我编写了小型Java 7客户端和服务器应用程序。我有3个自签名X.509 RSA证书的密钥库。当客户端通过SSL连接时,服务器仅使用一个证书发送SSL证书消息。我对SSL / TLS有点新意。我还看了JSSE代码sun.security.ssl.X509KeyManagerImpl,发现以下评论:
/*
* Return the best alias that fits the given parameters.
* The algorithm we use is:
* . scan through all the aliases in all builders in order
* . as soon as we find a perfect match, return
* (i.e. a match with a cert that has appropriate key usage
* and is not expired).
* . if we do not find a perfect match, keep looping and remember
* the imperfect matches
* . at the end, sort the imperfect matches. we prefer expired certs
* with appropriate key usage to certs with the wrong key usage.
* return the first one of them.
*/
private String More ...chooseAlias(List<KeyType> keyTypeList,
Principal[] issuers, CheckType checkType)
评论非常明确,服务器将发送单个最佳匹配证书,但我似乎不明白其中的原因。就像在我的情况下,我希望服务器发送所有3个证书,因此客户端可以选择一个并验证链。而且,如果我的客户端没有服务器发送的证书,则连接将被删除,并且SSLHandshakeException&#39;找不到可信证书&#39;。所以我的问题是,如果客户端请求的信息(来自ClientHello)与所有3个证书匹配,为什么服务器不能发送所有3个证书?是否与TLS 1.0和TLS 1.2有关?
答案 0 :(得分:1)
TLS握手协议仅提供一个客户端终端实体证书的传输(服务器证书也是这种情况)。 中间证书可以传输,但您似乎想要的 - 传输多个终端实体证书 - 是不可能的。
TLS 服务器/客户端证书消息的结构在RFC 5246 (TLS 1.2) section 7.4.2中定义:
Structure of this message:
opaque ASN.1Cert<1..2^24-1>;
struct {
ASN.1Cert certificate_list<0..2^24-1>;
} Certificate;
certificate_list
This is a sequence (chain) of certificates. The sender's
certificate MUST come first in the list. Each following
certificate MUST directly certify the one preceding it. Because
certificate validation requires that root keys be distributed
independently, the self-signed certificate that specifies the root
certificate authority MAY be omitted from the chain, under the
assumption that the remote end must already possess it in order to
validate it in any case.
关于客户端选择提供哪种证书,如果您将服务器配置为通告其受信任的CA以进行客户端证书验证(certificate_authorities消息的CertificateRequest字段;请参阅下文),然后选择要提供的证书的客户端代码应该选择由其中一个广告CA认证的证书。
7.4.4. Certificate Request
...
Structure of this message:
enum {
rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),
fortezza_dms_RESERVED(20), (255)
} ClientCertificateType;
opaque DistinguishedName<1..2^16-1>;
struct {
ClientCertificateType certificate_types<1..2^8-1>;
SignatureAndHashAlgorithm
supported_signature_algorithms<2^16-1>;
DistinguishedName certificate_authorities<0..2^16-1>;
} CertificateRequest;
...
certificate_authorities
A list of the distinguished names [X501] of acceptable
certificate_authorities, represented in DER-encoded format. These
distinguished names may specify a desired distinguished name for a
root CA or for a subordinate CA; thus, this message can be used to
describe known roots as well as a desired authorization space. If
the certificate_authorities list is empty, then the client MAY
send any certificate of the appropriate ClientCertificateType,
unless there is some external arrangement to the contrary.
并且,从第7.4.6节开始:
If the certificate_authorities list in the certificate request
message was non-empty, one of the certificates in the certificate
chain SHOULD be issued by one of the listed CAs.
答案 1 :(得分:0)