mbedtls错误记录

最新推荐文章于 2024-10-03 10:13:34 发布
最新推荐文章于 2024-10-03 10:13:34 发布
阅读量291 收藏 10
点赞数 5
分类专栏: 网络协议 文章标签: tcp/ip 网络 网络协议
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_35337506/article/details/142138768
版权

 0x2180 证书格式无效,可以检查证书的格式是否正确,或传入的证书长度是否正确

 mbedtls_x509_crt_parse-》mbedtls_x509_crt_parse_der-》x509_crt_parse_der_core-》mbedtls_x509_get_sig_alg-》return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret );

所以262e就是MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND = 0x2600 + 0x2e

openssl s_client -connect iot-api.zybang.com:443

这条命令的意思是使用 OpenSSL 的 s_client 工具与 iot-api.zybang.com 这个主机的 443 端口建立 SSL/TLS 连接

rc@ubuntu:~$ openssl s_client -connect iot-api.zybang.com:443
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
verify return:1
depth=1 C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia RSA DV TLS CA G2
verify return:1
depth=0 CN = *.zuoyebang.com
verify return:1
---
Certificate chain
 0 s:/CN=*.zuoyebang.com
   i:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
 1 s:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGeDCCBOCgAwIBAgIRAOJKOAEF6SYgsd3jH0j/EWcwDQYJKoZIhvcNAQEMBQAw
WTELMAkGA1UEBhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dpZXMs
IEluYy4xIzAhBgNVBAMTGlRydXN0QXNpYSBSU0EgRFYgVExTIENBIEcyMB4XDTI0
MDExNTAwMDAwMFoXDTI1MDIxMzIzNTk1OVowGjEYMBYGA1UEAwwPKi56dW95ZWJh
bmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwT03K2OgJ9wX
vacAP/L/V0RpnjXiw5sw1q/3CaieAu/0ZekooKgg3VBAqnvA10hyJ03iPkU9YmBv
JcWlkYLrjX2NUEl8Jrk7gY4qdEsN/bJZrDHI0g5HZZ0Vpx0IStmfOU0PAtbUVkTD
Tk21PO6ebazhNvJEJkvFIZFLT1GCBLyPjhMnkXrnXcUBYVjxdQ1ktLyGuUPMu6/S
rhc5sc7iHTngFysSTamSmNO8kqsVd4pdyR84J+SPky6lqHdHGtIHx01ywNyR1T/5
nr0K/VH/ucoTlrKo7wzQCEubHqD9djWwjy57IlyjFCKWPFiDnGidUrEDZj/hxOgP
dzKCTRW3xQIDAQABo4IC+DCCAvQwHwYDVR0jBBgwFoAUXzp8ERB+DGdxYdyLo7UA
A2f1VxwwHQYDVR0OBBYEFOntymGjbzrMAMpXeTGqbFehX9HcMA4GA1UdDwEB/wQE
AwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIxMCUwIwYIKwYBBQUHAgEWF2h0dHBz
Oi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATB9BggrBgEFBQcBAQRxMG8wQgYI
KwYBBQUHMAKGNmh0dHA6Ly9jcnQudHJ1c3QtcHJvdmlkZXIuY24vVHJ1c3RBc2lh
UlNBRFZUTFNDQUcyLmNydDApBggrBgEFBQcwAYYdaHR0cDovL29jc3AudHJ1c3Qt
cHJvdmlkZXIuY24wKQYDVR0RBCIwIIIPKi56dW95ZWJhbmcuY29tgg16dW95ZWJh
bmcuY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdQDPEVbu1S58r/OHW9lp
LpvpGnFnSrAX7KwB0lt3zsw7CAAAAY0L8rcYAAAEAwBGMEQCIH75arYOOMVtcx1m
lZy4J3ojxO/iEPixG2m8t3Xmb9arAiA1QEBZ3hQko3stOAh6G2IJ9pgAJ1GlQdSU
UjPx5XhS6wB3AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABjQvy
t1EAAAQDAEgwRgIhAKubiEa95sDGWBPxPnn2uyU2wDjfIE0At9f8N9FmH44HAiEA
7r/jApmT4TCjPR0aFZvapiYfKcIxBGcrKAfv93N1OhYAdgBOdaMnXJoQwzhbbNTf
P1LrHfDgjhuNacCx+mSxYpo53wAAAY0L8ra5AAAEAwBHMEUCIQCxN6RrXb/6vpqF
jql2NIwKilHmqMp71dGmy03Crih7EwIgJBlb2PAAJ8MeeAjBxD9SaqrOgaLsiTpF
6Bcd68FkVqkwDQYJKoZIhvcNAQEMBQADggGBAJlTUe1x+Wy5ufuwh6/QpvrYxFVg
TiOccpbCcZK6uJLd2eqKbmgyy2Qq60pohdL70u3mDVPhDc1grw7vRV6kiy7MRYUb
k12n3ctMXT+vgJNid70x4tUc1d4Yu1dyjRRCmbY9AHUUFwm5JT9t1W/l0zBVrTEl
fkLkY6SeUt0EJiFatW09dpvpqjS+rSKJs9pZpsWiqCKMX9NZRcamAFkDEha3cOrW
V/6/JE6Z4nu74y936aEQoquf0jtU+6lgxuNvY69q2I1DYMjGSUhI0MP1x5dSy7rl
LW8geoeGI8aeUmt+/5TBQdAPv7r4mOXlSnDYUVLjIviGc3TgE6XSFYT9Jwca4kCw
GP8e13/tPdhycOHjgvizGRD1bvUuyB7tn7ssT/kguns5PhdqqN6x5AFq2YEHg43b
UwZ+kboCew5gd0+l7C5qssGG1IT428487YFslww8eYwnSICiL64fhqaWT8pZBSxb
z4gc0fxMbFVMrJG6ySW188I0HD4TES1lQqnl7g==
-----END CERTIFICATE-----
subject=/CN=*.zuoyebang.com
issuer=/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4705 bytes and written 391 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 7C7304770486A9E00751B6E4B5CF73D0221F56307EADB991A1817B4D6D095232
    Session-ID-ctx: 
    Master-Key: A6073704EF9D44DAB2AE721F9970F0AAEDE8EAFDF743C57CFA52E2BAD6D8DBCE667A482D11DF3DF6DB11C826E7E5E0CC
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 50 bb 2f ff fb 6b a4 e1-7c db 6d 4c 62 39 f8 de   P./..k..|.mLb9..
    0010 - 12 7d ef 72 48 84 d0 e4-4a e2 eb 31 4c 56 50 cd   .}.rH...J..1LVP.
    0020 - 9e 06 ea e9 ed 81 b7 02-b8 e2 df f2 1d cf 9c c2   ................
    0030 - 4f c2 51 03 80 77 40 76-e6 8b 29 67 95 48 40 ba   O.Q..w@v..)g.H@.
    0040 - 6a cd 19 3a 40 b7 dd 8d-1d 6f 70 5c d8 b9 89 a2   j..:@....op\....
    0050 - 4e 31 7a 59 35 ca 3b 24-83 5f fe 60 86 d7 a4 ba   N1zY5.;$._.`....
    0060 - 25 69 0a 11 9a 08 2c 73-40 4a 2d cb 99 2a 68 94   %i....,s@J-..*h.
    0070 - 20 00 2c a3 bd dc 16 81-58 f5 3e 5e 99 d8 e9 81    .,.....X.>^....
    0080 - 73 4d 50 b0 01 87 00 c5-47 96 35 2c 96 8c 1c e2   sMP.....G.5,....
    0090 - 91 4b 69 fc 2c 39 8d 92-be ca 69 37 8b 45 1f b7   .Ki.,9....i7.E..
    00a0 - 58 63 66 9f 78 e7 0b 9e-05 b5 43 a4 88 36 b4 22   Xcf.x.....C..6."

    Start Time: 1726113355
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---





以下是对这段输出的逐步解释:

1. `CONNECTED(00000003)`: 表示成功建立与 `iot-api.zybang.com:443` 的连接。

2. 证书链的深度和相关信息:
    - 显示了证书链中各个证书的颁发者(issuer)和主体(subject)信息。
    - 深度为 2 的证书由 `Comodo CA Limited` 颁发。
    - 深度为 1 的证书由 `TrustAsia Technologies, Inc.` 颁发。
    - 深度为 0 的证书主体是 `*.zuoyebang.com` 。

3. 服务器证书的详细信息:
    - 包括证书的版本、序列号、颁发者、主体、有效期等。

4. 关于客户端证书:
    - `No client certificate CA names sent` 表示没有发送客户端证书的 CA 名称。

5. 有关密钥和加密的信息:
    - 例如服务器使用的临时密钥(Server Temp Key)、协商的密码套件(Cipher)等。

6. SSL 握手的信息:
    - 包括读取和写入的字节数。

7. SSL 会话的详细信息:
    - 协议版本(TLSv1.2)、密码套件(ECDH-RSA-AES128-GCM-SHA256)、会话 ID 等。
    - `Verify return code: 0 (ok)` 表示证书验证成功。

总的来说,这段输出提供了关于与 `iot-api.zybang.com:443` 建立 SSL/TLS 连接的详细信息,包括证书链、密钥交换、密码套件和会话参数等,并且最终的证书验证结果是成功的。

-showcerts 选项会指示 openssl s_client 不仅获取服务器证书,还获取并显示整个证书链

rc@ubuntu:~$ openssl s_client -connect iot-api.zybang.com:443 -showcerts
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
verify return:1
depth=1 C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia RSA DV TLS CA G2
verify return:1
depth=0 CN = *.zybang.com
verify return:1
---
Certificate chain
 0 s:/CN=*.zybang.com
   i:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
-----BEGIN CERTIFICATE-----
MIIGbjCCBNagAwIBAgIQJ0mgvvGfIeKs4pfCRFOxzDANBgkqhkiG9w0BAQwFADBZ
MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg
SW5jLjEjMCEGA1UEAxMaVHJ1c3RBc2lhIFJTQSBEViBUTFMgQ0EgRzIwHhcNMjMx
MTA2MDAwMDAwWhcNMjQxMjA1MjM1OTU5WjAXMRUwEwYDVQQDDAwqLnp5YmFuZy5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwwEHVEqnq8yt4BEgn
lMJ5KIfCfvJQ375JdJ4DW5lFvEUtSL6pRsbsRclQjbnee3jcf0U9FhAYm/tWBEM7
KwB6Nsuj4ESg9EaHzb5qxisZDghHBzScq9DT49poiA6ZG7Yl+VrI38bFnugYb/CZ
drMF+oN02Rnq3N19JZBmf0+bFIi6KjDrATHmNjAOnVHXQi4c1e4hEiUb8fWEsvQI
QT3rSDvVtR10uumwaM/6I7NvZ5LpZMBV2iN/apeRERVxXVLg6afVYjaE2jpK9YDG
ZHbL7lb9iPyquRvqiBfhev0QORCERBIaNyVPcmFlkzxJtxQhmYAsrFaHyFXx1RkT
ttzXAgMBAAGjggLyMIIC7jAfBgNVHSMEGDAWgBRfOnwREH4MZ3Fh3IujtQADZ/VX
HDAdBgNVHQ4EFgQUfMYj6IU6sLDHljLuQuVJ+9TJS98wDgYDVR0PAQH/BAQDAgWg
MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkG
A1UdIARCMEAwNAYLKwYBBAGyMQECAjEwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9z
ZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMH0GCCsGAQUFBwEBBHEwbzBCBggrBgEF
BQcwAoY2aHR0cDovL2NydC50cnVzdC1wcm92aWRlci5jbi9UcnVzdEFzaWFSU0FE
VlRMU0NBRzIuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC50cnVzdC1wcm92
aWRlci5jbjAjBgNVHREEHDAaggwqLnp5YmFuZy5jb22CCnp5YmFuZy5jb20wggF+
BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AHb/iD8KtvuVUcJhzPWHujS0pM27Kdxo
Qgqf5mdMWjp0AAABi6MJrvkAAAQDAEcwRQIhAJzp0qu6M5paopXz2jtNtXP96NkN
UXTjGPyYlQp1//myAiBjKNfgX8eUeROrowkxElJsA/ux7gaM0E+i4JD7GtY0DwB2
AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABi6MJr4UAAAQDAEcw
RQIgcu6gu8uxv2L4gZkXKjjd9e0dPwGUVnFrHHm4AotwYpECIQDB48eKTUp97PFF
stj6exR8bL0xZRPDBgwAA8jyuEFQBAB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOze
w1FIWUZxH7WbAAABi6MJryEAAAQDAEcwRQIhAIs5SrMTzc0zbo40FTg3rfu2TQ17
aWUAFoeQAnJWxWRvAiAnaKfK0Vvim8SIruUagSM+MBTQRvvwINi9oixDsKny/zAN
BgkqhkiG9w0BAQwFAAOCAYEAkPj68EAVM/8MQH2VszGkIs1h9r9mPYVVEg25Olsu
MpN7UTI4/wpscGLasAqBpxqMhPZ9OCc7NTEgMPevjv00otPeaUBpb9zF7noBbZ+d
ZnnyLp9lvIfjOeHg6z/swsx6JBB2OTkmtHHglrW+1+CLg+5ZXuFGV0kGT55/iLii
Z03pvUkVrkhiwVQcPJFDZjyQG8HY31XBHbC7PyauUnsnXnlDc2qTia+6IMSs1RvV
VGMO72CvElaLN/Upb0kDagOxqM6ZixV1O0n+05bCh5Ad+WuO2Uh2uFN6XsUzJXwg
typSYOebBNh3rm5GHxSlcQcZj8AFw1gbd4RVNPo29ULPshijW0MFTxTAm8Z4vLgz
FPbuizkVtpMkW67z9fNXe4CQ3aKE1w8esw4qgpdZ+pZkN3ItCPIGA4Fw0YnDFBLe
AX0hzw31MXWk3nMWDCkJciGdmtkhuX308iq24o+syp8xQyh7bW6swB3r9ZHs3UWO
QOfnDPEUGSjdOZyaCGMAAzai
-----END CERTIFICATE-----
 1 s:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIRALIM7VUuMaC/NDp1KHQ76aswDQYJKoZIhvcNAQELBQAw
ezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0yMjAxMTAwMDAwMDBaFw0y
ODEyMzEyMzU5NTlaMFkxCzAJBgNVBAYTAkNOMSUwIwYDVQQKExxUcnVzdEFzaWEg
VGVjaG5vbG9naWVzLCBJbmMuMSMwIQYDVQQDExpUcnVzdEFzaWEgUlNBIERWIFRM
UyBDQSBHMjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKjGDe0GSaBs
Yl/VhMaTM6GhfR1TAt4mrhN8zfAMwEfLZth+N2ie5ULbW8YvSGzhqkDhGgSBlafm
qq05oeESrIJQyz24j7icGeGyIZ/jIChOOvjt4M8EVi3O0Se7E6RAgVYcX+QWVp5c
Sy+l7XrrtL/pDDL9Bngnq/DVfjCzm5ZYUb1PpyvYTP7trsV+yYOCNmmwQvB4yVjf
IIpHC1OcsPBntMUGeH1Eja4D+qJYhGOxX9kpa+2wTCW06L8T6OhkpJWYn5JYiht5
8exjAR7b8Zi3DeG9oZO5o6Qvhl3f8uGU8lK1j9jCUN/18mI/5vZJ76i+hsgdlfZB
Rh5lmAQjD80M9TY+oD4MYUqB5XrigPfFAUwXFGehhlwCVw7y6+5kpbq/NpvM5Ba8
SeQYUUuMA8RXpTtGlrrTPqJryfa55hTuX/ThhX4gcCVkbyujo0CYr+Uuc14IOyNY
1fD0/qORbllbgV41wiy/2ZUWZQUodqHWkjT1CwIMbQOY5jmrSYGBwwIDAQABo4IB
JjCCASIwHwYDVR0jBBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYE
FF86fBEQfgxncWHci6O1AANn9VccMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8E
CDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAiBgNVHSAE
GzAZMA0GCysGAQQBsjEBAgIxMAgGBmeBDAECATBDBgNVHR8EPDA6MDigNqA0hjJo
dHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNy
bDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9k
b2NhLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAHMUom5cxIje2IiFU7mOCsBr2F6CY
eU5cyfQ/Aep9kAXYUDuWsaT85721JxeXFYkf4D/cgNd9+hxT8ZeDOJrn+ysqR7NO
2K9AdqTdIY2uZPKmvgHOkvH2gQD6jc05eSPOwdY/10IPvmpgUKaGOa/tyygL8Og4
3tYyoHipMMnS4OiYKakDJny0XVuchIP7ZMKiP07Q3FIuSS4omzR77kmc75/6Q9dP
v4wa90UCOn1j6r7WhMmX3eT3Gsdj3WMe9bYD0AFuqa6MDyjIeXq08mVGraXiw73s
Zale8OMckn/BU3O/3aFNLHLfET2H2hT6Wb3nwxjpLIfXmSVcVd8A58XH0g==
-----END CERTIFICATE-----
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=*.zybang.com
issuer=/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4695 bytes and written 391 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 03E19C65CC4B448451945B5043C7205B61A89A79E14CE52C6D4579540A25E5FE
    Session-ID-ctx: 
    Master-Key: E421097FBFF6CE69B7EDEB248B064509AB5E7F31157940A89AA50064653D183C75E251DA1A2F41BB7ED4647147AB90D9
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 46 6a 64 6c 39 33 69 4c-35 6d 55 35 54 66 37 38   Fjdl93iL5mU5Tf78
    0010 - b5 94 1a 2a 60 54 3e 88-03 67 fb 11 d4 c2 ee aa   ...*`T>..g......
    0020 - 01 f8 33 07 26 96 53 60-12 3a 41 99 a4 1b 15 5b   ..3.&.S`.:A....[
    0030 - ef 14 91 96 d2 d6 1c 85-e8 6d 49 c5 ae e3 aa 73   .........mI....s
    0040 - 81 e5 02 32 a7 c3 97 70-7e ee ef f5 83 ca 82 a6   ...2...p~.......
    0050 - df 35 5e 3f 5e 21 3e a2-a7 53 92 9d 7f 18 de 00   .5^?^!>..S......
    0060 - 4b 14 f6 e8 1e b8 cc 80-52 40 7d 7c 10 46 d3 77   K.......R@}|.F.w
    0070 - 11 35 c3 56 0a cc a5 55-c1 82 af bf 47 df 69 39   .5.V...U....G.i9
    0080 - 62 8f dc 4d 73 66 12 44-28 e3 da 00 80 b6 f2 0b   b..Msf.D(.......
    0090 - 22 82 a9 ac c2 61 ff 50-ce 37 5c 32 33 29 3f 3a   "....a.P.7\23)?:
    00a0 - 98 49 8c a9 ff 86 27 b5-b2 2f 8d 8f 01 29 b2 cf   .I....'../...)..

    Start Time: 1726120470
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

mbedtls如何设置缓冲大小:

在mbedtls_ssl_setup函数中会设置

 

路径 mbedtls-2.16.0\mbedtls\ssl.h

/*
 * Maximum fragment length in bytes,
 * determines the size of each of the two internal I/O buffers.
 *
 * Note: the RFC defines the default size of SSL / TLS messages. If you
 * change the value here, other clients / servers may not be able to
 * communicate with you anymore. Only change this value if you control
 * both sides of the connection and have it reduced at both sides, or
 * if you're using the Max Fragment Length extension and you know all your
 * peers are using it too!
 */
#if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
// #define MBEDTLS_SSL_MAX_CONTENT_LEN         16384   /**< Size of the input / output buffer */
#define MBEDTLS_SSL_MAX_CONTENT_LEN         32768   /**< Size of the input / output buffer */
#endif

#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN   //接收数据的输入缓冲区的长度,用于存储接收到的 SSL/TLS 数据
#endif

#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN  //发送数据的输出缓冲区的长度,用于存储要发送的 SSL/TLS 数据。
#endif

在 openssl 中,您可以使用 s_client 工具并通过 -CAfile 选项传入信任的根证书文件来进行证书校验。 

rc@ubuntu:~$ ls
bin  core  Desktop  Documents  Downloads  examples.desktop  Music  Pictures  Public  Python-3.7.7  Python-3.7.7.tgz  repo_git  share  Templates  Videos  vscode-cpptools  zyb.pem
rc@ubuntu:~$ 
rc@ubuntu:~$ 
rc@ubuntu:~$ 
rc@ubuntu:~$ 
rc@ubuntu:~$ openssl s_client -connect iot-api.zybang.com:443 -CAfile ./zyb.pem 
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
verify return:1
depth=1 C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia RSA DV TLS CA G2
verify return:1
depth=0 CN = *.zybang.com
verify return:1
---
Certificate chain
 0 s:/CN=*.zybang.com
   i:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
 1 s:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
   i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGbjCCBNagAwIBAgIQJ0mgvvGfIeKs4pfCRFOxzDANBgkqhkiG9w0BAQwFADBZ
MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg
SW5jLjEjMCEGA1UEAxMaVHJ1c3RBc2lhIFJTQSBEViBUTFMgQ0EgRzIwHhcNMjMx
MTA2MDAwMDAwWhcNMjQxMjA1MjM1OTU5WjAXMRUwEwYDVQQDDAwqLnp5YmFuZy5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwwEHVEqnq8yt4BEgn
lMJ5KIfCfvJQ375JdJ4DW5lFvEUtSL6pRsbsRclQjbnee3jcf0U9FhAYm/tWBEM7
KwB6Nsuj4ESg9EaHzb5qxisZDghHBzScq9DT49poiA6ZG7Yl+VrI38bFnugYb/CZ
drMF+oN02Rnq3N19JZBmf0+bFIi6KjDrATHmNjAOnVHXQi4c1e4hEiUb8fWEsvQI
QT3rSDvVtR10uumwaM/6I7NvZ5LpZMBV2iN/apeRERVxXVLg6afVYjaE2jpK9YDG
ZHbL7lb9iPyquRvqiBfhev0QORCERBIaNyVPcmFlkzxJtxQhmYAsrFaHyFXx1RkT
ttzXAgMBAAGjggLyMIIC7jAfBgNVHSMEGDAWgBRfOnwREH4MZ3Fh3IujtQADZ/VX
HDAdBgNVHQ4EFgQUfMYj6IU6sLDHljLuQuVJ+9TJS98wDgYDVR0PAQH/BAQDAgWg
MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkG
A1UdIARCMEAwNAYLKwYBBAGyMQECAjEwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9z
ZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMH0GCCsGAQUFBwEBBHEwbzBCBggrBgEF
BQcwAoY2aHR0cDovL2NydC50cnVzdC1wcm92aWRlci5jbi9UcnVzdEFzaWFSU0FE
VlRMU0NBRzIuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC50cnVzdC1wcm92
aWRlci5jbjAjBgNVHREEHDAaggwqLnp5YmFuZy5jb22CCnp5YmFuZy5jb20wggF+
BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AHb/iD8KtvuVUcJhzPWHujS0pM27Kdxo
Qgqf5mdMWjp0AAABi6MJrvkAAAQDAEcwRQIhAJzp0qu6M5paopXz2jtNtXP96NkN
UXTjGPyYlQp1//myAiBjKNfgX8eUeROrowkxElJsA/ux7gaM0E+i4JD7GtY0DwB2
AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABi6MJr4UAAAQDAEcw
RQIgcu6gu8uxv2L4gZkXKjjd9e0dPwGUVnFrHHm4AotwYpECIQDB48eKTUp97PFF
stj6exR8bL0xZRPDBgwAA8jyuEFQBAB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOze
w1FIWUZxH7WbAAABi6MJryEAAAQDAEcwRQIhAIs5SrMTzc0zbo40FTg3rfu2TQ17
aWUAFoeQAnJWxWRvAiAnaKfK0Vvim8SIruUagSM+MBTQRvvwINi9oixDsKny/zAN
BgkqhkiG9w0BAQwFAAOCAYEAkPj68EAVM/8MQH2VszGkIs1h9r9mPYVVEg25Olsu
MpN7UTI4/wpscGLasAqBpxqMhPZ9OCc7NTEgMPevjv00otPeaUBpb9zF7noBbZ+d
ZnnyLp9lvIfjOeHg6z/swsx6JBB2OTkmtHHglrW+1+CLg+5ZXuFGV0kGT55/iLii
Z03pvUkVrkhiwVQcPJFDZjyQG8HY31XBHbC7PyauUnsnXnlDc2qTia+6IMSs1RvV
VGMO72CvElaLN/Upb0kDagOxqM6ZixV1O0n+05bCh5Ad+WuO2Uh2uFN6XsUzJXwg
typSYOebBNh3rm5GHxSlcQcZj8AFw1gbd4RVNPo29ULPshijW0MFTxTAm8Z4vLgz
FPbuizkVtpMkW67z9fNXe4CQ3aKE1w8esw4qgpdZ+pZkN3ItCPIGA4Fw0YnDFBLe
AX0hzw31MXWk3nMWDCkJciGdmtkhuX308iq24o+syp8xQyh7bW6swB3r9ZHs3UWO
QOfnDPEUGSjdOZyaCGMAAzai
-----END CERTIFICATE-----
subject=/CN=*.zybang.com
issuer=/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4695 bytes and written 391 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 9F8C40B3549D53AF0E03CCAAA90CB5977D6D01FC928103FDF0074B1A36EDEBB9
    Session-ID-ctx: 
    Master-Key: 29A10E0C6FE780D2617C5470427E343E5348A042760F36903BD38FC8F5192E1ADE9DC865AC9CD99061E95EE57C18F569
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 50 bb 2f ff fb 6b a4 e1-7c db 6d 4c 62 39 f8 de   P./..k..|.mLb9..
    0010 - 26 1b 93 14 07 61 b5 9f-67 1e 30 26 58 7e a1 67   &....a..g.0&X~.g
    0020 - ac e3 7f d0 ad a7 17 72-c7 96 2f b3 c0 7b 46 d1   .......r../..{F.
    0030 - b7 e4 75 0e 01 18 bb 0d-d1 ad 77 38 0c 46 cc 8c   ..u.......w8.F..
    0040 - 35 71 cc cc 8f b4 0b cd-e0 b8 c7 b3 63 47 ab f9   5q..........cG..
    0050 - 5f 5d cc 5c f8 dd 26 75-59 e7 24 12 db a9 fb ba   _].\..&uY.$.....
    0060 - fe 71 2e 74 be d7 37 5f-3a c0 b2 15 12 2d 7f 48   .q.t..7_:....-.H
    0070 - 67 1a 43 1b 59 ef 1d db-63 b0 9a b6 4c e8 ea 76   g.C.Y...c...L..v
    0080 - 14 f1 16 0a d0 bb ac a7-6f 9b e5 7c 91 8f e9 44   ........o..|...D
    0090 - 34 23 a8 4f b2 63 05 b9-32 47 05 89 9b 7c 49 d3   4#.O.c..2G...|I.
    00a0 - 43 7f 0c 5e 16 4a 8d e7-2c ff 27 e4 69 4e c3 ba   C..^.J..,.'.iN..

    Start Time: 1726132430
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

mbedtls返回0x2700,握手失败的原因可能有:

1、mbedtls证书签名算法不支持导致,可以通过https://myssl.com/ 该网站查看证书相关信息

再检查mbedtls有没有开启对应的签名算法的宏

遇到困难睡大觉-
关注
专栏目录
MBedTLS v3.6.0 长期支持 (LTS) 版本
baron-周贺贺-代码改变世界ctw
06-06 218
Mbed TLS 项目已于 2024 年 3 月发布了 3.6.0 版本。该版本是一个长期支持 (LTS) 版本,将在未来 3 年内通过错误和安全修复进行维护。该版本包括几个新的功能增强,例如改进的多线程操作、TLS1.3 早期数据支持、AES 的 Armv8-A 加密扩展、Thumb 的 SHA-256(T32)等。从 Mbed TLS 2.28 长期支持(LTS)分支发布的 Mbed TLS 2.28.8 包含最新的错误修复和安全修复。请参阅发行说明以获取发行版中的完整更改列表。
Mbed TLS 编码规范
aggresss
05-18 1681
https://tls.mbed.org/kb/development/mbedtls-coding-standards
计算机网络 - mbed TLS
InfiniteYuan
03-19 1943
计算机网络 - mbed TLS计算机网络 - mbed TLS背景SSL库是做什么的?什么是SSL?为什么用mbed TLS?SSL/TLS之间的区别?SSL库的一部分?概述SSL/TLS 客户端和服务器加密库对称加密算法散列算法公钥随机数发生X.509 证书处理测试堆栈解释(Stack explanation)SSL/TLS 说明示例客户端添加安全通信设置SSL 连接SSL/TLS 配置读写数...
mbedtls学习4.mbedtls_RAM/ROM优化指南
芋圆_钰源
05-26 3886
MbedTLS RAM 和 ROM 资源占用优化指南 mbedtls 软件包采用了模块化的设计,可以使用 config.h 文件来进行功能模块的配置选择。 mbedtls 默认提供的 config.h 文件是一个通用的、全功能的配置,占用了非常大的 RAM 和 ROM 空间,但是保证了 SSL 握手和通讯的建立速度、稳定性、协议兼容性以及数据传输效率。但嵌入式设备受限于其有限的 RAM 和 ROM 空间,我们不得不牺牲速度来节省 RAM 空间,裁剪不需要的功能模块来降低 ROM 占用。 本优化指南,在保证
mbedtls安装的心路历程
ContikiNewer的博客
04-28 4014
此文是关于mbedtls的安装以及过程中所遇到问题的解决方法,妥妥的干货,发文记录是为了让安装mbedtls工具的朋友们能够少踩雷!!!!
MbedTLS中的Montgomery算法实现解析(三)
qq_43324702的博客
11-13 1094
MbedTLS中的Montgomery算法实现解析(三) 在前面的两篇博客中,我们详细讨论了Montgomery算法的数学原理以及MbedTLS中是如何快速求得-N-1(mod n)。在这一篇博客中,我们将探讨MbedTLS中的蒙哥马利约减(Montgomery reduction)和蒙哥马利模乘(Montgomery multiplication)是如何实现的。 在阅读本博客之前,建议先掌握MbedTLS的大数表示方式 蒙哥马利约减Montgomery reduction 在我们的数学推导中,蒙哥马利约减
SSL、TLS应用笔记
OnlyLove_的博客
03-15 433
SSL、TLS应用笔记
OpenHarmony源码分析之分布式软总线:mbed TLS库的应用
MNxiaona666的博客
09-18 1010
Mbed TLS 库旨在与现有(嵌入式)应用程序集成,并为安全通信、加密和密钥管理提供构建块。Mbed TLS 设计为尽可能松散耦合,允许您只集成您需要的部分,而无需其他部分的开销。这也导致 Mbed TLS 库的内存占用和构建占用非常低。通过消除系统中不需要的部件,您可以获得从低至 45 kB 到更典型的 300 kB 的构建大小,以实现功能更齐全的设置。
TLS握手及其报文详细分析,服务器视角
知识改变命运的博客
06-27 1381
TLS(传输层安全协议)握手是建立安全通信通道的关键过程。这个过程涉及客户端和服务器之间交换一系列消息,以协商加密算法、验证身份并生成会话密钥。以下是TLS握手过程及其报文的详细分析
mbedtls-2.3.0-gpl
10-16
开发者经常遇到编译问题,而mbedtls-2.3.0-gpl的出现,是为了解决这些编译错误,特别是当用户尝试更新或安装依赖mbedtls的软件包时。将这个版本的库放入"dl"目录,意味着它将作为编译过程的一部分,确保了兼容性和...
uwsc(日文自动化测试工具)
06-30
1. **脚本录制与回放**:它可能提供了一个用户友好的界面,允许测试人员记录他们的操作,并将其转化为可执行的测试脚本。这种功能使得非编程背景的人员也能创建自动化测试。 2. **测试用例管理**:uwsc可能支持创建...
TCP、UDP
weixin_64842400的博客
09-29 637
UDP 在传送数据之前不需要先建立连接。而提供的服务,在传送数据之前必须,数据传送结束后要。:远地主机在收到 UDP 报文后,不需要给出任何确认,并且。TCP 提供可靠的传输服务,TCP 在传递数据之前,会有三次握手来建立连接,而且在数据传递时,有确认、窗口、重传、拥塞控制机制。通过 TCP 连接传输的数据,无差错、不丢失、不重复、并且。:有状态说的是 TCP 会去记录自己发送消息的状态比如消息是否发送了、是否被接收了等等。为此 ,TCP 需要维持复杂的连接状态表。
【Linux网络】详解TCP协议(3)
m0_68617301的博客
09-28 765
1. 流量控制🎉博主首页:有趣的中国人🎉专栏首页:Linux网络🎉其它专栏:C++初阶 |C++进阶 |初阶数据结构小伙伴们大家好,本片文章将会讲解TCP的流量控制和滑动窗口的相关内容。您的支持是我最大的动力,让我们一起努力,共同成长!
獨立IP和共用IP有什麼區別?
ecommerce_Amazon的博客
09-29 500
獨立IP和共用IP有什麼區別。
如何给自己的平台搭建一个ip禁令系统
tmddj90274的博客
09-29 437
搭建一个IP禁令系统可以帮助你管理用户访问,阻止恶意用户或不合规行为。
【C语言系统编程】【第三部分:网络编程】3.1 套接字编程(TCP/UDP基础)
最新发布
10-03 1745
UDP(User Datagram Protocol)是一种无连接的协议,与面向连接的TCP不同,UDP更轻量、无需建立连接,因此常用于对时延要求高但不需要可靠传输的场景。在上述示例中,我们创建了一个支持 IPv6 的 TCP 套接字,并连接到支持 IPv6 的本地服务器的8080端口。在进行网络编程时,TCP(传输控制协议)是一种常见的选择,因其提供了可靠的、有序的、基于连接的数据传输服务。在上述示例中,我们创建了一个TCP种类的套接字,并连接到本地主机的8080端口。函数用于请求与指定服务器的连接。
雷池 WAF 如何配置才能正确获取到源 IP
homeposted的博客
09-29 993
经常有大哥反馈说雷池攻击日志里显示的 IP 有问题。 这里我来讲一下为什么一些情况下雷池显示的攻击 IP 会有问题。 问题说明
k8s架构,从clusterIP到光电半导体,再从clusterIP到企业管理
2401_84019227的博客
09-29 1099
daemonset控制器会立马用镜像重建一个新的kubeproxy的pod。kubeproxy的pod,由控制器daemonset来批量部署和维护。那么控制器就会自动在该节点新建一个kube-proxy的pod。由于k8s集群的实际负责计算的pod是分布式的在多个节点上的。总之单个节点的kube-proxy的pod掉线小几秒。因为kubeproxy的pod不是管理员手工去管理的。每个物理节点都有一个kube-proxy的pod。当一个节点上的kubeproxy的pod掉线了。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值