[openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Apr 25 20:29:31 UTC 2017
> On Apr 25, 2017, at 3:17 PM, Blumenthal, Uri - 0553 - MITLL <uri at ll.mit.edu> wrote:
> Secure Sockets Layer
> SSL Record Layer: Handshake Protocol: Client Hello
> Content Type: Handshake (22)
> Version: TLS 1.2 (0x0303)
> Length: 228
> Handshake Protocol: Client Hello
> Handshake Type: Client Hello (1)
> Length: 224
> Version: TLS 1.2 (0x0303)
> ... vanilla client hello ...
>
> Secure Sockets Layer
> TLSv1.2 Record Layer: Handshake Protocol: Server Hello
> Content Type: Handshake (22)
> Version: TLS 1.2 (0x0303)
> Length: 89
> Handshake Protocol: Server Hello
> Handshake Type: Server Hello (2)
> Length: 85
> Version: TLS 1.2 (0x0303)
> Random
> GMT Unix Time: Jan 12, 2043 21:01:43.000000000 EST
> Random Bytes: 74befd6060b40803a1f2eeee81de721667ea45ac751fb7cd...
> Session ID Length: 32
> Session ID: c07a259d71e9906c44632f6f9e885d40a647d514ef5deb8b...
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
> ... vanilla server hello ...
>
> Secure Sockets Layer
> TLSv1.2 Record Layer: Handshake Protocol: Certificate
> Content Type: Handshake (22)
> Version: TLS 1.2 (0x0303)
> Length: 2017
> Handshake Protocol: Certificate
> Handshake Type: Certificate (11)
> Length: 2013
> Certificates Length: 2010
> Certificates (2010 bytes)
> Certificate Length: 1038
> Certificate (id-at-commonName=cs.visual-paradigm.com)
> signedCertificate
> version: v3 (2)
> serialNumber : 0x1c3d07eea2d576e83c60613e5f3c2a18e518b8a0
> signature (sha256WithRSAEncryption)
> Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
EE cert sigalg is normal
> issuer: rdnSequence (0)
> rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,id-at-countryName=US,...
> RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
> RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
> Id: 2.5.4.10 (id-at-organizationName)
> DirectoryString: uTF8String (4)
> uTF8String: MIT Lincoln Laboratory
> . . . . .
> RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
> RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
> Id: 2.5.4.3 (id-at-commonName)
> DirectoryString: uTF8String (4)
> uTF8String: McAfee Web Gateway
EE cert issuer looks OK.
> validity
> notBefore: utcTime (0)
> utcTime: 17-04-24 18:35:25 (UTC)
> notAfter: utcTime (0)
> utcTime: 18-04-24 18:35:25 (UTC)
EE cert validity is one year, looks OK.
> subject: rdnSequence (0)
> rdnSequence: 1 item (id-at-commonName=cs.visual-paradigm.com)
> RDNSequence item: 1 item (id-at-commonName=cs.visual-paradigm.com)
> RelativeDistinguishedName item (id-at-commonName=cs.visual-paradigm.com)
> Id: 2.5.4.3 (id-at-commonName)
> DirectoryString: uTF8String (4)
> uTF8String: cs.visual-paradigm.com
EE cert Subject looks OK.
> subjectPublicKeyInfo
> algorithm (rsaEncryption)
> Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
> Padding: 0
> subjectPublicKey: 3082010a02820101009a686b8a742ec2e4341a6f43e20f71...
The EE public key is 256 octets or 2048 bits, looks OK.
> extensions: 5 items
> Extension (id-ce-basicConstraints)
> Extension Id: 2.5.29.19 (id-ce-basicConstraints)
> BasicConstraintsSyntax [0 length]
EE empty basicConstraints defaults to CA:FALSE, OK
> Extension (id-ce-subjectKeyIdentifier)
> Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
> SubjectKeyIdentifier: 749037cb5eef9dc9b52ade1c2c465c61f1a63206
Not interesting for an EE cert.
> Extension (id-ce-authorityKeyIdentifier)
> Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
> AuthorityKeyIdentifier
> authorityCertIssuer: 1 item
> GeneralName: directoryName (4)
> directoryName: rdnSequence (0)
> rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,...
> RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
> RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
> Id: 2.5.4.10 (id-at-organizationName)
> DirectoryString: uTF8String (4)
> uTF8String: MIT Lincoln Laboratory
> . . . . .
> RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
> RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
> Id: 2.5.4.3 (id-at-commonName)
> DirectoryString: uTF8String (4)
> uTF8String: McAfee Web Gateway
> authorityCertSerialNumber: 1
EE authority key id has DN and serial
> Extension (id-ce-keyUsage)
> Extension Id: 2.5.29.15 (id-ce-keyUsage)
> Padding: 5
> KeyUsage: a0 (digitalSignature, keyEncipherment)
> 1... .... = digitalSignature: True
> .0.. .... = contentCommitment: False
> ..1. .... = keyEncipherment: True
> ...0 .... = dataEncipherment: False
> .... 0... = keyAgreement: False
> .... .0.. = keyCertSign: False
> .... ..0. = cRLSign: False
> .... ...0 = encipherOnly: False
> 0... .... = decipherOnly: False
EE ku is OK.
> Extension (id-ce-extKeyUsage)
> Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
> KeyPurposeIDs: 1 item
> KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
EE eku is OK
> algorithmIdentifier (sha256WithRSAEncryption)
> Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
> Padding: 0
> encrypted: 76a83746f5faf96fe7911ad7fd57c7240262fcec5439075e...
EE cert fine overall.
> Certificate Length: 966
> Certificate (id-at-commonName=McAfee Web Gateway,. . .
> signedCertificate
> version: v3 (2)
> serialNumber: 1
Issuer serial matches EE cert issuer and authority key id.
> signature (shaWithRSAEncryption)
> Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
Self-signature is SHA1, but should be OK on root CA certs.
> issuer: rdnSequence (0)
> rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,...
> RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
> RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
> Id: 2.5.4.10 (id-at-organizationName)
> DirectoryString: uTF8String (4)
> uTF8String: MIT Lincoln Laboratory
> . . . . .
> RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
> RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
> Id: 2.5.4.3 (id-at-commonName)
> DirectoryString: uTF8String (4)
> uTF8String: McAfee Web Gateway
Issuer is self-signed, see below
> validity
> notBefore: utcTime (0)
> utcTime: 12-08-07 21:51:05 (UTC)
> notAfter: utcTime (0)
> utcTime: 22-08-07 21:51:05 (UTC)
Issuer 10 year validity is fine.
> subject: rdnSequence (0)
> rdnSequence: 6 items (id-at-commonName=McAfee Web Gateway,. . .
> RDNSequence item: 1 item (id-at-organizationName=MIT Lincoln Laboratory)
> RelativeDistinguishedName item (id-at-organizationName=MIT Lincoln Laboratory)
> Id: 2.5.4.10 (id-at-organizationName)
> DirectoryString: uTF8String (4)
> uTF8String: MIT Lincoln Laboratory
> . . . . .
> RDNSequence item: 1 item (id-at-commonName=McAfee Web Gateway)
> RelativeDistinguishedName item (id-at-commonName=McAfee Web Gateway)
> Id: 2.5.4.3 (id-at-commonName)
> DirectoryString: uTF8String (4)
> uTF8String: McAfee Web Gateway
Same subject/issuer and issuer subject name matches EE cert issuer name, ...
> subjectPublicKeyInfo
> algorithm (rsaEncryption)
> Algorithm Id: 1.2.840.113549.1.1.1 (rsaEncryption)
> Padding: 0
> subjectPublicKey: 3082010a028201010085b3b7c94a1150fdde952428b6a343...
Issuer cert also 2048-bits.
> extensions: 4 items
> Extension (ns_cert_exts.comment)
> Extension Id: 2.16.840.1.113730.1.13 (ns_cert_exts.comment)
> BER Error: String with tag=22 expected but class:UNIVERSAL(0) primitive tag:12 was unexpected
> [Expert Info (Warn/Malformed): BER Error: String expected]
> [BER Error: String expected]
> [Severity level: Warn]
> [Group: Malformed]
This is odd, is tshark buggy, too picky, or is the issuer cert actually malformed?
> Extension (id-ce-subjectAltName)
> Extension Id: 2.5.29.17 (id-ce-subjectAltName)
> GeneralNames: 1 item
> GeneralName: rfc822Name (1)
> rfc822Name: help at ll.mit.edu
> Extension (id-ce-basicConstraints)
> Extension Id: 2.5.29.19 (id-ce-basicConstraints)
> BasicConstraintsSyntax
> cA: True
Good, issuer is a CA
> Extension (id-ce-keyUsage)
> Extension Id: 2.5.29.15 (id-ce-keyUsage)
> Padding: 1
> KeyUsage: 06 (keyCertSign, cRLSign)
> 0... .... = digitalSignature: False
> .0.. .... = contentCommitment: False
> ..0. .... = keyEncipherment: False
> ...0 .... = dataEncipherment: False
> .... 0... = keyAgreement: False
> .... .1.. = keyCertSign: True
> .... ..1. = cRLSign: True
> .... ...0 = encipherOnly: False
> 0... .... = decipherOnly: False
Issuer ku is OK
> algorithmIdentifier (shaWithRSAEncryption)
> Algorithm Id: 1.2.840.113549.1.1.5 (shaWithRSAEncryption)
> Padding: 0
> encrypted: 408fc9a991e6cebbec05fa6b2463d89bcb8b2dc888c1a1b6...
Issuer cert is an MiTM proxy, and possibly has encoding errors.
> Secure Sockets Layer
> TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
> Content Type: Handshake (22)
> Version: TLS 1.2 (0x0303)
> Length: 333
> Handshake Protocol: Server Key Exchange
> Handshake Type: Server Key Exchange (12)
> Length: 329
> EC Diffie-Hellman Server Params
ECDHE, no problem.
> TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Fine, no request for client cert.
> Secure Sockets Layer
> TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate Unknown)
> Content Type: Alert (21)
> Version: TLS 1.2 (0x0303)
> Length: 2
> Alert Message
> Level: Fatal (2)
> Description: Certificate Unknown (46)
Client objects to the server chain. Either does not trust the MiTM root CA, or
is unhappy about its encoding (assuming tshark is not generating an FP warning).
--
Viktor.
More information about the openssl-users
mailing list