Autenticação HTTPS do Windows Phone Phone Client HTTPS

9

Estou tentando acessar um servidor HTTPS seguro usando o certificado de cliente de um aplicativo do Windows 8 Phone que estou desenvolvendo. Isso não funciona em tudo o que me fez tentar acessar o servidor HTTPS a partir do navegador da web padrão, onde não funciona. Eu não sei se o Internet Explorer pode manipular certificados de cliente ou não. Se não lidar com eles, eu ficaria muito interessado em algum exemplo de código para c # .NET que funcione no Windows 8 Phone e que seja capaz de fornecer um certificado de cliente para o serviço da Web por HTTPS. O certificado usado deve ser armazenado no repositório de certificados do Windows 8 Phone.

Ele simplesmente não funciona para mim, nem do aplicativo que eu criei nem do Internet Explorer. Eu configurei a Autenticação de Cliente no Apache da seguinte forma:

<VirtualHost _default_:443>
DocumentRoot /var/www/htdocs
ServerName norrweb
ServerAdmin you@your.address
ErrorLog logs/error_log
TransferLog logs/access_log
SSLEngine on
SSLCertificateFile    /etc/ssl/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
#SSLCACertificatePath    /var/www/conf/ssl.crt
SSLCACertificateFile    /var/www/conf/ssl.crt/ca-bundle.crt
SSLVerifyClient require
SSLVerifyDepth  10
</VirtualHost>

Isso funciona muito bem, no OSX eu posso escolher meus problemas de certificado de cliente pela CA especificada em SSLCACertificateFile que contém uma CA Raiz autoassinada e uma CA intermediária que por sua vez assinou o certificado de cliente que estou usando no meu mac. / p>

Instalei a CA Raiz, a CA Intermediária e a CA do cliente em um telefone Windows 8 (Nokia Lumia 900). O telefone me disse para cada certificado que foi instalado com sucesso. Para mim, parece que o telefone nunca envia nenhum certificado para o servidor. Existe a necessidade de especificar qual certificado será usado para qual servidor?

O seguinte pode ser lido em error_log para o Apache:

# tail -f /var/www/logs/error_log                                                                                                                                  
[Tue Mar 12 23:46:30 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:46:30 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:48:45 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:48:45 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:48:45 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:48:45 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:52:23 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:52:23 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]
[Tue Mar 12 23:52:23 2013] [error] mod_ssl: SSL handshake failed (server norrweb:443, client 10.0.83.232) (OpenSSL library error follows)
[Tue Mar 12 23:52:23 2013] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]

O seguinte pode ser visto no Wireshark

No.     Time           Source                Destination           Protocol Length Info
      1 0.000000000    10.0.83.232           10.0.83.132           TCP      66     49160 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1

Frame 1: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 0, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      2 0.000177000    10.0.83.132           10.0.83.232           TCP      66     https > 49160 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8

Frame 2: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 0, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      3 0.004240000    10.0.83.232           10.0.83.132           TCP      60     49160 > https [ACK] Seq=1 Ack=1 Win=262144 Len=0

Frame 3: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      4 0.006430000    10.0.83.232           10.0.83.132           TLSv1    162    Client Hello

Frame 4: 162 bytes on wire (1296 bits), 162 bytes captured (1296 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 1, Ack: 1, Len: 108
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 103
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 99
            Version: TLS 1.0 (0x0301)
            Random
            Session ID Length: 0
            Cipher Suites Length: 24
            Cipher Suites (12 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)
            Extensions Length: 34
            Extension: renegotiation_info
            Extension: status_request
            Extension: elliptic_curves
            Extension: ec_point_formats
            Extension: SessionTicket TLS

No.     Time           Source                Destination           Protocol Length Info
      5 0.006753000    10.0.83.132           10.0.83.232           TLSv1    1086   Server Hello, Certificate, Certificate Request, Server Hello Done

Frame 5: 1086 bytes on wire (8688 bits), 1086 bytes captured (8688 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1, Ack: 109, Len: 1032
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 53
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 49
            Version: TLS 1.0 (0x0301)
            Random
            Session ID Length: 0
            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
            Compression Method: null (0)
            Extensions Length: 9
            Extension: renegotiation_info
            Extension: SessionTicket TLS
    TLSv1 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 810
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 806
            Certificates Length: 803
            Certificates (803 bytes)
    TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 154
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 146
            Certificate types count: 3
            Certificate types (3 types)
            Distinguished Names Length: 140
            Distinguished Names (140 bytes)
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0

No.     Time           Source                Destination           Protocol Length Info
      6 0.035066000    10.0.83.232           10.0.83.132           TLSv1    387    Certificate, Client Key Exchange, Change Cipher Spec, Finished

Frame 6: 387 bytes on wire (3096 bits), 387 bytes captured (3096 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 109, Ack: 1033, Len: 333
Secure Sockets Layer
    TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 269
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 3
            Certificates Length: 0
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 258
            RSA Encrypted PreMaster Secret
    TLSv1 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: TLS 1.0 (0x0301)
        Length: 1
        Change Cipher Spec Message
    TLSv1 Record Layer: Handshake Protocol: Finished
        Content Type: Handshake (22)
        Version: TLS 1.0 (0x0301)
        Length: 48
        Handshake Protocol: Finished
            Handshake Type: Finished (20)
            Length: 12
            Verify Data

No.     Time           Source                Destination           Protocol Length Info
      7 0.035543000    10.0.83.132           10.0.83.232           TLSv1    61     Alert (Level: Fatal, Description: Handshake Failure)

Frame 7: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1033, Ack: 442, Len: 7
Secure Sockets Layer
    TLSv1 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
        Content Type: Alert (21)
        Version: TLS 1.0 (0x0301)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Handshake Failure (40)

No.     Time           Source                Destination           Protocol Length Info
      8 0.037140000    10.0.83.132           10.0.83.232           TCP      54     https > 49160 [FIN, ACK] Seq=1040 Ack=442 Win=17520 Len=0

Frame 8: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1040, Ack: 442, Len: 0

No.     Time           Source                Destination           Protocol Length Info
      9 0.037374000    10.0.83.232           10.0.83.132           TCP      60     49160 > https [FIN, ACK] Seq=442 Ack=1040 Win=260864 Len=0

Frame 9: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 442, Ack: 1040, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     10 0.037491000    10.0.83.132           10.0.83.232           TCP      54     https > 49160 [FIN, ACK] Seq=1040 Ack=443 Win=17520 Len=0

Frame 10: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49160 (49160), Seq: 1040, Ack: 443, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     11 0.038866000    10.0.83.232           10.0.83.132           TCP      66     49161 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1

Frame 11: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 0, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     12 0.038987000    10.0.83.132           10.0.83.232           TCP      66     https > 49161 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8

Frame 12: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 0, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     13 0.042720000    10.0.83.232           10.0.83.132           TCP      60     49160 > https [ACK] Seq=443 Ack=1041 Win=260864 Len=0

Frame 13: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49160 (49160), Dst Port: https (443), Seq: 443, Ack: 1041, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     14 0.045063000    10.0.83.232           10.0.83.132           TCP      60     49161 > https [ACK] Seq=1 Ack=1 Win=262144 Len=0

Frame 14: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 1, Ack: 1, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     15 0.046585000    10.0.83.232           10.0.83.132           SSLv3    112    Client Hello

Frame 15: 112 bytes on wire (896 bits), 112 bytes captured (896 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 1, Ack: 1, Len: 58
Secure Sockets Layer
    SSLv3 Record Layer: Handshake Protocol: Client Hello
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 53
        Handshake Protocol: Client Hello
            Handshake Type: Client Hello (1)
            Length: 49
            Version: SSL 3.0 (0x0300)
            Random
            Session ID Length: 0
            Cipher Suites Length: 10
            Cipher Suites (5 suites)
            Compression Methods Length: 1
            Compression Methods (1 method)

No.     Time           Source                Destination           Protocol Length Info
     16 0.047039000    10.0.83.132           10.0.83.232           SSLv3    1113   Server Hello, Certificate, Certificate Request, Server Hello Done

Frame 16: 1113 bytes on wire (8904 bits), 1113 bytes captured (8904 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1, Ack: 59, Len: 1059
Secure Sockets Layer
    SSLv3 Record Layer: Handshake Protocol: Server Hello
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 81
        Handshake Protocol: Server Hello
            Handshake Type: Server Hello (2)
            Length: 77
            Version: SSL 3.0 (0x0300)
            Random
            Session ID Length: 32
            Session ID: f49316c9deb37720a0af8fe4bd7d3feb9a289930d502de9d...
            Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
            Compression Method: null (0)
            Extensions Length: 5
            Extension: renegotiation_info
    SSLv3 Record Layer: Handshake Protocol: Certificate
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 810
        Handshake Protocol: Certificate
            Handshake Type: Certificate (11)
            Length: 806
            Certificates Length: 803
            Certificates (803 bytes)
    SSLv3 Record Layer: Handshake Protocol: Multiple Handshake Messages
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 153
        Handshake Protocol: Certificate Request
            Handshake Type: Certificate Request (13)
            Length: 145
            Certificate types count: 2
            Certificate types (2 types)
            Distinguished Names Length: 140
            Distinguished Names (140 bytes)
        Handshake Protocol: Server Hello Done
            Handshake Type: Server Hello Done (14)
            Length: 0

No.     Time           Source                Destination           Protocol Length Info
     17 0.058398000    10.0.83.232           10.0.83.132           SSLv3    397    Alert (Level: Warning, Description: No Certificate), Client Key Exchange, Change Cipher Spec, Finished

Frame 17: 397 bytes on wire (3176 bits), 397 bytes captured (3176 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 59, Ack: 1060, Len: 343
Secure Sockets Layer
    SSLv3 Record Layer: Alert (Level: Warning, Description: No Certificate)
        Content Type: Alert (21)
        Version: SSL 3.0 (0x0300)
        Length: 2
        Alert Message
            Level: Warning (1)
            Description: No Certificate (41)
    SSLv3 Record Layer: Handshake Protocol: Client Key Exchange
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 260
        Handshake Protocol: Client Key Exchange
            Handshake Type: Client Key Exchange (16)
            Length: 256
    SSLv3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
        Content Type: Change Cipher Spec (20)
        Version: SSL 3.0 (0x0300)
        Length: 1
        Change Cipher Spec Message
    SSLv3 Record Layer: Handshake Protocol: Finished
        Content Type: Handshake (22)
        Version: SSL 3.0 (0x0300)
        Length: 60
        Handshake Protocol: Finished
            Handshake Type: Finished (20)
            Length: 36
            MD5 Hash
            SHA-1 Hash

No.     Time           Source                Destination           Protocol Length Info
     18 0.058791000    10.0.83.132           10.0.83.232           SSLv3    61     Alert (Level: Fatal, Description: Handshake Failure)

Frame 18: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1060, Ack: 402, Len: 7
Secure Sockets Layer
    SSLv3 Record Layer: Alert (Level: Fatal, Description: Handshake Failure)
        Content Type: Alert (21)
        Version: SSL 3.0 (0x0300)
        Length: 2
        Alert Message
            Level: Fatal (2)
            Description: Handshake Failure (40)

No.     Time           Source                Destination           Protocol Length Info
     19 0.059728000    10.0.83.132           10.0.83.232           TCP      54     https > 49161 [FIN, ACK] Seq=1067 Ack=402 Win=17520 Len=0

Frame 19: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1067, Ack: 402, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     20 0.061094000    10.0.83.232           10.0.83.132           TCP      60     49161 > https [FIN, ACK] Seq=402 Ack=1067 Win=260864 Len=0

Frame 20: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49161 (49161), Dst Port: https (443), Seq: 402, Ack: 1067, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     21 0.061351000    10.0.83.132           10.0.83.232           TCP      54     https > 49161 [FIN, ACK] Seq=1067 Ack=403 Win=17520 Len=0

Frame 21: 54 bytes on wire (432 bits), 54 bytes captured (432 bits) on interface 0
Ethernet II, Src: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a), Dst: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4)
Internet Protocol Version 4, Src: 10.0.83.132 (10.0.83.132), Dst: 10.0.83.232 (10.0.83.232)
Transmission Control Protocol, Src Port: https (443), Dst Port: 49161 (49161), Seq: 1067, Ack: 403, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     22 0.062308000    10.0.83.232           10.0.83.132           TCP      66     49162 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=256 SACK_PERM=1

Frame 22: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Nokia_c9:bd:a4 (b0:35:8d:c9:bd:a4), Dst: Vmware_b3:cc:5a (00:0c:29:b3:cc:5a)
Internet Protocol Version 4, Src: 10.0.83.232 (10.0.83.232), Dst: 10.0.83.132 (10.0.83.132)
Transmission Control Protocol, Src Port: 49162 (49162), Dst Port: https (443), Seq: 0, Len: 0

No.     Time           Source                Destination           Protocol Length Info
     23 0.062449000    10.0.83.132           10.0.83.232           TCP      66     https > 49162 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 SACK_PERM=1 WS=8

[Editar] Aqui estão algumas informações novas, eu fiz algumas depurações futuras usando o openssl s_client, veja abaixo:

imac:test jens$ openssl s_client -showcerts -connect norrweb:443 -CAfile CCRootCA.pem -prexit
CONNECTED(00000003)
depth=1 /CN=CCRootCA/C=SE/emailAddress=<mail hidden>
verify return:1
depth=0 /CN=norrweb/emailAddress=<mail hidden>
verify return:1
45636:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s3_pkt.c:1102:SSL alert number 40
45636:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-47/src/ssl/s23_lib.c:182:
---
Certificate chain
 0 s:/CN=norrweb/emailAddress=<mail hidden>
   i:/CN=CCRootCA/C=SE/emailAddress=<mail hidden>
-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgIBAjALBgkqhkiG9w0BAQswPDERMA8GA1UEAwwIQ0NSb290
<snip>
IEPe9OMviQ+yxlJKnalvha8yL5ULzYFIkRfvUZTUd8M=
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=norrweb/emailAddress=<mail hidden>
issuer=/CN=CCRootCA/C=SE/emailAddress=<mail hidden>
---
Acceptable client certificate CA names
/CN=NorrIntermediateCA/C=SE/emailAddress=<mail hidden>
/CN=NorrRootCA/C=SE/emailAddress=<mail hidden>
---
SSL handshake has read 1599 bytes and written 210 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: C3B4CC8BF5D88DE76E0DDEE4A24499B9F391D8B7AE93C84CE25DA58218181313
    Session-ID-ctx: 
    Master-Key: C98F2A12F7A796BD380507544A25FBEFCFEC1270F14A5705E6FFC4C841403F35C244E39F71FBA5407C27AC406D1058B7
    Key-Arg   : None
    Start Time: 1364065589
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
imac:test jens$ 

O seguinte é impresso no servidor de logon:

[23/Mar/2013 20:06:24 25734] [info]  Connection to child 3 established (server norrweb:443, client 10.0.83.145)
[23/Mar/2013 20:06:24 25734] [info]  Seeding PRNG with 1160 bytes of entropy
[23/Mar/2013 20:06:24 25734] [error] SSL handshake failed (server norrweb:443, client 10.0.83.145) (OpenSSL library error follows)
[23/Mar/2013 20:06:24 25734] [error] OpenSSL: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate [Hint: No CAs known to server for verification?]

Porque imprime o seguinte, eu acho que o servidor está fazendo a coisa correta?:

Nomes de CA de certificado de cliente aceitáveis

/ CN = NorrIntermediateCA / C = SE / emailAddress =

/ CN = NorrRootCA / C = SE / emailAddress =

Tenho certeza de que instalei um certificado de cliente no dispositivo Nokia assinado por / CN = NorrIntermediateCA / C = SE / emailAddress =

Mais alguma sugestão para alguém? O Windows 8 Phone está quebrado?

    
por www.jensolsson.se 13.03.2013 в 00:17
fonte

2 respostas

3

Eu sei que isso é tarde, mas de acordo com este artigo do msdn certificados não são suportados no Windows Phone 8.

    
por arri.io 30.06.2013 / 18:02
fonte
2

Dê uma olhada no Quadro 6. A Nokia não está enviando o certificado. Isso corresponde às mensagens error_log mostrando que o certificado está faltando: peer não retornou um certificado .

Eu já vi esse problema quando o servidor está sem a cadeia de certificados que emitiu os certificados do cliente. Acredito que o error_log esteja dizendo o mesmo: [Dica: Nenhum CA conhecido pelo servidor para verificação?]

O servidor envia ao cliente as CAs nas quais confia. O cliente envia de volta mensagens usando certificados de cliente emitidos por essas autoridades de certificação.

    
por Gyle Iverson 21.03.2013 / 07:32
fonte