JSSE Troubleshooting: Certificates Order in TLS Handshaking

Issue:

Failed with a exception: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed.

Example:

Test case:
 1  //
 2  // JSSE Troubleshooting: Disordered Certificate List in TLS Handshaking
 3  //
 4  import java.net.*;
 5
 6  public class DisorderedCertificateList {
 7      public static void main(String[] Arguments) throws Exception {
 8          URL url = new URL("https://myservice.example.com/");
 9          URLConnection connection = url.openConnection();
10
11          connection.getInputStream().close();
12      }
13  }
 
Test environment:
The HTTPS server, myservice.example.com, is configurated with a certificate path that the certificates in the path is out of order. For example, the expected certificate path is server_certificate -> intermediate ca -> seld-signed root ca. However, the certificate path is configurated as server_certificate -> seld-signed root ca -> intermediate ca.
Test Result:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
  at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
  at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1627)
  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:204)
  at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:198)
  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:994)
  at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:142)
  at sun.security.ssl.Handshaker.processLoop(Handshaker.java:533)
  at sun.security.ssl.Handshaker.process_record(Handshaker.java:471)
  at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904)
  at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1132)
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1159)
  at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1143)
  at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:423)
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:997)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
  at DisorderedCertificateList.main(DisorderedCertificateList.java:11)
 Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
  at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:266)
  at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:249)
  at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:172)
  at sun.security.validator.Validator.validate(Validator.java:235)
  at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:147)
  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:230)
  at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:270)
  at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:973)
  ... 12 more
 Caused by: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
  at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:153)
  at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:321)
  at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:186)
  at java.security.cert.CertPathValidator.validate(CertPathValidator.java:267)
  at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:261)
  ... 19 more
 

Cause:

Per the TLS specification (page 39, section 7.4.2, RFC2246), the certificate list passed to server Certificate message or client Certificate message "is a sequence (chain) of X.509v3 certificates. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it."
So, the certificate order of the above test case, server_certificate -> seld-signed root ca -> intermediate ca, is not a TLS specification compliant behavior, the TLS handshaking is expected to fail.

Solution:

Checking the TLS/SSL configuration, and make sure that the certificate list sent to peer is properly configuated and in order.

Linkage to the blog entry at blogs.sun.com

Popular posts from this blog

TLS Server Name Indication Extension and Unrecognized_name

Java™ SE 7 Release Security Enhancements - Weak Cryptography Control

JEP 115: AES-GCM CipherSuites in JDK 8