You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you for your tool. I think it's really the best for security audits on thick clients :)
[1] I have an error when I would like to decrypt a SSL/TLS communication while there is a thick client authentication by certificate.
I have created a SSL filter in my socks proxy. This filter has a "SSL Network Layer".
I have loaded a .p12 file (public/private key of the thick client) in the configuration of this layer.
The "Require Client Certificate" check-box is enabled because the client will tried to authenticate with this certificate to the server.
Here is the error returned by Canape when the SSL/TLS communication is starting:
System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: Une erreur inconnue s’est produite lors du traitement du certificat
--- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at CANAPE.Net.Layers.SslNetworkLayer.ConnectServer(IDataAdapter adapter, Logger logger, PropertyBag properties)
at CANAPE.Net.Layers.SslNetworkLayer.Negotiate(IDataAdapter& server, IDataAdapter& client, ProxyToken token, Logger logger, MetaDictionary meta, MetaDictionary globalMeta, PropertyBag properties, NetworkLayerBinding defaultBinding)
at CANAPE.Net.ProxyNetworkService.ConnectClient(IDataAdapter baseAdapter, PropertyBag connProperties)
[2] I have tested the authentication by certificate with openssl.
There is no error with openssl:
When I would like to use this clientKeystore.pem file (I'm sure it is good), Canape said that the "Certificate does not have a private key". Consequently, I can't use this .pem file to decrypt the communication.
Is it a bug or there is a mistake in my .pem and .p12 file ?
Thank you in advance for your help,
The text was updated successfully, but these errors were encountered:
Hello,
Thank you for your tool. I think it's really the best for security audits on thick clients :)
[1] I have an error when I would like to decrypt a SSL/TLS communication while there is a thick client authentication by certificate.
I have created a SSL filter in my socks proxy. This filter has a "SSL Network Layer".
I have loaded a .p12 file (public/private key of the thick client) in the configuration of this layer.
The "Require Client Certificate" check-box is enabled because the client will tried to authenticate with this certificate to the server.
Here is the error returned by Canape when the SSL/TLS communication is starting:
[2] I have tested the authentication by certificate with openssl.
There is no error with openssl:
When I would like to use this clientKeystore.pem file (I'm sure it is good), Canape said that the "Certificate does not have a private key". Consequently, I can't use this .pem file to decrypt the communication.
Is it a bug or there is a mistake in my .pem and .p12 file ?
Thank you in advance for your help,
The text was updated successfully, but these errors were encountered: