我正在尝试使用自签名证书建立与服务器的连接。但在执行期间
openssl s_client -connect 127.0.0.1:21042 -CAfile ca.crt -cert client.crt -key client.key
我得到验证返回:1 但最终我得到验证返回代码:0(好的)
depth=1 C = CH, ST = LU, L = Luzern, O = Ltd, CN = Stack Service, emailAddress = xyz@gmail.com
verify return:1
depth=0 C = CH, ST = LU, L = Luzern, O = Ltd, CN = Stack Service, emailAddress = xyz@gmail.com
verify return:1
---
Certificate chain
0 s:C = CH, ST = LU, L = Luzern, O = Ltd, CN = Stack Service, emailAddress = xyz@gmail.com
i:C = CH, ST = LU, L = Luzern, O = Ltd, CN = Stack Service, emailAddress = xyz@gmail.com
---
Acceptable client certificate CA names
C = CH, ST = LU, L = Luzern, O = Ltd, CN = Stack Service, emailAddress = xyz@gmail.com
Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512:RSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1908 bytes and written 1994 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read:errno=0
这样我无法从我的客户端应用程序连接到我的服务器。在第一次和第二次验证中得到 verify return:1 的原因是什么?
快速检查一下 google.com 等已知的良好网站就会发现,您所看到的内容非常正常。初始值只是证书链中特定证书的验证回调verify return:1的结果。这里意味着该特定证书的成功,而意味着错误,这将导致放弃验证过程并导致最终验证错误。10
相反,这Verify return code: 0 (ok)是整个验证过程的结果。这是一个显示验证错误的代码,其中0是X509_V_OK的数字表示,即没有错误。请参阅验证不同的代码。
这样我无法从我的客户端应用程序连接到我的服务器
根据您的输出,TLS 握手正常。因此,无论您遇到什么问题,都不在 TLS 握手中,或者至少不会在openssl s_client.
| 归档时间: |
|
| 查看次数: |
7284 次 |
| 最近记录: |