Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Got this error while sending client certificate message with chain of certificates in one file #168

Open
sajualways opened this issue May 7, 2024 · 6 comments
Open

Got this error while sending client certificate message with chain of certificates in one file #168

sajualways opened this issue May 7, 2024 · 6 comments
Labels
enhancement

Comments

@sajualways
Copy link

10:20:22 [main] WARN : Delegate - Could not read certificate
java.security.cert.CertificateParsingException: signed overrun, bytes = 1820
at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1826)
at java.base/sun.security.x509.X509CertImpl.(X509CertImpl.java:194)
at java.base/sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:476)
at java.base/sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:361)
at java.base/java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:478)
at de.rub.nds.tlsattacker.core.certificate.PemUtil.readCertificate(PemUtil.java:122)
at de.rub.nds.tlsattacker.core.certificate.PemUtil.readCertificate(PemUtil.java:134)
at de.rub.nds.tlsattacker.core.config.delegate.CertificateDelegate.applyDelegate(CertificateDelegate.java:122)
at de.rub.nds.tlsattacker.core.config.TLSDelegateConfig.createConfig(TLSDelegateConfig.java:67)
at de.rub.nds.tlsattacker.core.config.TLSDelegateConfig.createConfig(TLSDelegateConfig.java:85)
at de.rub.nds.tlsattacker.client.config.ClientCommandConfig.createConfig(ClientCommandConfig.java:111)
at de.rub.nds.tlsattacker.client.main.TlsClient.main(TlsClient.java:52)
@sajualways
Copy link
Author

sajualways commented May 7, 2024
edited
Loading

Is it possible to send client certificate chain(leaf cert + intermediate cert) using java -jar TLS-Client.jar -connect host:port -cert <cert_chain.pem> -key <key.pem>

@ic0ns
Copy link
Contributor

ic0ns commented May 10, 2024

Which version are you on?

@ic0ns
Copy link
Contributor

ic0ns commented May 10, 2024

Anyways, I think this is not possible through the commandline interface. Anything X.509 is a bit of a weakness of TLS-Attacker in the current version. Our next version has reworked this. In the meantime, you would either need to set the certificate in the workflow trace, manually set the certificates in the config or change the code of TLS-Attacker.

@sajualways
Copy link
Author

sajualways commented May 16, 2024
edited
Loading

I was looking for -key kind of option
like for example " -cert "

what does this option do ?
-keystore
Java Key Store (JKS) file to use as a certificate

@sajualways
Copy link
Author

Which version are you on?

I am using latest git update

@sajualways
Copy link
Author

Anyways, I think this is not possible through the commandline interface. Anything X.509 is a bit of a weakness of TLS-Attacker in the current version. Our next version has reworked this. In the meantime, you would either need to set the certificate in the workflow trace, manually set the certificates in the config or change the code of TLS-Attacker.

Can we have a option -cert_chain <> option ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ic0ns @sajualways