ic0ns
commented
4 years ago TLS-Attacker is currently not very well equipped to work with certificates and relies currently on bouncy castle for the certificate code. You can get a hold of the received Certificate by looking into the tlsContext.getServerCertificate(). If you want to configure the certificate TLS-Attacker sends you have to adjust your Config. There is a flag called autoSelectCertificate - you probably want to set this to false and manually set the defaultExplicitCertificateKeyPair to force TLS-Attacker to send your provided keypair.
FaheemBhatti
Hi, i am working with TLS-Attacker for testing openssl vulnerabilities. i am done with implementing test cases for vulnerabilities checking, now i want to implement a verify certificate function which can extract the certificate from client side and check weather certificate is valid or not depending upon different certificate parameters and checking weather it is issued by a valid RootCA (which i have already created and stored in java certificate store). Can you please guide me how can i extract certificate in java code. One approach is to write a bash script to configure different certificates for client side and then check with all vulnerabilities check, but this will only check certificate behavior and not check it. Now my problem is i want to keep it in java code. Can you please guide me weather there is something i can input the certificate from user and then obviously configure it on client side (which can be done easily in bash file)
Thank you :)