概述:

运行mbedtls自带  ssl demo的记录;

操作过程:

编译Demo,请看我专栏中的相关文章

先运行服务端程序,运行ssl_server.exe,运行结果如下:

mbedtls-3.2.1\mbedtls-3.2.1\programs\ssl> .\ssl_server.exe. Seeding the random number generator... ok. Loading the server cert. and key... ok. Bind on https://localhost:4433/ ... ok. Setting up the SSL data.... ok. Waiting for a remote connection ... ok. Performing the SSL/TLS handshake... ok< Read from client: 18 bytes readGET / HTTP/1.0> Write to client: 156 bytes writtenHTTP/1.0 200 OK
Content-Type: text/html<h2>mbed TLS Test Server</h2>
<p>Successful connection using: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256</p>. Closing the connection... ok. Waiting for a remote connection ... ok. Performing the SSL/TLS handshake... ok< Read from client: 18 bytes readGET / HTTP/1.0> Write to client: 156 bytes writtenHTTP/1.0 200 OK
Content-Type: text/html<h2>mbed TLS Test Server</h2>
<p>Successful connection using: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256</p>. Closing the connection... ok. Waiting for a remote connection ...

再运行服务端,ssl_client1.exe, 运行结果如下;

mbedtls-3.2.1\mbedtls-3.2.1\programs\ssl> .\ssl_client1.exe. Seeding the random number generator... ok. Loading the CA root certificate ... ok (0 skipped). Connecting to tcp/localhost/4433... ok. Setting up the SSL/TLS structure... ok. Performing the SSL/TLS handshake...ssl_client.c:0261: got supported group(001d)
ssl_client.c:0261: got supported group(0017)
ssl_client.c:0261: got supported group(0018)
ssl_client.c:0261: got supported group(001e)
ssl_client.c:0261: got supported group(0019)
ssl_client.c:0261: got supported group(001a)
ssl_client.c:0261: got supported group(001b)
ssl_client.c:0261: got supported group(001c)ok. Verifying peer X.509 certificate... ok> Write to server: 18 bytes writtenGET / HTTP/1.0< Read from server: 156 bytes readHTTP/1.0 200 OK
Content-Type: text/html<h2>mbed TLS Test Server</h2>
<p>Successful connection using: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256</p>
ssl_msg.c:3900: mbedtls_ssl_handle_message_type() returned -30848 (-0x7880)
ssl_msg.c:5472: mbedtls_ssl_read_record() returned -30848 (-0x7880)
PS D:\Drive\SynologyDrive\NFC\16_开源项目\mbedtls-3.2.1\mbedtls-3.2.1\programs\ssl> .\ssl_client1.exe. Seeding the random number generator... ok. Loading the CA root certificate ... ok (0 skipped). Connecting to tcp/localhost/4433... ok. Setting up the SSL/TLS structure... ok. Performing the SSL/TLS handshake...ssl_client.c:0261: got supported group(001d)
ssl_client.c:0261: got supported group(0017)
ssl_client.c:0261: got supported group(0018)
ssl_client.c:0261: got supported group(001e)
ssl_client.c:0261: got supported group(0019)
ssl_client.c:0261: got supported group(001a)
ssl_client.c:0261: got supported group(001b)
ssl_client.c:0261: got supported group(001c)ok. Verifying peer X.509 certificate... ok> Write to server: 18 bytes writtenGET / HTTP/1.0< Read from server: 156 bytes readHTTP/1.0 200 OK
Content-Type: text/html<h2>mbed TLS Test Server</h2>
<p>Successful connection using: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256</p>
ssl_msg.c:3900: mbedtls_ssl_handle_message_type() returned -30848 (-

抓取SSL过程分析:

使用wireshark 工具,可以实现抓包分析,抓取Demo的数据进行分析:

从抓包中可以看出,在进行完TCP连接后,进行了SSL连接过程:

Client Hello

Server Hell

Certification

Server key exchange

Server Hello done

Client Key exchange

Handshake 等操作

Demo代码:

贴出 client 端代码

int main( void )
{int ret = 1, len;int exit_code = MBEDTLS_EXIT_FAILURE;mbedtls_net_context server_fd;uint32_t flags;unsigned char buf[1024];const char *pers = "ssl_client1";mbedtls_entropy_context entropy;mbedtls_ctr_drbg_context ctr_drbg;mbedtls_ssl_context ssl;mbedtls_ssl_config conf;mbedtls_x509_crt cacert;#if defined(MBEDTLS_DEBUG_C)mbedtls_debug_set_threshold( DEBUG_LEVEL );
#endif/** 0. Initialize the RNG and the session data*/mbedtls_net_init( &server_fd );mbedtls_ssl_init( &ssl );mbedtls_ssl_config_init( &conf );mbedtls_x509_crt_init( &cacert );mbedtls_ctr_drbg_init( &ctr_drbg );mbedtls_printf( "\n  . Seeding the random number generator..." );fflush( stdout );mbedtls_entropy_init( &entropy );if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,(const unsigned char *) pers,strlen( pers ) ) ) != 0 ){mbedtls_printf( " failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret );goto exit;}mbedtls_printf( " ok\n" );/** 0. Initialize certificates*/mbedtls_printf( "  . Loading the CA root certificate ..." );fflush( stdout );ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,mbedtls_test_cas_pem_len );if( ret < 0 ){mbedtls_printf( " failed\n  !  mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );goto exit;}mbedtls_printf( " ok (%d skipped)\n", ret );/** 1. Start the connection*/mbedtls_printf( "  . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT );fflush( stdout );if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ){mbedtls_printf( " failed\n  ! mbedtls_net_connect returned %d\n\n", ret );goto exit;}mbedtls_printf( " ok\n" );/** 2. Setup stuff*/mbedtls_printf( "  . Setting up the SSL/TLS structure..." );fflush( stdout );if( ( ret = mbedtls_ssl_config_defaults( &conf,MBEDTLS_SSL_IS_CLIENT,MBEDTLS_SSL_TRANSPORT_STREAM,MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ){mbedtls_printf( " failed\n  ! mbedtls_ssl_config_defaults returned %d\n\n", ret );goto exit;}mbedtls_printf( " ok\n" );/* OPTIONAL is not optimal for security,* but makes interop easier in this simplified example */mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ){mbedtls_printf( " failed\n  ! mbedtls_ssl_setup returned %d\n\n", ret );goto exit;}if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 ){mbedtls_printf( " failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n", ret );goto exit;}mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );/** 4. Handshake*/mbedtls_printf( "  . Performing the SSL/TLS handshake..." );fflush( stdout );while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ){if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ){mbedtls_printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );goto exit;}}mbedtls_printf( " ok\n" );/** 5. Verify the server certificate*/mbedtls_printf( "  . Verifying peer X.509 certificate..." );/* In real life, we probably want to bail out when ret != 0 */if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ){
#if !defined(MBEDTLS_X509_REMOVE_INFO)char vrfy_buf[512];
#endifmbedtls_printf( " failed\n" );#if !defined(MBEDTLS_X509_REMOVE_INFO)mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), "  ! ", flags );mbedtls_printf( "%s\n", vrfy_buf );
#endif}elsembedtls_printf( " ok\n" );/** 3. Write the GET request*/mbedtls_printf( "  > Write to server:" );fflush( stdout );len = sprintf( (char *) buf, GET_REQUEST );while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 ){if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ){mbedtls_printf( " failed\n  ! mbedtls_ssl_write returned %d\n\n", ret );goto exit;}}len = ret;mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf );/** 7. Read the HTTP response*/mbedtls_printf( "  < Read from server:" );fflush( stdout );do{len = sizeof( buf ) - 1;memset( buf, 0, sizeof( buf ) );ret = mbedtls_ssl_read( &ssl, buf, len );if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )continue;if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )break;if( ret < 0 ){mbedtls_printf( "failed\n  ! mbedtls_ssl_read returned %d\n\n", ret );break;}if( ret == 0 ){mbedtls_printf( "\n\nEOF\n\n" );break;}len = ret;mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );}while( 1 );mbedtls_ssl_close_notify( &ssl );exit_code = MBEDTLS_EXIT_SUCCESS;exit:#ifdef MBEDTLS_ERROR_Cif( exit_code != MBEDTLS_EXIT_SUCCESS ){char error_buf[100];mbedtls_strerror( ret, error_buf, 100 );mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );}
#endifmbedtls_net_free( &server_fd );mbedtls_x509_crt_free( &cacert );mbedtls_ssl_free( &ssl );mbedtls_ssl_config_free( &conf );mbedtls_ctr_drbg_free( &ctr_drbg );mbedtls_entropy_free( &entropy );mbedtls_exit( exit_code );
}

Demo代码比较简单,

mbedtls 自带SSL demo调试相关推荐

  1. 运行mbedtls自带Demo ssl_client的记录

    概述: 运行mbedtls自带  ssl demo的记录: 操作过程: 编译Demo,请看我专栏中的相关文章 先运行服务端程序,运行ssl_server.exe,运行结果如下: mbedtls-3.2 ...

  2. 腾讯在线教育互动课堂——Demo调试过程记录

    官方文档地址:https://cloud.tencent.com/document/product/680/17888 "Demo调试"不像集成使用,不需要完全按照文档一步步处理, ...

  3. FreeSwitch(CentOs7.0)+WebRTC(web)+座机呼叫(带SSL注册证书)

    FreeSwitch(CentOs7.0)+WebRTC(web)+座机呼叫完成版带SSL注册证书 前言 1.freeswitch的安装,CentOS7原本yum安装起来比较慢,提倡更换yum源会快许 ...

  4. VS2015开发Android,自带模拟器无法调试、加载程序,算是坑吗

    VS2015出来后,确定变化很大,什么android.ios的,不在话下.对于我这样传统型的人,也第一时间试用了一下(vs2003->vs2008->vs2012->vs2015). ...

  5. Qt常用轮子合集(带使用Demo)

    公用轮子/API 主要存放全局变量,配置变量,一些公用方法代码 还有自定义日志,以及重定向输出Qt编译器信息到本地文件. 日志库 建以使用mvlog库就ok,跨平台通用库,简单的单例模式,同时可以重定 ...

  6. 支付宝手机网页支付java demo调试问题和解决办法

    在使用支付宝手机网页支付的时候遇到一些问题跟大家分享一下. 1.生成签名的时候,使用Base64加密时报错:DerInputStream.getLength():lengthTag = 127, to ...

  7. 基于最新版设备网络SDK集成海康摄像头之Java Demo调试运行教程

    Java Demo运行截图: 由于涉及到空间隐私,部分位置会打码. 设备网络SDK 设备网络SDK是基于硬件的SDK,是基于设备私有网络通信协议开发的,为后端设备(嵌入式网络硬盘录像机.视频服务器). ...

  8. 钉钉提示请勿通过开发者调试模式_钉钉开放平台demo调试异常问题解决:hostname in certificate didn't match...

    今天研究钉钉的开放平台,结果一个demo整了半天,这帮助系统写的也很难懂.遇到两个问题: 1.首先是执行demo时报unable to find valid certification path to ...

  9. 【002:带参宏调试】

    用于无法在线调试情况下的打印输出辅助(如单片机 ESP8266等调试) #define DE_OUT(format, ...) os_printf("\r\n File: %s Line: ...

  10. 移动端或ipad自带safari浏览器调试插件vConsole使用

    适用移动端浏览器调试,ipad的safari浏览器调试均可 方法一,使用CDN引入在index.html中 <script src="https://cdn.bootcss.com/v ...

最新文章

  1. VUE的本地应用-V- on
  2. python获取键盘输入能不能不按回车键_Github获8300星!用Python开发的一个命令行的网易云音乐...
  3. pythonturtle是标准库_Python标准库: turtle--海龟绘图。
  4. python绘制动态条形图_Python 绘图与可视化 matplotlib 动态条形图 bar
  5. Kubernetes 架构与设计
  6. mac php 403,mac下配置apache以及403问题
  7. java list 排序_java 对list进行排序
  8. [转]非模态对话框的特点与使用
  9. 搭建redis主从复制,遇到的问题总结
  10. linux内核nvme驱动程序,Linux中nvme驱动详解
  11. 网络出版服务许可证 你了解吗?
  12. IE设置每次打开时都清除缓存
  13. 实验吧——WEB-天下武功唯快不破
  14. CSS基础语法和盒模型
  15. python时间函数纳秒_python – 获取纳秒级精度的文件修改时间
  16. 露营不在朋友圈,快乐在诗和远方
  17. Linux之sudo自动输入密码
  18. 当梦想照进现实--Steve Nash
  19. win10怎么用计算机的搜索,win10搜索文件内容怎么操作_win10如何搜索文档内的内容...
  20. 设计模式六大原则(SOLID)

热门文章

  1. 一文了解常用效率记笔记软件(超过20款含有图片和双向链笔记)
  2. NI-VISA监听收发命令 同步或异步读写 示例C和C#源码National Instruments程控电源操作步骤安捷伦
  3. 个人朋友圈时代过去了,企业微信朋友圈开辟营销新思路
  4. 机器学习:XGBoost算法
  5. 浅谈数据挖掘与机器学习
  6. 公务员备考(十) 行测 资料分析
  7. matlab学生信息按成绩排列,基于Matlab的学生成绩综合分析
  8. Java8 Function 用法简介
  9. AR工业应用|企业中使用的7个增强现实创新案例|effiarAR工业云平台
  10. android adb 安装工具,adb工具安装apk到安卓手机