Discussion:
How to implement SSL Pinning in a TLS client
Edwin Van Schaick
2013-07-16 10:17:52 UTC
Permalink
Hello,

I am currently implementing a TLS client to perform custom certificate
validation of the root certificate to do SSL Pinning. I’ve created a class,
that inherits from DefaultTlsClient. In the GetAuthentication method I
supply another class, that implements the TlsAuthentication interface.

However, in the NotifyServerCertificate method the serverCertificate
parameter seems to have only one certificate in the certs member, while I
would expect all certificates in the chain, including the Root CA
certificate I want to verify. How can I access the Root CA certificate from
the chain?

The implementation is done for Windows Phone 7 & 8.

Best regards,

Edwin.
Peter Dettman
2013-07-18 01:44:25 UTC
Permalink
Hi Edwin,
NotifyServerCertificate simply passes through the certificate chain sent
by the server, details of which you didn't provide. So if there is only
one certificate in the chain, only one was sent by the server.

This comment from RFC 2246 may help to explain why:

certificate_list
This is a sequence (chain) of X.509v3 certificates. The sender's
certificate must come first in the list. Each following
certificate must directly certify the one preceding it. Because
certificate validation requires that root keys be distributed
independently, the self-signed certificate which specifies the
root certificate authority may optionally be omitted from the
chain, under the assumption that the remote end must already
possess it in order to validate it in any case.


Regards,
Pete Dettman
Post by Edwin Van Schaick
Hello,
I am currently implementing a TLS client to perform custom certificate
validation of the root certificate to do SSL Pinning. I’ve created a
class, that inherits from DefaultTlsClient. In the GetAuthentication
method I supply another class, that implements the TlsAuthentication
interface.
However, in the NotifyServerCertificate method the serverCertificate
parameter seems to have only one certificate in the certs member,
while I would expect all certificates in the chain, including the Root
CA certificate I want to verify. How can I access the Root CA
certificate from the chain?
The implementation is done for Windows Phone 7 & 8.
Best regards,
Edwin.
Edwin Van Schaick
2013-07-18 09:36:48 UTC
Permalink
Hi Pete,

Thank you for your response. The server I try to access is a local server
with a certificate chain of three certificates. When I access the server
using a browser, I can view the chain with a root CA, a technical CA
inbetween and the server certificate itself. For some reason I don't
receive them when using the TlsProtocolHandler class. At this moment I
don't know if the server returns all certificates and if not why that
happens.

For SSL Pinning I want to receive the root CA from the server to be able to
guarantee that it is indeed the correct root CA.

Regards,
Edwin.


On Thu, Jul 18, 2013 at 3:44 AM, Peter Dettman <
Post by Peter Dettman
Hi Edwin,
NotifyServerCertificate simply passes through the certificate chain sent
by the server, details of which you didn't provide. So if there is only one
certificate in the chain, only one was sent by the server.
certificate_list
This is a sequence (chain) of X.509v3 certificates. The sender's
certificate must come first in the list. Each following
certificate must directly certify the one preceding it. Because
certificate validation requires that root keys be distributed
independently, the self-signed certificate which specifies the
root certificate authority may optionally be omitted from the
chain, under the assumption that the remote end must already
possess it in order to validate it in any case.
Regards,
Pete Dettman
Post by Edwin Van Schaick
Hello,
I am currently implementing a TLS client to perform custom certificate
validation of the root certificate to do SSL Pinning. I’ve created a
class, that inherits from DefaultTlsClient. In the GetAuthentication
method I supply another class, that implements the TlsAuthentication
interface.
However, in the NotifyServerCertificate method the serverCertificate
parameter seems to have only one certificate in the certs member,
while I would expect all certificates in the chain, including the Root
CA certificate I want to verify. How can I access the Root CA
certificate from the chain?
The implementation is done for Windows Phone 7 & 8.
Best regards,
Edwin.
Peter Dettman
2013-07-18 12:33:37 UTC
Permalink
Post by Edwin Van Schaick
Hi Pete,
Thank you for your response. The server I try to access is a local
server with a certificate chain of three certificates. When I access
the server using a browser, I can view the chain with a root CA, a
technical CA inbetween and the server certificate itself. For some
reason I don't receive them when using the TlsProtocolHandler class.
At this moment I don't know if the server returns all certificates and
if not why that happens.
NotifyServerCertificate is sending you the server Certificate message.
If there's only one entry in the list, the server only sent one. If you
suspect the BC implementation, then use e.g. Wireshark to inspect the
network packets.
The fact that the browser displays a chain only means that the browser
was able to construct the chain "somehow", typically by already having
the other certificates installed. Indeed, you have to be able to
construct the chain to validate it. You should be able to view these
installed certificates in your browser settings somewhere.
Post by Edwin Van Schaick
For SSL Pinning I want to receive the root CA from the server to be
able to guarantee that it is indeed the correct root CA.
Just take pinning out of the equation for a moment. How are you going to
figure out the certificate chain in order to validate it? The TLS
protocol itself doesn't require the server to send the full chain, nor
can the client beg, trick, or force the server to do so, AFAIK.

Pete.

Loading...