首页 文章

服务器可以向客户端发送多个证书?

提问于
浏览
2

我编写了小型Java 7客户端和服务器应用程序 . 我有3个自签名X.509 RSA证书的密钥库 . 当客户端通过SSL连接时,服务器仅使用一个证书发送SSL证书消息 . 我对SSL / TLS有点新意 . 我还查看了JSSE代码sun.security.ssl.X509KeyManagerImpl,并在下面发表了评论:

/*
 * Return the best alias that fits the given parameters.
 * The algorithm we use is:
 *   . scan through all the aliases in all builders in order
 *   . as soon as we find a perfect match, return
 *     (i.e. a match with a cert that has appropriate key usage
 *      and is not expired).
 *   . if we do not find a perfect match, keep looping and remember
 *     the imperfect matches
 *   . at the end, sort the imperfect matches. we prefer expired certs
 *     with appropriate key usage to certs with the wrong key usage.
 *     return the first one of them.
 */
private String More ...chooseAlias(List<KeyType> keyTypeList,
        Principal[] issuers, CheckType checkType)

评论很明显,服务器将发送单个最佳匹配证书,但我似乎不明白原因 . 就像在我的情况下,我希望服务器发送所有3个证书,因此客户端可以选择一个并验证链 . 而且,如果我的客户端没有服务器发送的证书,则使用SSLHandshakeException删除连接“找不到可信证书” . 所以我的问题是,如果客户端请求的信息(来自ClientHello)与所有3个证书匹配,为什么服务器不能发送所有3个证书?是否与TLS 1.0和TLS 1.2有关?

ssl https client-server ssl-certificate tls1.2

2 回答

  • 0

    TLS握手协议仅提供一个客户端终端实体证书的传输(服务器证书也是如此) . 中间证书可以传输,但您似乎想要的 - 传输多个终端实体证书 - 是不可能的 .

    TLS服务器/客户端证书消息的结构在RFC 5246 (TLS 1.2) section 7.4.2中定义:

    Structure of this message:

      opaque ASN.1Cert<1..2^24-1>;

      struct {
          ASN.1Cert certificate_list<0..2^24-1>;
      } Certificate;

   certificate_list
      This is a sequence (chain) of certificates.  The sender's
      certificate MUST come first in the list.  Each following
      certificate MUST directly certify the one preceding it.  Because
      certificate validation requires that root keys be distributed
      independently, the self-signed certificate that specifies the root
      certificate authority MAY be omitted from the chain, under the
      assumption that the remote end must already possess it in order to
      validate it in any case.

    关于客户端选择呈现哪个证书,如果将服务器配置为通告其受信任的CA以进行客户端证书验证( CertificateRequest 消息的 certificate_authorities 字段;请参见下文),则选择要呈现的证书的客户端代码应该选择由其中一个广告CA认证的证书 .

    7.4.4.  Certificate Request

   ...

   Structure of this message:

      enum {
          rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),
          rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),
          fortezza_dms_RESERVED(20), (255)
      } ClientCertificateType;

      opaque DistinguishedName<1..2^16-1>;

      struct {
          ClientCertificateType certificate_types<1..2^8-1>;
          SignatureAndHashAlgorithm
            supported_signature_algorithms<2^16-1>;
          DistinguishedName certificate_authorities<0..2^16-1>;
      } CertificateRequest;

   ...

   certificate_authorities
      A list of the distinguished names [X501] of acceptable
      certificate_authorities, represented in DER-encoded format.  These
      distinguished names may specify a desired distinguished name for a
      root CA or for a subordinate CA; thus, this message can be used to
      describe known roots as well as a desired authorization space.  If
      the certificate_authorities list is empty, then the client MAY
      send any certificate of the appropriate ClientCertificateType,
      unless there is some external arrangement to the contrary.

    并且,从第7.4.6节开始:

    If the certificate_authorities list in the certificate request
  message was non-empty, one of the certificates in the certificate
  chain SHOULD be issued by one of the listed CAs.
    回复于
  • 1

    运气不好,你只能送一个 . 参见RFC 2616&ff .

    回复于

相关问题