[openssl-dev] [openssl.org #3642] Bug in OpenSSL 1.0.1j version: Decode error in TLS 1.2 handshake failure from client
Sameer Joshi via RT
rt at openssl.org
Fri Dec 26 11:19:01 UTC 2014
Hi,
I see a problem in OpenSSL code and want to confirm if this has been
already reported as a bug or not.
If the server sends CertificateRequest during TLS handshake in case of
TLS1.2, the Client processes this request in method
ssl3_get_certificate_request(SSL* s).
While processing the request it calls tls1_process_sigalgs() method to
process the signature algorithms.
In this method tls1_process_sigalgs(), its being checked if the s->cert
pointer is NULL . This actually means the check whether the client has its
own certificate or not. In case the pointer is NULL, indicating the client
does not have certificate, the function returns zero or failure. TLS
handshake fails here with "decode error" owing to
SSL_R_SIGNATURE_ALGORITHMS_ERROR.
However according to TLS1.2 RFC, its perfectly legal to not have client
certificate, in which case, the client can send empty Certificate message
to server. Its upto server to accept or reject the client certificate.
Due to the above code in tls1_process_sigalgs(), TLS1.2 clients which do
not have their own certificate and get CertificateRequest from server are
failing to complete TLS handshake.
I think this needs to be fixed. If needed I also have patch ready, which I
will be happy to contribute.
Regards,
Sameer Joshi
More information about the openssl-dev
mailing list