> extensions: 4 items
> Extension (ns_cert_exts.comment)
> Extension Id: 2.16.840.1.113730.1.13
(ns_cert_exts.comment)
> BER Error: String with tag=22 expected
but class:UNIVERSAL(0)
> primitive
tag:12 was unexpected
> [Expert Info (Warn/Malformed): BER
Error: String expected]
> [BER Error: String expected]
> [Severity level: Warn]
> [Group: Malformed]
This is odd, is tshark buggy, too picky, or is the issuer cert actually
malformed?
I don’t know off-hand, will check, and bring to the attention of those who run
the proxy.
> algorithmIdentifier (shaWithRSAEncryption)
> Algorithm Id: 1.2.840.113549.1.1.5
(shaWithRSAEncryption)
> Padding: 0
> encrypted:
408fc9a991e6cebbec05fa6b2463d89bcb8b2dc888c1a1b6...
Issuer cert is an MiTM proxy, and possibly has encoding errors.
Got it, thanks.
> Secure Sockets Layer
> TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Certificate
Unknown)
> Content Type: Alert (21)
> Version: TLS 1.2 (0x0303)
> Length: 2
> Alert Message
> Level: Fatal (2)
> Description: Certificate Unknown (46)
Client objects to the server chain. Either does not trust the MiTM root
CA, or
is unhappy about its encoding (assuming tshark is not generating an FP
warning).
Thank you! So it is the *client* that breaks the connection, and it is unhappy
either about MiTM, or the encoding. I will check for both (though not much I
can do about either).
Thanks! (At least I have an idea now what’s going on.)
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
