tlse icon indicating copy to clipboard operation
tlse copied to clipboard
verified publisher icon eduardsui

Invalid responses to client certificate requests

Open svkampen opened this issue 10 months ago • 6 comments

When connecting to servers which request a client certificate, but no client certificate is provided, invalid responses are sent.

In TLSv1.2, an empty certificate response should contain a certificate_list of length 0, i.e. the message length is 3 (one 24-bit integer, namely the length of the certificate_list, which is 0) (RFC link). Right now, a response with length 0 is sent:

Image

Compare the correct response:

Image

In tls_build_certificate, line 10019, we treat all_certificate_size > 0 differently from all_certificate_size == 0 -- simply treating both the same fixes the issue for TLSv1.2 (that is, we simply use the code in the if block for both cases).

Now, for TLSv1.3, we never even seem to send a reply to the certificate request, and I am not familiar enough with either TLSv1.3 or this library to know where the issue is, so I am hoping it is more obvious to you 😄 . (Sidenote: for TLSv1.3 debugging, it would be really nice to be able to export the keys in the SSLKEYLOGFILE format, so Wireshark can decrypt the encrypted handshake etc. It seems like it should be quite easy to implement, I have seemingly successfully exported the keys by hand and massaged them into the format, but I am a bit hesitant to say I have a correct implementation because I don't know the library well).

For reference, the servers I am testing against are public Gemini servers (e.g. geminiprotocol.net:1965), which often use client certificates as a form of authentication.

Lastly, thank you for building such a wonderful standalone TLS implementation! I am using it as part of Crypto Ancienne, and it is truly incredible to have TLSv1.3 on platforms that are older than I am.

svkampen avatar Feb 09 '25 00:02 svkampen

Thanks for reporting this. I never really tested client certificates on TLS 1.3. I'll take a look today.

In tls_build_certificate, line 10019, we treat all_certificate_size > 0 differently from all_certificate_size == 0 -- simply treating both the same fixes the issue for TLSv1.2 (that is, we simply use the code in the if block for both cases).

Did you use the latest tlse.c?

eduardsui avatar Feb 12 '25 07:02 eduardsui

Haha, I figured client certificates are probably an area that doesn't see much testing.

Yes, this is with the latest tlse.c. I can reproduce it with the example in examples/tlsclienthello.c (replacing TLS_V13 with TLS_V12), using the host geminiprotocol.net and port 1965.

svkampen avatar Feb 16 '25 19:02 svkampen

@svkampen Hey, i encountered the same problem, did you find a solution?

0xVZ avatar Apr 25 '25 01:04 0xVZ

@0xVZ Apologies for my late response, I was on vacation and totally forgot to reply haha.

I do have a fix for TLSv1.2, as described above (I have also attached it as a patch file, below), but it does not work for TLSv1.3.

Patch for TLSv1.2

svkampen avatar May 04 '25 19:05 svkampen

@svkampen can you create a pull request for this?

Thanks!

eduardsui avatar May 05 '25 17:05 eduardsui

Sure, I've opened #127.

svkampen avatar May 05 '25 19:05 svkampen