id=45), len=2 0000 - 01 01 .. TLS client extension "TLS padding" (id=21), len=141 0000 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0010 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0020 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0030 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0040 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0050 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0060 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0070 - 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................ 0080 - 00 00 00 00 00 00 00 00-00 00 00 00 00 ............. SSL_accept:SSLv3/TLS read client hello SSL_accept:SSLv3/TLS write server hello SSL_accept:SSLv3/TLS write change cipher spec SSL_accept:TLSv1.3 write encrypted extensions SSL_accept:SSLv3/TLS write certificate request SSL_accept:SSLv3/TLS write certificate SSL_accept:TLSv1.3 write server certificate verify SSL_accept:SSLv3/TLS write finished SSL_accept:TLSv1.3 early data SSL_accept:TLSv1.3 early data depth=1 C=IN, ST=MH, L=Pune, O=Mytest Dev CA, OU=Mytest Dev CA, CN=MytestDevCA.my, emailAddress=Mytest@Mytestindia.com verify return:1 depth=0 C=IN, ST=MH, L=Pune, O=Mytest User, OU=Mytest Dev User, CN=MytesteDev.user, emailAddress=Mytest@Mytestgroup.com verify return:1 SSL_accept:SSLv3/TLS read client certificate SSL_accept:SSLv3/TLS read certificate verify SSL_accept:SSLv3/TLS read finished SSL_accept:SSLv3/TLS write session ticket SSL_accept:SSLv3/TLS write session ticket -----BEGIN SSL SESSION PARAMETERS----- MIIEbwIBAQICAwQEAhMBBCD5VPGfGA+NCKZEvRSuxMNWICu8ebxp5WWDy7hqunSN kwQgHhjRwB7I/pQCGsXyMXT8iq+KRK4Pu9RscJMXpSgyZPuhBgIEYffGpqIEAgIc IKOCA/gwggP0MIIC3KADAgECAgMJmZMwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNV BAYTAklOMQswCQYDVQQIEwJNSDENMAsGA1UEBxMEUHVuZTEVMBMGA1UEChMMTmV4 dXMgRGV2IENBMRUwEwYDVQQLEwxOZXh1cyBEZXYgQ0ExFjAUBgNVBAMTDU5leHVz RGV2Q0EubXkxIzAhBgkqhkiG9w0BCQEWFG5leHVzQG5leHVzaW5kaWEuY29tMB4X ..... K8sr4VeE6ffl6l1OZdWeFtscJnVjqwhNITKRvzAueR/ihV6Teh6U6BzYn9g8qEhw Y0juXb9GIhW1zcKiIPyPVnM7wSPmv0uVP4t5f4ap/DF9eXFDzMnupa9Locqzt29I WBP6NrbkAzFO+aEIiaQGBAQBAAAArgcCBQDEKyqFswMCAR0= -----END SSL SESSION PARAMETERS----- Client certificate -----BEGIN CERTIFICATE----- MIID9DCCAtygAwIBAgIDCZmTMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYDVQQGEwJJ TjELMAkGA1UECBMCTUgxDTALBgNVBAcTBFB1bmUxFTATBgNVBAoTDE5leHVzIERl diBDQTEVMBMGA1UECxMMTmV4dXMgRGV2IENBMRYwFAYDVQQDEw1OZXh1c0RldkNB Lm15MSMwIQYJKoZIhvcNAQkBFhRuZXh1c0BuZXh1c2luZGlhLmNvbTAeFw0yMTEy MDkwNjUyMDBaFw0yNjEyMDkwNjUyMDBaMIGVMQswCQYDVQQGEwJJTjELMAkGA1UE ..... BDARBglghkgBhvhCAQEEBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAAjHwWrjojon mHKRMhVVvEsh3SXNv9sZLUJEbH94QcPa/8+JHMJ5GFVVb5nJE9++qbVjsZLdzvb0 7rMI/+q6w2sLg5WmERmNzk10kXEJyYkH5gSiTHVWbmMHbxsMXze/LAzkpMOtWoId VgMpyuEWd1vQMEfjZwLK7PYZHC0Ilrj8BIs2HC+WknFN/gG3pGGi5aQzdSvLK+FX hOn35epdTmXVnhbbHCZ1Y6sITSEykb8wLnkf4oVek3oelOgc2J/YPKhIcGNI7l2/ RiIVtc3CoiD8j1ZzO8Ej5r9LlT+LeX+GqfwxfXlxQ8zJ7qWvS6HKs7dvSFgT+ja2 5AMxTvmhCIk= -----END CERTIFICATE----- subject=C=IN, ST=MH, L=Pune, O=Mytest User, OU=Mytest Dev User, CN=MytesteDev.user, emailAddress=Mytest@Mytestgroup.com issuer=C=IN, ST=MH, L=Pune, O=Mytest Dev CA, OU=Mytest Dev CA, CN=MytestDevCA.my, emailAddress=Mytest@Mytestindia.com Shared ciphers:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA1:RSA+SHA1 Shared Signature Algorithms: ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Peer signing digest: SHA256 Peer signature type: RSA-PSS Supported groups: x25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072 Shared groups: x25519:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072 CIPHER is TLS_AES_128_GCM_SHA256 This TLS version forbids renegotiation. GET / HTTP/1.1 Host: localhost:3443 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1 Cache-Control: max-age=0 c Failed to initiate request 8002943DE27F0000:error:0A000117:SSL routines:SSL_verify_client_post_handshake:extension not received:ssl/ssl_lib.c:5848:

问题回答

I could find reason and posting it for other people help Certificate Authentication Over TLS1.3 During SSL/TLS handshake server request certificate from client and client respond with certificate. This certificate is used for authentication by server. During handshake browser prompt for certificate. Below is sample snapshot: Selected certificate is submitted by browser to server for authentication purpose. There is protocol changes in TLS1.3 due to which re-negotiation is not allowed. Protocol change is explained below. In case of TLS1.3 client must send post_handshake_auth extension in negotiating TLS connection with server. https://datatracker.ietf.org/doc/html/rfc8446#section-4.6.2 For easy reference: 4.6.2. Post-Handshake Authentication When the client has sent the "post_handshake_auth" extension (see Section 4.2.6), a server MAY request client authentication at any time after the handshake has completed by sending a CertificateRequest message. The client MUST respond with the appropriate Authentication messages (see Section 4.4). If the client chooses to authenticate, it MUST send Certificate, CertificateVerify, and Finished. If it declines, it MUST send a Certificate message containing no certificates followed by Finished. All of the client s messages for a given response MUST appear consecutively on the wire with no intervening messages of other types. A client that receives a CertificateRequest message without having sent the "post_handshake_auth" extension MUST send an "unexpected_message" fatal alert. Note: Because client authentication could involve prompting the user, servers MUST be prepared for some delay, including receiving an arbitrary number of other messages between sending the CertificateRequest and receiving a response. In addition, clients which receive multiple CertificateRequests in close succession MAY respond to them in a different order than they were received (the certificate_request_context value allows the server to disambiguate the responses). Currently only Firefox supports enable post handshake auth flag through advanced options. I tried to find similar option for chrome but could not find. This protocol change is currently supported only by Firefox browser. I could not find anyway to enable above option for any other browser. This means certificate authentication over TLS1.3 can only be supported only on Firefox. Chrome and other browsers might add this feature in future versions.

上一篇：2. 使用甲型六氯环己烷或甲型六氯环己烷

下一篇：无法连接到服务器数据库系统的启动包的无效长度已被关闭, 收到快速关闭请求( pgadmin postgres docker)

相关问题

SSL wrapper stream in C

I have a simple stream_t type in C with your basic read/write operations, and support for multiple underlying implementations using function pointers. So a stream could be backed by a file, a char ...

Access violation writing location

I have the following code: #include <openssl/bn.h> #include <openssl/rsa.h> unsigned char* key; RSA* rsa = RSA_new(); rsa = RSA_generate_key(1024,65537,NULL,NULL); //init pubkey key[...

Visual Studio merging DLL into console application

I have very simple program to simplify things as shown below... #include <openssl/evp.h> int main (int argc, char *argv[]) { EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); } ...

Can t add static lib

I am trying to build a DLL and it needs to reference a library namely libeay32.dll from the openssl package. I cant seem to add it as a reference under the Property Pages->Common Properties->Add New ...

Php paypalewp on windows not working right, short return

I am working on a payment script using paypalewp, it seems to work fine in the stage environment which is a centos linux box, however on my dev box it doesn t... when I run the button creation ...

How do I get SSL working in fsockopen?

I m running PHP 5.2.6 on Windows, I have extension=php_curl.dll and extension=php_openssl.dll uncommented in php.ini; as such I can see the following in phpinfo: curl cURL support enabled cURL ...

Load RSA keys from files

I used openSSL command to create 2 files: 1 for RSA public key & 1 for RSA private key. How do I recover RSA keys using C? Specifically, I have these functions: RSA_public_encrypt(read_num, ...

OpenSSL on iPhone

I need to figure out how to get two OpenSSL functions for iPhone. I m trying to keep it so I don t need another dylib, because I don t want Apple to reject my application for something so silly. ...

热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全