devbox
从前慢现在也慢
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

gmssl服务端和客户端程序、吉大正元身份认证网关、吉大正元SDK+USBkey 两两之间双证书双向认证数据通信测试_using default temp dh parameters error setting cer

作者:从前慢现在也慢 | 2024-02-20 03:35:12

using default temp dh parameters error setting certificate

注意事项

目录

gmssl服务端和客户端之间通信

sm2Certs双证书通信

吉大正元PKI派发的两对签名和加密双证书之间通信

first(server) -> second(client)

证书名称

first作为服务端

second作为客户端

 吉大正元SDK+USBkey 和 gmssl服务端程序通信

 gmssl客户端 和 吉大正元身份认证网关通信   (本阶段目前存在错误)

 吉大正元SDK+USBkey 和 身份认证网关 之间通

gmssl服务端和客户端之间通信

  • 生成密钥
    • gmssl ecparam -genkey -name sm2p256v1 -text -out encrypt.key
  • 查看密钥
    • gmssl pkey -in encrypt.key -text
  • 根据私钥,生成请求
    • gmssl req -new -sm3 -key encrypt.key -out encrypt.req -subj "/C=CN/O=SDT/CN=encrypt"
  • 查看请求
    • gmssl req -nout -in encrypt.req -text
  • 查看证书
    • gmssl x509 -noout -text -in sign.pem
  • gmssl命令
    • 服务端提供的参数:-msg -debug –state
    • 客户端提供的参数:-showcerts

sm2Certs双证书通信

  • 路径:/home/chy-cpabe/GMSSL_certificate/sm2Certs

  • 服务端
    • gmssl s_server -gmtls -accept 44330 -key SS.key.pem -cert SS.cert.pem -dkey SE.key.pem -dcert SE.cert.pem -CAfile CA.cert.pem -state -verify 1
    • 必须要有 verify,verify是开启gmtls双向证书认证的关键,也就是对等证书验证,客户端也会验证服务端的证书
    • 源码:GmSSL-master\apps\s_server.c
  1. G:\code\gmssl_source_code\GmSSL-master\apps\s_server.c
  2.     {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"},
  3.     {"Verify", OPT_UPPER_V_VERIFY, 'n',
  4.      "Turn on peer certificate verification, must have a cert"},
  5. {"verify", OPT_VERIFY, 'n', "开启对等证书验证"},
  6.      {“Verify”,OPT_UPPER_V_VERIFY,'n'
  7.       "开启对等证书验证,必须有证书"},
  1. case OPT_VERIFY:
  2. 	s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
  3. 	verify_args.depth = atoi(opt_arg());
  4. 	if (!s_quiet)
  5. 		BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
  6. 	break;
  7. case OPT_UPPER_V_VERIFY:
  8. 	s_server_verify =
  9. 		SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
  10. 		SSL_VERIFY_CLIENT_ONCE;
  11. 	verify_args.depth = atoi(opt_arg());
  12. 	if (!s_quiet)
  13. 		BIO_printf(bio_err,
  14. 				   "verify depth is %d, must return a certificate\n",
  15. 				   verify_args.depth);
  •  由源代码可知,传入的参数 depth 并没有什么关键性的作用,只是接收并输出即可,并不会真正控制证书的层级和深度
  1. chy-cpabe@ubuntu:~/GMSSL_certificate/sm2Certs$ gmssl s_server -gmtls -accept 44330 -key SS.key.pem -cert SS.cert.pem -dkey SE.key.pem -dcert SE.cert.pem -CAfile CA.cert.pem -state -verify 1
  2. verify depth is 1
  3. Using default temp DH parameters
  4. [GMTLS_DEBUG] set sm2 signing certificate
  5. [GMTLS_DEBUG] set sm2 signing private key
  6. [GMTLS_DEBUG] set sm2 encryption certificate
  7. [GMTLS_DEBUG] set sm2 decryption private key
  8. ACCEPT
  9. SSL_accept:before SSL initialization
  10. SSL_accept:before SSL initialization
  11. SSL_accept:SSLv3/TLS read client hello
  12. SSL_accept:SSLv3/TLS write server hello
  13. SSL_accept:SSLv3/TLS write certificate
  14. SSL_accept:SSLv3/TLS write key exchange
  15. SSL_accept:SSLv3/TLS write certificate request
  16. SSL_accept:SSLv3/TLS write server done
  17. SSL_accept:SSLv3/TLS write server done
  18. depth=1 C = CN, ST = BJ, L = HaiDian, O = Beijing JNTA Technology LTD., OU = SORB of TASS, CN = Test CA (SM2)
  19. verify return:1
  20. depth=0 C = CN, ST = BJ, L = HaiDian, O = Beijing JNTA Technology LTD., OU = BSRC of TASS, CN = client sign (SM2)
  21. verify return:1
  22. SSL_accept:SSLv3/TLS read client certificate
  23. ssl_get_algorithm2=f227000008x
  24. SSL_accept:SSLv3/TLS read client key exchange
  25. SSL_accept:SSLv3/TLS read certificate verify
  26. SSL_accept:SSLv3/TLS read change cipher spec
  27. SSL_accept:SSLv3/TLS read finished
  28. SSL_accept:SSLv3/TLS write change cipher spec
  29. SSL_accept:SSLv3/TLS write finished
  30. -----BEGIN SSL SESSION PARAMETERS-----
  31. MIICmAIBAQICAQEEAuATBCAWcAdtfPyMiEJmINUd/e/AmYdNqNTalV1AAbACRSQE
  32. CgQwtuURXPYQpQ7gQIZ3fWRd9QpsP0Zi57oDT1D/X1xVBL3wy9yrr/BOpRw2afsu
  33. 4DH3oQYCBGMw/gSiBAICHCCjggIfMIICGzCCAcGgAwIBAgIJAIVjx+dwZIdmMAoG
  34. CCqBHM9VAYN1MIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM
  35. B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x
  36. FTATBgNVBAsMDFNPUkIgb2YgVEFTUzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAe
  37. Fw0yMDA2MjAxMDE4MjZaFw0yNDA3MjkxMDE4MjZaMIGGMQswCQYDVQQGEwJDTjEL
  38. MAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcg
  39. Sk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgG
  40. A1UEAwwRY2xpZW50IHNpZ24gKFNNMikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNC
  41. AARV/eII1n2NVqYjwt9r9A5Eh6Z0iG+WUpsw4sGxhfKL0vr0OKcur6DZqjqLDSCr
  42. ZEhU6yuntNtaW+pexPblqXAroxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAK
  43. BggqgRzPVQGDdQNIADBFAiEAiX+PoCNW/n9SDbv6/o+NyCCV/7kBgunc7w5b7xGm
  44. 4RICIBMDlLjPZE2ACYhu1Wjqph23PfMPMgae4+Gtd7wzFz2UpAYEBAEAAAA=
  45. -----END SSL SESSION PARAMETERS-----
  46. Client certificate
  47. -----BEGIN CERTIFICATE-----
  48. MIICGzCCAcGgAwIBAgIJAIVjx+dwZIdmMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG
  49. EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl
  50. aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT
  51. UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDA2MjAxMDE4MjZaFw0yNDA3
  52. MjkxMDE4MjZaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM
  53. B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x
  54. FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRY2xpZW50IHNpZ24gKFNN
  55. MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAARV/eII1n2NVqYjwt9r9A5Eh6Z0
  56. iG+WUpsw4sGxhfKL0vr0OKcur6DZqjqLDSCrZEhU6yuntNtaW+pexPblqXAroxow
  57. GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEAiX+P
  58. oCNW/n9SDbv6/o+NyCCV/7kBgunc7w5b7xGm4RICIBMDlLjPZE2ACYhu1Wjqph23
  59. PfMPMgae4+Gtd7wzFz2U
  60. -----END CERTIFICATE-----
  61. subject=/C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=BSRC of TASS/CN=client sign (SM2)
  62. issuer=/C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=SORB of TASS/CN=Test CA (SM2)
  63. Shared ciphers:SM9-WITH-SMS4-SM3:SM9DHE-WITH-SMS4-SM3:SM2-WITH-SMS4-SM3:SM2DHE-WITH-SMS4-SM3:RSA-WITH-SMS4-SHA1:RSA-WITH-SMS4-SM3
  64. CIPHER is SM2-WITH-SMS4-SM3
  65. Secure Renegotiation IS supported
  • 客户端
    • gmssl s_client -gmtls -connect localhost:44330 -key CS.key.pem -cert CS.cert.pem -dkey CE.key.pem -dcert CE.cert.pem -CAfile CA.cert.pem -state
  1. chy-cpabe@ubuntu:~/GMSSL_certificate/sm2Certs$ gmssl s_client -gmtls -connect localhost:44330 -key CS.key.pem -cert CS.cert.pem -dkey CE.key.pem -dcert CE.cert.pem -CAfile CA.cert.pem -state -showcerts
  2. [GMTLS_DEBUG] set sm2 signing certificate
  3. [GMTLS_DEBUG] set sm2 signing private key
  4. [GMTLS_DEBUG] set sm2 encryption certificate
  5. [GMTLS_DEBUG] set sm2 decryption private key
  6. CONNECTED(00000003)
  7. SSL_connect:before SSL initialization
  8. SSL_connect:SSLv3/TLS write client hello
  9. SSL_connect:SSLv3/TLS write client hello
  10. SSL_connect:SSLv3/TLS read server hello
  11. depth=1 C = CN, ST = BJ, L = HaiDian, O = Beijing JNTA Technology LTD., OU = SORB of TASS, CN = Test CA (SM2)
  12. verify return:1
  13. depth=0 C = CN, ST = BJ, L = HaiDian, O = Beijing JNTA Technology LTD., OU = BSRC of TASS, CN = server sign (SM2)
  14. verify return:1
  15. SSL_connect:SSLv3/TLS read server certificate
  16. Z=BCDCCB61AADD790C076DAC60ED09DDD5285A906A4025DD748DA2FB5816464C58
  17. C=00021E3082021A308201C0A0030201020209008563C7E770648765300A06082A811CCF55018375308182310B300906035504061302434E310B300906035504080C02424A3110300E06035504070C074861694469616E31253023060355040A0C1C4265696A696E67204A4E544120546563686E6F6C6F6779204C54442E31153013060355040B0C0C534F5242206F6620544153533116301406035504030C0D546573742043412028534D3229301E170D3230303632303130313832365A170D3234303732393130313832365A308185310B300906035504061302434E310B300906035504080C02424A3110300E06035504070C074861694469616E31253023060355040A0C1C4265696A696E67204A4E544120546563686E6F6C6F6779204C54442E31153013060355040B0C0C42535243206F6620544153533119301706035504030C1073657276657220656E632028534D32293059301306072A8648CE3D020106082A811CCF5501822D03420004B999853302F02CC522CC4CCA287019E86B901FC24E3CCF9A61B93BB177B28C2CE8E23C5C522DF73C23F7AC36FF688CB2E685A3FA4770103F7C99EFC32D06C11FA31A301830090603551D1304023000300B0603551D0F040403020338300A06082A811CCF550183750348003045022100EC4368F400870BED441817AF4D359BDC61A9EDFDDEE54AB0C185084B450C46B902206E0C3A08BC584590046DC85603CD4E8A51F97D9669B1ACA3E2A3627BE61D49A2
  18. SSL_connect:SSLv3/TLS read server key exchange
  19. SSL_connect:SSLv3/TLS read server certificate request
  20. SSL_connect:SSLv3/TLS read server done
  21. SSL_connect:SSLv3/TLS write client certificate
  22. SSL_connect:SSLv3/TLS write client key exchange
  23. ssl_get_algorithm2=3268600008x
  24. SSL_connect:SSLv3/TLS write certificate verify
  25. SSL_connect:SSLv3/TLS write change cipher spec
  26. SSL_connect:SSLv3/TLS write finished
  27. SSL_connect:SSLv3/TLS write finished
  28. SSL_connect:SSLv3/TLS read change cipher spec
  29. SSL_connect:SSLv3/TLS read finished
  30. ---
  31. Certificate chain
  32.  0 s:/C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=BSRC of TASS/CN=server sign (SM2)
  33.    i:/C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=SORB of TASS/CN=Test CA (SM2)
  34. -----BEGIN CERTIFICATE-----
  35. MIICGjCCAcGgAwIBAgIJAIVjx+dwZIdkMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG
  36. EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl
  37. aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT
  38. UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDA2MjAxMDE4MjVaFw0yNDA3
  39. MjkxMDE4MjVaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM
  40. B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x
  41. FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRc2VydmVyIHNpZ24gKFNN
  42. MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAS0lHzt7CkOzCtyf6VwCqoT2PYD
  43. CL/AJrCsHa+6lE8wDZ7DShI2bvfmrpavndEW67CHQOlO0q6/aoEB0PoAgpopoxow
  44. GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNHADBEAiB06JWp
  45. uxFbGBfvG9juhe2Umu/auI1H2XeMdvDjbOtfuQIgMXT8jewkzq9TR3OPzRTkZCRH
  46. 3H+xKEb8r8JsEEStwaU=
  47. -----END CERTIFICATE-----
  48.  1 s:/C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=BSRC of TASS/CN=server enc (SM2)
  49.    i:/C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=SORB of TASS/CN=Test CA (SM2)
  50. -----BEGIN CERTIFICATE-----
  51. MIICGjCCAcCgAwIBAgIJAIVjx+dwZIdlMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG
  52. EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl
  53. aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT
  54. UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDA2MjAxMDE4MjZaFw0yNDA3
  55. MjkxMDE4MjZaMIGFMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM
  56. B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x
  57. FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEZMBcGA1UEAwwQc2VydmVyIGVuYyAoU00y
  58. KTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABLmZhTMC8CzFIsxMyihwGehrkB/C
  59. TjzPmmG5O7F3sows6OI8XFIt9zwj96w2/2iMsuaFo/pHcBA/fJnvwy0GwR+jGjAY
  60. MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgM4MAoGCCqBHM9VAYN1A0gAMEUCIQDsQ2j0
  61. AIcL7UQYF69NNZvcYant/d7lSrDBhQhLRQxGuQIgbgw6CLxYRZAEbchWA81OilH5
  62. fZZpsayj4qNie+YdSaI=
  63. -----END CERTIFICATE-----
  64.  2 s:/C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=SORB of TASS/CN=Test CA (SM2)
  65.    i:/C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=SORB of TASS/CN=Test CA (SM2)
  66. -----BEGIN CERTIFICATE-----
  67. MIICWjCCAgCgAwIBAgIJAP5W2mLaOWq5MAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG
  68. EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl
  69. aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT
  70. UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0yMDA2MjAxMDE4MjVaFw0yNDA3
  71. MjkxMDE4MjVaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM
  72. B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x
  73. FTATBgNVBAsMDFNPUkIgb2YgVEFTUzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTBZ
  74. MBMGByqGSM49AgEGCCqBHM9VAYItA0IABArjN7ag+H8D12eqXJpMeTOR9m3sB2RC
  75. ojH7fZPB77SDfHZb9g1lcqUhrug0nw2F8wBMsLfjvsK3wQn/ryi3YvSjXTBbMB0G
  76. A1UdDgQWBBRCcBGiEpd09qSpUlkiGkZ+q+CFbDAfBgNVHSMEGDAWgBRCcBGiEpd0
  77. 9qSpUlkiGkZ+q+CFbDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzP
  78. VQGDdQNIADBFAiBjdylWVsUoTRcHu9DoMHv4lgtYJMf2xHAGLoJUjmbizAIhAOFD
  79. i3EmFVUgGVdgbnztFZcBLxtBzIAh/Q4Q3dm3/MFu
  80. -----END CERTIFICATE-----
  81. ---
  82. Server certificate
  83. subject=/C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=BSRC of TASS/CN=server sign (SM2)
  84. issuer=/C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=SORB of TASS/CN=Test CA (SM2)
  85. ---
  86. Acceptable client certificate CA names
  87. /C=CN/ST=BJ/L=HaiDian/O=Beijing JNTA Technology LTD./OU=SORB of TASS/CN=Test CA (SM2)
  88. Client Certificate Types: RSA sign, DSA sign
  89. ---
  90. SSL handshake has read 2121 bytes and written 2115 bytes
  91. Verification: OK
  92. ---
  93. New, GMTLSv1.1, Cipher is SM2-WITH-SMS4-SM3
  94. Server public key is 256 bit
  95. Secure Renegotiation IS NOT supported
  96. Compression: NONE
  97. Expansion: NONE
  98. No ALPN negotiated
  99. SSL-Session:
  100.     Protocol  : GMTLSv1.1
  101.     Cipher    : SM2-WITH-SMS4-SM3
  102.     Session-ID: 1670076D7CFC8C88426620D51DFDEFC099874DA8D4DA955D4001B0024524040A
  103.     Session-ID-ctx: 
  104.     Master-Key: B6E5115CF610A50EE04086777D645DF50A6C3F4662E7BA034F50FF5F5C5504BDF0CBDCABAFF04EA51C3669FB2EE031F7
  105.     PSK identity: None
  106.     PSK identity hint: None
  107.     SRP username: None
  108.     Start Time: 1664155140
  109.     Timeout   : 7200 (sec)
  110.     Verify return code: 0 (ok)
  111.     Extended master secret: no
  112. ---

吉大正元PKI派发的两对签名和加密双证书之间通信

相关内容

  • first(server) -> second(client)
  • first路径: /home/chy-cpabe/tmp/first
  • second路径:/home/chy-cpabe/tmp/second

证书名称

  •  encrypt.key      加密私钥
  • encrypt.pem      加密证书
  • sign.key             签名私钥
  • sign.pem            签名证书
  • rootcert.pem      根证书

first作为服务端

second作为客户端

  • 服务端
  • gmssl s_server -gmtls -accept 44330 -key sign.key -cert sign.pem -dkey encrypt.key -dcert encrypt.pem -CAfile rootcert.pem -state -verify 1
  1. chy-cpabe@ubuntu:~/tmp/first$ gmssl s_server -gmtls -accept 44330 -key sign.key -cert sign.pem -dkey encrypt.key -dcert encrypt.pem -CAfile rootcert.pem -state -verify 1
  2. verify depth is 1
  3. Using default temp DH parameters
  4. [GMTLS_DEBUG] set sm2 signing certificate
  5. [GMTLS_DEBUG] set sm2 signing private key
  6. [GMTLS_DEBUG] set sm2 encryption certificate
  7. [GMTLS_DEBUG] set sm2 decryption private key
  8. ACCEPT
  9. SSL_accept:before SSL initialization
  10. SSL_accept:before SSL initialization
  11. SSL_accept:SSLv3/TLS read client hello
  12. SSL_accept:SSLv3/TLS write server hello
  13. SSL_accept:SSLv3/TLS write certificate
  14. SSL_accept:SSLv3/TLS write key exchange
  15. SSL_accept:SSLv3/TLS write certificate request
  16. SSL_accept:SSLv3/TLS write server done
  17. SSL_accept:SSLv3/TLS write server done
  18. depth=1 C = CN, O = SDT, CN = SDTCA SM2
  19. verify return:1
  20. depth=0 C = CN, O = SDT, CN = encrypt
  21. verify return:1
  22. SSL_accept:SSLv3/TLS read client certificate
  23. ssl_get_algorithm2=e7bcf00008x
  24. SSL_accept:SSLv3/TLS read client key exchange
  25. SSL_accept:SSLv3/TLS read certificate verify
  26. SSL_accept:SSLv3/TLS read change cipher spec
  27. SSL_accept:SSLv3/TLS read finished
  28. SSL_accept:SSLv3/TLS write change cipher spec
  29. SSL_accept:SSLv3/TLS write finished
  30. -----BEGIN SSL SESSION PARAMETERS-----
  31. MIICQQIBAQICAQEEAuATBCDvMDMjHF+PCTjwx5X6SCfBO26qG1VTYekEc4oBhx4R
  32. 3wQwzUIGQ08Y/rU1vUp2OeRVHynrigjiBchmbFLuYzIWVjI7bET8y1FgkA9gK9H7
  33. 1bWZoQYCBGMxCi2iBAICHCCjggHIMIIBxDCCAWqgAwIBAgIIbWIFSpEszbwwCgYI
  34. KoEcz1UBg3UwLzELMAkGA1UEBhMCQ04xDDAKBgNVBAoMA1NEVDESMBAGA1UEAwwJ
  35. U0RUQ0EgU00yMB4XDTIyMDkyMTAyNDcwM1oXDTI3MDkyMDAyNDcwM1owLTELMAkG
  36. A1UEBhMCQ04xDDAKBgNVBAoMA1NEVDEQMA4GA1UEAwwHZW5jcnlwdDBZMBMGByqG
  37. SM49AgEGCCqBHM9VAYItA0IABOfaNlRm3f7SDM3c7UAfJB1W7fWVfGjBOooU/IQb
  38. pXKeXsFhwrT1uOdvQurPOfSBMH5j33z/hQTV/se7mR2bMGmjcjBwMAsGA1UdDwQE
  39. AwIGwDAhBgNVHR8EGjAYMBagFKAShhBodHRwOi8vMTI3LjAuMC4xMB0GA1UdDgQW
  40. BBTSHzbgPVJVSELlvK3MrKHd+d4PIjAfBgNVHSMEGDAWgBQIF9WfrzTikWWPK87N
  41. 8rWq57HivDAKBggqgRzPVQGDdQNIADBFAiBQvYSXsyF8AF5BWkYXUZKuIRldlMO5
  42. xOLG3fpm4KS0XgIhAN5UsbUwsyx3hPBZLltQ956jVJETinGv9OTEfD1tuTDqpAYE
  43. BAEAAAA=
  44. -----END SSL SESSION PARAMETERS-----
  45. Client certificate
  46. -----BEGIN CERTIFICATE-----
  47. MIIBxDCCAWqgAwIBAgIIbWIFSpEszbwwCgYIKoEcz1UBg3UwLzELMAkGA1UEBhMC
  48. Q04xDDAKBgNVBAoMA1NEVDESMBAGA1UEAwwJU0RUQ0EgU00yMB4XDTIyMDkyMTAy
  49. NDcwM1oXDTI3MDkyMDAyNDcwM1owLTELMAkGA1UEBhMCQ04xDDAKBgNVBAoMA1NE
  50. VDEQMA4GA1UEAwwHZW5jcnlwdDBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABOfa
  51. NlRm3f7SDM3c7UAfJB1W7fWVfGjBOooU/IQbpXKeXsFhwrT1uOdvQurPOfSBMH5j
  52. 33z/hQTV/se7mR2bMGmjcjBwMAsGA1UdDwQEAwIGwDAhBgNVHR8EGjAYMBagFKAS
  53. hhBodHRwOi8vMTI3LjAuMC4xMB0GA1UdDgQWBBTSHzbgPVJVSELlvK3MrKHd+d4P
  54. IjAfBgNVHSMEGDAWgBQIF9WfrzTikWWPK87N8rWq57HivDAKBggqgRzPVQGDdQNI
  55. ADBFAiBQvYSXsyF8AF5BWkYXUZKuIRldlMO5xOLG3fpm4KS0XgIhAN5UsbUwsyx3
  56. hPBZLltQ956jVJETinGv9OTEfD1tuTDq
  57. -----END CERTIFICATE-----
  58. subject=/C=CN/O=SDT/CN=encrypt
  59. issuer=/C=CN/O=SDT/CN=SDTCA SM2
  60. Shared ciphers:SM9-WITH-SMS4-SM3:SM9DHE-WITH-SMS4-SM3:SM2-WITH-SMS4-SM3:SM2DHE-WITH-SMS4-SM3:RSA-WITH-SMS4-SHA1:RSA-WITH-SMS4-SM3
  61. CIPHER is SM2-WITH-SMS4-SM3
  62. Secure Renegotiation IS supported
  63. hello
  64. ERROR
  65. shutting down SSL
  66. CONNECTION CLOSED
  67. ACCEPT
  • 客户端
  • gmssl s_client -gmtls -connect localhost:44330 -key sign.key -cert sign.pem -dkey encrypt.key -dcert encrypt.pem -CAfile rootcert.pem -state -showcerts
  1. chy-cpabe@ubuntu:~/tmp/second$ gmssl s_client -gmtls -connect localhost:44330 -key sign.key -cert sign.pem -dkey encrypt.key -dcert encrypt.pem -CAfile rootcert.pem -state -showcerts
  2. [GMTLS_DEBUG] set sm2 signing certificate
  3. [GMTLS_DEBUG] set sm2 signing private key
  4. [GMTLS_DEBUG] set sm2 encryption certificate
  5. [GMTLS_DEBUG] set sm2 decryption private key
  6. CONNECTED(00000003)
  7. SSL_connect:before SSL initialization
  8. SSL_connect:SSLv3/TLS write client hello
  9. SSL_connect:SSLv3/TLS write client hello
  10. SSL_connect:SSLv3/TLS read server hello
  11. depth=1 C = CN, O = SDT, CN = SDTCA SM2
  12. verify return:1
  13. depth=0 C = CN, O = SDT, CN = server
  14. verify return:1
  15. SSL_connect:SSLv3/TLS read server certificate
  16. Z=17AE1C9FD1008FAF130C9873AB28EBFBF9B1C14BEDF417A2C59534D4DE0AD3EC
  17. C=0001C7308201C330820169A00302010202084D271B78E5E63ED3300A06082A811CCF55018375302F310B300906035504061302434E310C300A060355040A0C035344543112301006035504030C09534454434120534D32301E170D3232303932303036353030305A170D3332303931373036353030305A302C310B300906035504061302434E310C300A060355040A0C03534454310F300D06035504030C067365727665723059301306072A8648CE3D020106082A811CCF5501822D03420004BC39C09B0EDF0D05F519F396ABF923E14211477575A561C227F6D0F48490512249717D40DD56E96C166A1C14662257700AD77D3FAAF0AEFBF8CC0E511ACA153AA3723070300B0603551D0F04040302043030210603551D1F041A30183016A014A0128610687474703A2F2F3132372E302E302E31301D0603551D0E041604141587CA6751D0742743E58F7D19915969690DF702301F0603551D230418301680140817D59FAF34E291658F2BCECDF2B5AAE7B1E2BC300A06082A811CCF55018375034800304502200B43000E6E76504FE3D854A45ABBC9C5F3F6B378E575E0D543C0715F38C15C810221008AD145EC60920C49B03F779B4033D62D2842F9A22BE7323851E2E7F839F3A40A
  18. SSL_connect:SSLv3/TLS read server key exchange
  19. SSL_connect:SSLv3/TLS read server certificate request
  20. SSL_connect:SSLv3/TLS read server done
  21. SSL_connect:SSLv3/TLS write client certificate
  22. SSL_connect:SSLv3/TLS write client key exchange
  23. ssl_get_algorithm2=8619800008x
  24. SSL_connect:SSLv3/TLS write certificate verify
  25. SSL_connect:SSLv3/TLS write change cipher spec
  26. SSL_connect:SSLv3/TLS write finished
  27. SSL_connect:SSLv3/TLS write finished
  28. SSL_connect:SSLv3/TLS read change cipher spec
  29. SSL_connect:SSLv3/TLS read finished
  30. ---
  31. Certificate chain
  32.  0 s:/C=CN/O=SDT/CN=server
  33.    i:/C=CN/O=SDT/CN=SDTCA SM2
  34. -----BEGIN CERTIFICATE-----
  35. MIIBxDCCAWmgAwIBAgIINwb7oeZmMW4wCgYIKoEcz1UBg3UwLzELMAkGA1UEBhMC
  36. Q04xDDAKBgNVBAoMA1NEVDESMBAGA1UEAwwJU0RUQ0EgU00yMB4XDTIyMDkyMDA2
  37. NTAwMFoXDTMyMDkxNzA2NTAwMFowLDELMAkGA1UEBhMCQ04xDDAKBgNVBAoMA1NE
  38. VDEPMA0GA1UEAwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE5eMR
  39. L3fEq4uY6Eyuwwr4w7NukLJZYnmvLhftRuivanAX0Zq0uMAZB6nvvKLqwDjS5xfR
  40. JR8o4PDZiwy702C9OqNyMHAwCwYDVR0PBAQDAgbAMCEGA1UdHwQaMBgwFqAUoBKG
  41. EGh0dHA6Ly8xMjcuMC4wLjEwHQYDVR0OBBYEFCGBPUxVjGCBb+mAO/swdQAlFlU4
  42. MB8GA1UdIwQYMBaAFAgX1Z+vNOKRZY8rzs3ytarnseK8MAoGCCqBHM9VAYN1A0kA
  43. MEYCIQDYLvNxiPa61U+cWTZwpMqzTHOLrAIlo/ygExFuHLNqYgIhANCG27z52TCA
  44. oTuQu8ZE3jQjAfansfgaaKZyVYRttwZu
  45. -----END CERTIFICATE-----
  46.  1 s:/C=CN/O=SDT/CN=server
  47.    i:/C=CN/O=SDT/CN=SDTCA SM2
  48. -----BEGIN CERTIFICATE-----
  49. MIIBwzCCAWmgAwIBAgIITScbeOXmPtMwCgYIKoEcz1UBg3UwLzELMAkGA1UEBhMC
  50. Q04xDDAKBgNVBAoMA1NEVDESMBAGA1UEAwwJU0RUQ0EgU00yMB4XDTIyMDkyMDA2
  51. NTAwMFoXDTMyMDkxNzA2NTAwMFowLDELMAkGA1UEBhMCQ04xDDAKBgNVBAoMA1NE
  52. VDEPMA0GA1UEAwwGc2VydmVyMFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEvDnA
  53. mw7fDQX1GfOWq/kj4UIRR3V1pWHCJ/bQ9ISQUSJJcX1A3VbpbBZqHBRmIldwCtd9
  54. P6rwrvv4zA5RGsoVOqNyMHAwCwYDVR0PBAQDAgQwMCEGA1UdHwQaMBgwFqAUoBKG
  55. EGh0dHA6Ly8xMjcuMC4wLjEwHQYDVR0OBBYEFBWHymdR0HQnQ+WPfRmRWWlpDfcC
  56. MB8GA1UdIwQYMBaAFAgX1Z+vNOKRZY8rzs3ytarnseK8MAoGCCqBHM9VAYN1A0gA
  57. MEUCIAtDAA5udlBP49hUpFq7ycXz9rN45XXg1UPAcV84wVyBAiEAitFF7GCSDEmw
  58. P3ebQDPWLShC+aIr5zI4UeLn+DnzpAo=
  59. -----END CERTIFICATE-----
  60.  2 s:/C=CN/O=SDT/CN=SDTCA SM2
  61.    i:/C=CN/O=SDT/CN=SDTCA SM2
  62. -----BEGIN CERTIFICATE-----
  63. MIIBtDCCAVmgAwIBAgIIOPps5HcsfX4wCgYIKoEcz1UBg3UwLzELMAkGA1UEBhMC
  64. Q04xDDAKBgNVBAoMA1NEVDESMBAGA1UEAwwJU0RUQ0EgU00yMCAXDTIyMDQyMTEy
  65. MTU0OFoYDzIwNTIwNDEzMTIxNTQ4WjAvMQswCQYDVQQGEwJDTjEMMAoGA1UECgwD
  66. U0RUMRIwEAYDVQQDDAlTRFRDQSBTTTIwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNC
  67. AAQD837XAcEb1IMLPCGSE/I25QVgr3vaeuS8KFaOLZeNIpO2gOFF6EUDmoAHbC6U
  68. ZeIfcyKAJf/EqQ7HcMmjaYKWo10wWzALBgNVHQ8EBAMCAQYwDAYDVR0TBAUwAwEB
  69. /zAdBgNVHQ4EFgQUCBfVn6804pFljyvOzfK1quex4rwwHwYDVR0jBBgwFoAUCBfV
  70. n6804pFljyvOzfK1quex4rwwCgYIKoEcz1UBg3UDSQAwRgIhAIgteb0r4smsZ6TA
  71. Ih+XO8FQ2MZ3t5FH/0OGrIR8SVayAiEA3XTP9UDJnLOY3pZ4VMtYAvx4A1ducIJ5
  72. DftGpEhN3GA=
  73. -----END CERTIFICATE-----
  74. ---
  75. Server certificate
  76. subject=/C=CN/O=SDT/CN=server
  77. issuer=/C=CN/O=SDT/CN=SDTCA SM2
  78. ---
  79. Acceptable client certificate CA names
  80. /C=CN/O=SDT/CN=SDTCA SM2
  81. Client Certificate Types: RSA sign, DSA sign
  82. ---
  83. SSL handshake has read 1698 bytes and written 1773 bytes
  84. Verification: OK
  85. ---
  86. New, GMTLSv1.1, Cipher is SM2-WITH-SMS4-SM3
  87. Server public key is 256 bit
  88. Secure Renegotiation IS NOT supported
  89. Compression: NONE
  90. Expansion: NONE
  91. No ALPN negotiated
  92. SSL-Session:
  93.     Protocol  : GMTLSv1.1
  94.     Cipher    : SM2-WITH-SMS4-SM3
  95.     Session-ID: EF3033231C5F8F0938F0C795FA4827C13B6EAA1B555361E904738A01871E11DF
  96.     Session-ID-ctx: 
  97.     Master-Key: CD4206434F18FEB535BD4A7639E4551F29EB8A08E205C8666C52EE63321656323B6C44FCCB5160900F602BD1FBD5B599
  98.     PSK identity: None
  99.     PSK identity hint: None
  100.     SRP username: None
  101.     Start Time: 1664158253
  102.     Timeout   : 7200 (sec)
  103.     Verify return code: 0 (ok)
  104.     Extended master secret: no
  105. ---

 吉大正元SDK+USBkey 和 gmssl服务端程序通信  (出错,未解决

  • first路径:/home/chy-cpabe/tmp/first  second也可以,均是由根证书派发出来的签名和加密证书
  • 服务端
    • gmssl s_server -gmtls -accept 44330 -key sign.key -cert sign.pem -dkey encrypt.key -dcert encrypt.pem -CAfile rootcert.pem -state -verify 3
  1. chy-cpabe@ubuntu:~/tmp/first$ gmssl s_server -gmtls -accept 44330 -key sign.key -cert sign.pem -dkey encrypt.key -dcert encrypt.pem -CAfile rootcert.pem -state -verify 3
  2. verify depth is 3
  3. Using default temp DH parameters
  4. [GMTLS_DEBUG] set sm2 signing certificate
  5. [GMTLS_DEBUG] set sm2 signing private key
  6. [GMTLS_DEBUG] set sm2 encryption certificate
  7. [GMTLS_DEBUG] set sm2 decryption private key
  8. ACCEPT
  9. SSL_accept:before SSL initialization
  10. SSL_accept:before SSL initialization
  11. SSL_accept:SSLv3/TLS read client hello
  12. SSL_accept:SSLv3/TLS write server hello
  13. SSL_accept:SSLv3/TLS write certificate
  14. SSL_accept:SSLv3/TLS write key exchange
  15. SSL_accept:SSLv3/TLS write certificate request
  16. SSL_accept:SSLv3/TLS write server done
  17. SSL_accept:SSLv3/TLS write server done
  18. depth=1 C = CN, O = SDT, CN = SDTCA SM2
  19. verify return:1
  20. depth=0 C = CN, O = SDT, CN = Device2
  21. verify return:1
  22. SSL_accept:SSLv3/TLS read client certificate
  23. ssl_get_algorithm2=b0abe00008x
  24. SSL_accept:SSLv3/TLS read client key exchange
  25. crypto/sm2/sm2_sign.c 510: sm2_do_verify
  26. SSL3 alert write:fatal:decrypt error
  27. SSL_accept:error in error
  28. ERROR
  29. 139623765504000:error:1417B07B:SSL routines:tls_process_cert_verify:bad signature:ssl/statem/statem_srvr.c:2941:
  30. shutting down SSL
  31. CONNECTION CLOSED
  32. ACCEPT
  33.
  • 客户端
    • 指定服务地址和端口号即可
  • 源代码
  1. #include <stdio.h>
  2. #include <stdlib.h>
  3. #include <string.h>
  4.  
  5. #include "zwy_iot_interface.h"
  6.  
  7. //TODO 填充信息
  8.  
  9. #define WORK_PATH "/home/chy-cpabe/CLionProjects/jdzy_ssl"          //工作路径
  10. #define CA_PATH "/home/chy-cpabe/CLionProjects/jdzy_ssl/rootcert.pem"     //CA路径
  11. //#define CERT_REQ_IP "192.168.80.110"        //服务地址
  12. //#define CERT_ERQ_PORT 8889    //服务端口
  13.  
  14. #define CERT_REQ_IP "127.0.0.1"        //服务地址
  15. #define CERT_ERQ_PORT 44330    //服务端口
  16.  
  17. unsigned char req_data[] = "GET /index.html\r\n\r\n";
  18.  
  19. int main() {
  20.     //获取版本号
  21.     printf("版本号为: %s\n" ,zwy_iot_get_version());
  22.     //变量初始化
  23.     void *sdk_ctx = nullptr;        //sdk操作句柄
  24.     void *dev_ctx = nullptr;        //设备操作句柄
  25.     void *ssl_ctx = nullptr;        //ssl操作句柄
  26.     size_t key_num = 0;             //USBKEY数量
  27.     unsigned int state = 0;         //USBKEY状态
  28.     int ret = 0;                    //函数执行结果
  29.     unsigned int verify_result = 0; //证书验证结果
  30.     size_t key_name_len = 0;        //USBKey标识长度
  31.     //TODO 证书的名字和PIN,证书的名字可以直接赋值或者通过zwy_iot_get_ukey_state进行获取
  32. //    char tmpname[] = "F623281404280421";
  33.     char key_name[128] = {0};   //USBKey标识
  34.     char usr_pin[]  = "123456";     //USBKey标识PIN
  35. //    char usr_pin_new[] = "111111";  //更新PIN
  36.     size_t nwrite = 0;              //写入字节数
  37.     size_t nread = 0;               //读取字节数
  38.     unsigned char buf[4096]={0};//缓冲区
  39.  
  40.     //初始化
  41.     ret = zwy_iot_init(&sdk_ctx, WORK_PATH, CA_PATH);
  42.     if (ret != ZWY_IOT_OK){
  43.         printf("zwy_iot_init return 0x%04X\n",ret);
  44.         goto clear;
  45.     }
  46.  
  47.     //获取USBKey状态
  48. //    ret = zwy_iot_get_ukey_state(key_name,&state);
  49. //    if (ret != ZWY_IOT_OK ){
  50. //        printf("zwy_iot_get_ukey_state return 0x%04X\n",ret);
  51. //        goto clear;
  52. //    }
  53.     //TODO 检测设备状态
  54. //  ZWY_IOT_KEY_ST_ABSENT:  设备不存在
  55. //  ZWY_IOT_KEY_ST_PRESENT: 设备存在
  56. //  ZWY_IOT_KEY_ST_UNKNOW:  设备状态未知
  57.  
  58.     //获取插入的USBKey数量
  59.     ret = zwy_iot_get_dev_number(&key_num);
  60.     if (ret != ZWY_IOT_OK){
  61.         printf("zwy_iot_get_dev_number return 0x%04X\n",ret);
  62.         goto clear;
  63.     }
  64.     printf("USBKEY的数量为:%zu\n",key_num);
  65.  
  66.     //TODO USBKEY的数量从0到key_num范围之内,只提取第一个USBKEY
  67.     if(key_num > 0){
  68.         //获取第1个usbkey的标识
  69.         ret = zwy_iot_get_dev_name(key_name, &key_name_len,sizeof(key_name), 1);
  70.         if (ret == ZWY_IOT_OK){
  71.             printf("zwy_iot_get_dev_name return 0x%04X\n", ret);
  72. //            goto clear;
  73.         }
  74.  
  75.         //获取USBKey状态
  76.         ret = zwy_iot_get_ukey_state(key_name,&state);
  77.         if (ret == ZWY_IOT_OK ){
  78.             printf("zwy_iot_get_ukey_state return 0x%04X\n",ret);
  79. //            goto clear;
  80.         }
  81.  
  82.         //使用USBKey标识,连接USBKey设备
  83.         ret = zwy_iot_connect_dev(key_name,usr_pin,&dev_ctx);
  84.         if (ret == ZWY_IOT_OK){
  85.             printf("zwy_iot_connect_dev return 0x%04X\n",ret);
  86. //            goto clear;
  87.         }
  88.  
  89.         //建立SSLVPN连接
  90.         ret = zwy_iot_sslvpn_connect(&ssl_ctx,&verify_result,CERT_REQ_IP,
  91.                                      CERT_ERQ_PORT,sdk_ctx,dev_ctx);
  92.         if (ret != ZWY_IOT_OK ){
  93.             printf("zwy_iot_sslvpn_connect return 0x%04X\n", ret);
  94.             goto clear;
  95.         }
  96.  
  97.         //向SSLVPN中写入数据
  98.         ret = zwy_iot_sslvpn_write(&nwrite,req_data,sizeof(req_data),ssl_ctx);
  99.         if (ret != ZWY_IOT_OK ){
  100.             printf("zwy_iot_sslvpn_write return 0x%04X\n", ret);
  101.             goto clear;
  102.         }
  103.  
  104.         //从SSLVPN中读取数据
  105. //        ret = zwy_iot_sslvpn_read(buf, &nread, sizeof(buf), ssl_ctx);
  106. //        if (ret != ZWY_IOT_OK) {
  107. //            printf("zwy_iot_sslvpn_read return 0x%04X\n", ret);
  108. //            goto clear;
  109. //        }
  110. //        printf("recv data: %s \n", buf);
  111.         printf("SSL success \n");
  112.     }
  113.     clear:
  114.     //资源释放
  115.     //断开SSLVPN连接
  116.     ret = zwy_iot_sslvpn_free(ssl_ctx);
  117.     ssl_ctx = nullptr;
  118.     //关闭USBKey设备
  119.     zwy_iot_close_dev(dev_ctx);
  120.     dev_ctx = nullptr;
  121.     zwy_iot_free(sdk_ctx);
  122.     sdk_ctx = nullptr;
  123.     return ret;
  124. }

 gmssl客户端 和 吉大正元身份认证网关通信   (本阶段目前存在错误

  • 吉大正元身份认证网关:192.168.80.110 8889
  • first路径:/home/chy-cpabe/tmp/first  second也可以,均是由根证书派发出来的签名和加密证书
  • 客户端
    • gmssl s_client -gmtls -connect 192.168.80.110:8889 -key sign.key -cert sign.pem -dkey encrypt.key -dcert encrypt.pem -CAfile rootcert.pem -state
  1. chy-cpabe@ubuntu:~/tmp/first$ gmssl s_client -gmtls -connect 192.168.80.110:8889 -key sign.key -cert sign.pem -dkey encrypt.key -dcert encrypt.pem -CAfile rootcert.pem -state
  2. [GMTLS_DEBUG] set sm2 signing certificate
  3. [GMTLS_DEBUG] set sm2 signing private key
  4. [GMTLS_DEBUG] set sm2 encryption certificate
  5. [GMTLS_DEBUG] set sm2 decryption private key
  6. CONNECTED(00000003)
  7. SSL_connect:before SSL initialization
  8. SSL_connect:SSLv3/TLS write client hello
  9. SSL_connect:SSLv3/TLS write client hello
  10. SSL_connect:SSLv3/TLS read server hello
  11. depth=1 C = CN, O = SDT, CN = SDTCA SM2
  12. verify return:1
  13. depth=0 C = CN, O = SDT, CN = 192.168.80.110
  14. verify return:1
  15. SSL_connect:SSLv3/TLS read server certificate
  16. Z=57A18ADE9AE65C4518E01851C91150B786FEC8CD4FA1C22DCA623E2D1C4B494D
  17. C=0001CF308201CB30820171A003020102020842C7314545E1F9E0300A06082A811CCF55018375302F310B300906035504061302434E310C300A060355040A0C035344543112301006035504030C09534454434120534D32301E170D3232303930383038353031395A170D3237303930373038353031395A3034310B300906035504061302434E310C300A060355040A0C035344543117301506035504030C0E3139322E3136382E38302E3131303059301306072A8648CE3D020106082A811CCF5501822D03420004728DDC8FE396FB0FDAB3242DB3ED4E370A275E0A422215CA62BA993E7FDAB6B400EBD45CA92E31ABAD1B20C7DC868E98DB4439A56CCD6B7501E76B2C2A9D5160A3723070300B0603551D0F04040302043030210603551D1F041A30183016A014A0128610687474703A2F2F3132372E302E302E31301D0603551D0E041604141A0578239BFB5814A30439EB36C65EADB9A12487301F0603551D230418301680140817D59FAF34E291658F2BCECDF2B5AAE7B1E2BC300A06082A811CCF55018375034800304502202A93DC8D02F6E0ADD981DF18F56A6A4266A976C037263B731E08DC52BD11847A022100A5E6D842CC52D7A49B897A92DF49C91E7D52595A12D7B7100C2B70E318A80218
  18. SSL_connect:SSLv3/TLS read server key exchange
  19. SSL_connect:SSLv3/TLS read server certificate request
  20. SSL_connect:SSLv3/TLS read server done
  21. SSL_connect:SSLv3/TLS write client certificate
  22. SSL_connect:SSLv3/TLS write client key exchange
  23. ssl_get_algorithm2=d97f400008x
  24. SSL_connect:SSLv3/TLS write certificate verify
  25. SSL_connect:SSLv3/TLS write change cipher spec
  26. SSL_connect:SSLv3/TLS write finished
  27. SSL3 alert read:fatal:decrypt error
  28. SSL_connect:error in SSLv3/TLS write finished
  29. 139882148483072:error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error:ssl/record/rec_layer_s3.c:1385:SSL alert number 51
  30. ---
  31. Certificate chain
  32.  0 s:/C=CN/O=SDT/CN=192.168.80.110
  33.    i:/C=CN/O=SDT/CN=SDTCA SM2
  34.  1 s:/C=CN/O=SDT/CN=192.168.80.110
  35.    i:/C=CN/O=SDT/CN=SDTCA SM2
  36. ---
  37. Server certificate
  38. -----BEGIN CERTIFICATE-----
  39. MIIByzCCAXGgAwIBAgIIMBQFazElStAwCgYIKoEcz1UBg3UwLzELMAkGA1UEBhMC
  40. Q04xDDAKBgNVBAoMA1NEVDESMBAGA1UEAwwJU0RUQ0EgU00yMB4XDTIyMDkwODA4
  41. NTAxOVoXDTI3MDkwNzA4NTAxOVowNDELMAkGA1UEBhMCQ04xDDAKBgNVBAoMA1NE
  42. VDEXMBUGA1UEAwwOMTkyLjE2OC44MC4xMTAwWTATBgcqhkjOPQIBBggqgRzPVQGC
  43. LQNCAATlDQxehfZeFn05t6UUNR+I0dA2zYjtOeUtHdB/WRCjE6YlMzUYRDmsvHXF
  44. KtXeAioY+DwazbfwkHEBJhyIgzWUo3IwcDALBgNVHQ8EBAMCBsAwIQYDVR0fBBow
  45. GDAWoBSgEoYQaHR0cDovLzEyNy4wLjAuMTAdBgNVHQ4EFgQUSd5ccizI5+TH9ODp
  46. Aq6++mew1OAwHwYDVR0jBBgwFoAUCBfVn6804pFljyvOzfK1quex4rwwCgYIKoEc
  47. z1UBg3UDSAAwRQIhAOdvLFjuQ2ZwbyR26T3PHMyW/Dfli5gpC4TX7xSWFjlbAiBE
  48. 6MtGGkPaS1I1lB2Vkiq5ifWNdTCzBzFeV6W6sHeGag==
  49. -----END CERTIFICATE-----
  50. subject=/C=CN/O=SDT/CN=192.168.80.110
  51. issuer=/C=CN/O=SDT/CN=SDTCA SM2
  52. ---
  53. Acceptable client certificate CA names
  54. /C=CN/O=SDT/CN=SDTCA SM2
  55. Client Certificate Types: RSA sign, ECDSA sign
  56. ---
  57. SSL handshake has read 1154 bytes and written 1773 bytes
  58. Verification: OK
  59. ---
  60. New, GMTLSv1.1, Cipher is SM2-WITH-SMS4-SM3
  61. Server public key is 256 bit
  62. Secure Renegotiation IS NOT supported
  63. Compression: NONE
  64. Expansion: NONE
  65. No ALPN negotiated
  66. SSL-Session:
  67.     Protocol  : GMTLSv1.1
  68.     Cipher    : SM2-WITH-SMS4-SM3
  69.     Session-ID: 
  70.     Session-ID-ctx: 
  71.     Master-Key: 307742745E494A6FA89F39964AD5B84BB2C82C5C247A6CD0D13FE7D2A557BC634BAC20764CBD84B9EE947B0E462E4AC6
  72.     PSK identity: None
  73.     PSK identity hint: None
  74.     SRP username: None
  75.     Start Time: 1663752320
  76.     Timeout   : 7200 (sec)
  77.     Verify return code: 0 (ok)
  78.     Extended master secret: no
  79. ---
  80. chy-cpabe@ubuntu:~/tmp/first$
  • 报错:Decrypt Error 

 吉大正元SDK+USBkey 和 身份认证网关 之间通信

  • 修改程序中服务器的地址和端口号

 

 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/从前慢现在也慢/article/detail/118198
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号