Certificate error: loading src server certificate failed

[rbk0]

I 'm having the same issue like reported in #224. The error I get is loading src server certificate failed.

I built multiple variations of sslsplit with different versions of openssl and without any success.

I think the problem is with storing the on-the-fly created certificates. When I used the -w Parameter, the directory only contained *.key files and no certificate files. This would explain why the certificates can't be loaded. It seems the certififacte is created correctly, but not stored properly as far as I can tell.

My setup is running on a Kali 2019.1

[sonertari]

Issue #224 was about checking return values of library functions (notice that the op of that issue does not report a problem).

I guess Kali 2019.1 uses openssl 1.1.1a-1, right? I haven't tried that version, but you say that you have tried different versions of openssl. So, if you have tried a version of openssl supported by sslsplit, then the culprit may not be the openssl version. Please try using a version in the .travis.yml file, and make sure sslsplit is both compiled and linked against that version.

Note also that the forged certificates are stored in a cache in memory, not in the filesystem. The -w option is for logging/debugging purposes. So if the error is the one you say it is, then the code cannot even reach the certificate logging, but will terminate the connection (unless passthrough is enabled, in which case the -w option is irrelevant), which may explain the missing crt files you mention.

Does this happen with all connections, or is it just some web sites? Are they using TLS 1.3?

Also, please report the relevant information mentioned in ISSUE_TEMPLATE.md under the .github folder.

[cpandya2909]

I also have same problem

Here is my debug output

===> Original server certificate: Subject DN: /C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com Common Names: www.google.com/www.google.com Fingerprint: 23:C5:ED:82:00:14:F3:0B:35:5046:C3:E9:03:5D:FF:60:3A:69:6D Certificate cache: HIT ===> Forged server certificate: Subject DN: /C=US/ST=California/L=Mountain View/O=Google LLC/CN=www.google.com Common Names: www.google.com/www.google.com Fingerprint: EB:39:89:58:30:44:D9:98:AE:7AA5:B1:F0:50:8A:46:1D:55:F4:19 loading src server certificate failed No cert found; falling back to passthrough Connecting to [74.125.130.103]:443 SSL_free() in state 00000001 = 0001 = SSLOK (SSL negotiation finished successfully) [connect socket] passthrough 10.0.0.210 42494 74.125.130.103 443

[sonertari]

I'd like to ask the same questions: Is this happening on Kali 2019.1 with openssl 1.1.1a-1? Can you please report the relevant information mentioned in ISSUE_TEMPLATE.md under the .github folder?

[rbk0]

Sorry for the late update.

I could solve my problem by switching my network setup. My original setup was a Bridge with two NICs and the according iptables rules. Probably I messed up with the configuration, but I didn't have the time to figure it out. So i switched to classical arppoisoning, which solved my problem. I still couldn't decrypt the traffic, but this was due to SSL-Pinning on the tested application.

Thank you very much for the quick response and the awesome Tool!

[sonertari]

@rbk0 good to hear that you have solved the problem. @cpandya2909 please open a new issue if you want to report anything further.

[droe]

Duplicate of #248