search

tls-attacker / TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
Apache License 2.0
788 stars 136 forks source link

Got this error while sending client certificate message with chain of certificates in one file #168

Open sajualways opened 5 months ago

sajualways commented 5 months ago

10:20:22 [main] WARN : Delegate - Could not read certificate java.security.cert.CertificateParsingException: signed overrun, bytes = 1820 at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1826) at java.base/sun.security.x509.X509CertImpl.(X509CertImpl.java:194) at java.base/sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:476) at java.base/sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:361) at java.base/java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:478) at de.rub.nds.tlsattacker.core.certificate.PemUtil.readCertificate(PemUtil.java:122) at de.rub.nds.tlsattacker.core.certificate.PemUtil.readCertificate(PemUtil.java:134) at de.rub.nds.tlsattacker.core.config.delegate.CertificateDelegate.applyDelegate(CertificateDelegate.java:122) at de.rub.nds.tlsattacker.core.config.TLSDelegateConfig.createConfig(TLSDelegateConfig.java:67) at de.rub.nds.tlsattacker.core.config.TLSDelegateConfig.createConfig(TLSDelegateConfig.java:85) at de.rub.nds.tlsattacker.client.config.ClientCommandConfig.createConfig(ClientCommandConfig.java:111) at de.rub.nds.tlsattacker.client.main.TlsClient.main(TlsClient.java:52)

sajualways commented 5 months ago

Is it possible to send client certificate chain(leaf cert + intermediate cert) using java -jar TLS-Client.jar -connect host:port -cert -key

ic0ns commented 4 months ago

Which version are you on?

ic0ns commented 4 months ago

Anyways, I think this is not possible through the commandline interface. Anything X.509 is a bit of a weakness of TLS-Attacker in the current version. Our next version has reworked this. In the meantime, you would either need to set the certificate in the workflow trace, manually set the certificates in the config or change the code of TLS-Attacker.

sajualways commented 4 months ago

I was looking for -key kind of option like for example " -cert "

what does this option do ? -keystore Java Key Store (JKS) file to use as a certificate

sajualways commented 4 months ago

Which version are you on?

I am using latest git update

sajualways commented 4 months ago

Anyways, I think this is not possible through the commandline interface. Anything X.509 is a bit of a weakness of TLS-Attacker in the current version. Our next version has reworked this. In the meantime, you would either need to set the certificate in the workflow trace, manually set the certificates in the config or change the code of TLS-Attacker.

Can we have a option -cert_chain <> option ?