mbedtls 自带SSL demo调试
概述:
运行mbedtls自带 ssl demo的记录;
操作过程:
编译Demo,请看我专栏中的相关文章
先运行服务端程序,运行ssl_server.exe,运行结果如下:
mbedtls-3.2.1\mbedtls-3.2.1\programs\ssl> .\ssl_server.exe. Seeding the random number generator... ok. Loading the server cert. and key... ok. Bind on https://localhost:4433/ ... ok. Setting up the SSL data.... ok. Waiting for a remote connection ... ok. Performing the SSL/TLS handshake... ok< Read from client: 18 bytes readGET / HTTP/1.0> Write to client: 156 bytes writtenHTTP/1.0 200 OK
Content-Type: text/html<h2>mbed TLS Test Server</h2>
<p>Successful connection using: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256</p>. Closing the connection... ok. Waiting for a remote connection ... ok. Performing the SSL/TLS handshake... ok< Read from client: 18 bytes readGET / HTTP/1.0> Write to client: 156 bytes writtenHTTP/1.0 200 OK
Content-Type: text/html<h2>mbed TLS Test Server</h2>
<p>Successful connection using: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256</p>. Closing the connection... ok. Waiting for a remote connection ...
再运行服务端,ssl_client1.exe, 运行结果如下;
mbedtls-3.2.1\mbedtls-3.2.1\programs\ssl> .\ssl_client1.exe. Seeding the random number generator... ok. Loading the CA root certificate ... ok (0 skipped). Connecting to tcp/localhost/4433... ok. Setting up the SSL/TLS structure... ok. Performing the SSL/TLS handshake...ssl_client.c:0261: got supported group(001d)
ssl_client.c:0261: got supported group(0017)
ssl_client.c:0261: got supported group(0018)
ssl_client.c:0261: got supported group(001e)
ssl_client.c:0261: got supported group(0019)
ssl_client.c:0261: got supported group(001a)
ssl_client.c:0261: got supported group(001b)
ssl_client.c:0261: got supported group(001c)ok. Verifying peer X.509 certificate... ok> Write to server: 18 bytes writtenGET / HTTP/1.0< Read from server: 156 bytes readHTTP/1.0 200 OK
Content-Type: text/html<h2>mbed TLS Test Server</h2>
<p>Successful connection using: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256</p>
ssl_msg.c:3900: mbedtls_ssl_handle_message_type() returned -30848 (-0x7880)
ssl_msg.c:5472: mbedtls_ssl_read_record() returned -30848 (-0x7880)
PS D:\Drive\SynologyDrive\NFC\16_开源项目\mbedtls-3.2.1\mbedtls-3.2.1\programs\ssl> .\ssl_client1.exe. Seeding the random number generator... ok. Loading the CA root certificate ... ok (0 skipped). Connecting to tcp/localhost/4433... ok. Setting up the SSL/TLS structure... ok. Performing the SSL/TLS handshake...ssl_client.c:0261: got supported group(001d)
ssl_client.c:0261: got supported group(0017)
ssl_client.c:0261: got supported group(0018)
ssl_client.c:0261: got supported group(001e)
ssl_client.c:0261: got supported group(0019)
ssl_client.c:0261: got supported group(001a)
ssl_client.c:0261: got supported group(001b)
ssl_client.c:0261: got supported group(001c)ok. Verifying peer X.509 certificate... ok> Write to server: 18 bytes writtenGET / HTTP/1.0< Read from server: 156 bytes readHTTP/1.0 200 OK
Content-Type: text/html<h2>mbed TLS Test Server</h2>
<p>Successful connection using: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256</p>
ssl_msg.c:3900: mbedtls_ssl_handle_message_type() returned -30848 (-
抓取SSL过程分析:
使用wireshark 工具,可以实现抓包分析,抓取Demo的数据进行分析:
从抓包中可以看出,在进行完TCP连接后,进行了SSL连接过程:
Client Hello
Server Hell
Certification
Server key exchange
Server Hello done
Client Key exchange
Handshake 等操作
Demo代码:
贴出 client 端代码
int main( void )
{int ret = 1, len;int exit_code = MBEDTLS_EXIT_FAILURE;mbedtls_net_context server_fd;uint32_t flags;unsigned char buf[1024];const char *pers = "ssl_client1";mbedtls_entropy_context entropy;mbedtls_ctr_drbg_context ctr_drbg;mbedtls_ssl_context ssl;mbedtls_ssl_config conf;mbedtls_x509_crt cacert;#if defined(MBEDTLS_DEBUG_C)mbedtls_debug_set_threshold( DEBUG_LEVEL );
#endif/** 0. Initialize the RNG and the session data*/mbedtls_net_init( &server_fd );mbedtls_ssl_init( &ssl );mbedtls_ssl_config_init( &conf );mbedtls_x509_crt_init( &cacert );mbedtls_ctr_drbg_init( &ctr_drbg );mbedtls_printf( "\n . Seeding the random number generator..." );fflush( stdout );mbedtls_entropy_init( &entropy );if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,(const unsigned char *) pers,strlen( pers ) ) ) != 0 ){mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );goto exit;}mbedtls_printf( " ok\n" );/** 0. Initialize certificates*/mbedtls_printf( " . Loading the CA root certificate ..." );fflush( stdout );ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,mbedtls_test_cas_pem_len );if( ret < 0 ){mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", (unsigned int) -ret );goto exit;}mbedtls_printf( " ok (%d skipped)\n", ret );/** 1. Start the connection*/mbedtls_printf( " . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT );fflush( stdout );if( ( ret = mbedtls_net_connect( &server_fd, SERVER_NAME,SERVER_PORT, MBEDTLS_NET_PROTO_TCP ) ) != 0 ){mbedtls_printf( " failed\n ! mbedtls_net_connect returned %d\n\n", ret );goto exit;}mbedtls_printf( " ok\n" );/** 2. Setup stuff*/mbedtls_printf( " . Setting up the SSL/TLS structure..." );fflush( stdout );if( ( ret = mbedtls_ssl_config_defaults( &conf,MBEDTLS_SSL_IS_CLIENT,MBEDTLS_SSL_TRANSPORT_STREAM,MBEDTLS_SSL_PRESET_DEFAULT ) ) != 0 ){mbedtls_printf( " failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret );goto exit;}mbedtls_printf( " ok\n" );/* OPTIONAL is not optimal for security,* but makes interop easier in this simplified example */mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_OPTIONAL );mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ){mbedtls_printf( " failed\n ! mbedtls_ssl_setup returned %d\n\n", ret );goto exit;}if( ( ret = mbedtls_ssl_set_hostname( &ssl, SERVER_NAME ) ) != 0 ){mbedtls_printf( " failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret );goto exit;}mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );/** 4. Handshake*/mbedtls_printf( " . Performing the SSL/TLS handshake..." );fflush( stdout );while( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ){if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ){mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );goto exit;}}mbedtls_printf( " ok\n" );/** 5. Verify the server certificate*/mbedtls_printf( " . Verifying peer X.509 certificate..." );/* In real life, we probably want to bail out when ret != 0 */if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ){
#if !defined(MBEDTLS_X509_REMOVE_INFO)char vrfy_buf[512];
#endifmbedtls_printf( " failed\n" );#if !defined(MBEDTLS_X509_REMOVE_INFO)mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );mbedtls_printf( "%s\n", vrfy_buf );
#endif}elsembedtls_printf( " ok\n" );/** 3. Write the GET request*/mbedtls_printf( " > Write to server:" );fflush( stdout );len = sprintf( (char *) buf, GET_REQUEST );while( ( ret = mbedtls_ssl_write( &ssl, buf, len ) ) <= 0 ){if( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ){mbedtls_printf( " failed\n ! mbedtls_ssl_write returned %d\n\n", ret );goto exit;}}len = ret;mbedtls_printf( " %d bytes written\n\n%s", len, (char *) buf );/** 7. Read the HTTP response*/mbedtls_printf( " < Read from server:" );fflush( stdout );do{len = sizeof( buf ) - 1;memset( buf, 0, sizeof( buf ) );ret = mbedtls_ssl_read( &ssl, buf, len );if( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE )continue;if( ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY )break;if( ret < 0 ){mbedtls_printf( "failed\n ! mbedtls_ssl_read returned %d\n\n", ret );break;}if( ret == 0 ){mbedtls_printf( "\n\nEOF\n\n" );break;}len = ret;mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );}while( 1 );mbedtls_ssl_close_notify( &ssl );exit_code = MBEDTLS_EXIT_SUCCESS;exit:#ifdef MBEDTLS_ERROR_Cif( exit_code != MBEDTLS_EXIT_SUCCESS ){char error_buf[100];mbedtls_strerror( ret, error_buf, 100 );mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf );}
#endifmbedtls_net_free( &server_fd );mbedtls_x509_crt_free( &cacert );mbedtls_ssl_free( &ssl );mbedtls_ssl_config_free( &conf );mbedtls_ctr_drbg_free( &ctr_drbg );mbedtls_entropy_free( &entropy );mbedtls_exit( exit_code );
}
Demo代码比较简单,
mbedtls 自带SSL demo调试相关推荐
- 运行mbedtls自带Demo ssl_client的记录
概述: 运行mbedtls自带 ssl demo的记录: 操作过程: 编译Demo,请看我专栏中的相关文章 先运行服务端程序,运行ssl_server.exe,运行结果如下: mbedtls-3.2 ...
- 腾讯在线教育互动课堂——Demo调试过程记录
官方文档地址:https://cloud.tencent.com/document/product/680/17888 "Demo调试"不像集成使用,不需要完全按照文档一步步处理, ...
- FreeSwitch(CentOs7.0)+WebRTC(web)+座机呼叫(带SSL注册证书)
FreeSwitch(CentOs7.0)+WebRTC(web)+座机呼叫完成版带SSL注册证书 前言 1.freeswitch的安装,CentOS7原本yum安装起来比较慢,提倡更换yum源会快许 ...
- VS2015开发Android,自带模拟器无法调试、加载程序,算是坑吗
VS2015出来后,确定变化很大,什么android.ios的,不在话下.对于我这样传统型的人,也第一时间试用了一下(vs2003->vs2008->vs2012->vs2015). ...
- Qt常用轮子合集(带使用Demo)
公用轮子/API 主要存放全局变量,配置变量,一些公用方法代码 还有自定义日志,以及重定向输出Qt编译器信息到本地文件. 日志库 建以使用mvlog库就ok,跨平台通用库,简单的单例模式,同时可以重定 ...
- 支付宝手机网页支付java demo调试问题和解决办法
在使用支付宝手机网页支付的时候遇到一些问题跟大家分享一下. 1.生成签名的时候,使用Base64加密时报错:DerInputStream.getLength():lengthTag = 127, to ...
- 基于最新版设备网络SDK集成海康摄像头之Java Demo调试运行教程
Java Demo运行截图: 由于涉及到空间隐私,部分位置会打码. 设备网络SDK 设备网络SDK是基于硬件的SDK,是基于设备私有网络通信协议开发的,为后端设备(嵌入式网络硬盘录像机.视频服务器). ...
- 钉钉提示请勿通过开发者调试模式_钉钉开放平台demo调试异常问题解决:hostname in certificate didn't match...
今天研究钉钉的开放平台,结果一个demo整了半天,这帮助系统写的也很难懂.遇到两个问题: 1.首先是执行demo时报unable to find valid certification path to ...
- 【002:带参宏调试】
用于无法在线调试情况下的打印输出辅助(如单片机 ESP8266等调试) #define DE_OUT(format, ...) os_printf("\r\n File: %s Line: ...
- 移动端或ipad自带safari浏览器调试插件vConsole使用
适用移动端浏览器调试,ipad的safari浏览器调试均可 方法一,使用CDN引入在index.html中 <script src="https://cdn.bootcss.com/v ...
最新文章
- VUE的本地应用-V- on
- python获取键盘输入能不能不按回车键_Github获8300星!用Python开发的一个命令行的网易云音乐...
- pythonturtle是标准库_Python标准库: turtle--海龟绘图。
- python绘制动态条形图_Python 绘图与可视化 matplotlib 动态条形图 bar
- Kubernetes 架构与设计
- mac php 403,mac下配置apache以及403问题
- java list 排序_java 对list进行排序
- [转]非模态对话框的特点与使用
- 搭建redis主从复制,遇到的问题总结
- linux内核nvme驱动程序,Linux中nvme驱动详解
- 网络出版服务许可证 你了解吗?
- IE设置每次打开时都清除缓存
- 实验吧——WEB-天下武功唯快不破
- CSS基础语法和盒模型
- python时间函数纳秒_python – 获取纳秒级精度的文件修改时间
- 露营不在朋友圈,快乐在诗和远方
- Linux之sudo自动输入密码
- 当梦想照进现实--Steve Nash
- win10怎么用计算机的搜索,win10搜索文件内容怎么操作_win10如何搜索文档内的内容...
- 设计模式六大原则(SOLID)
热门文章
- 一文了解常用效率记笔记软件(超过20款含有图片和双向链笔记)
- NI-VISA监听收发命令 同步或异步读写 示例C和C#源码National Instruments程控电源操作步骤安捷伦
- 个人朋友圈时代过去了,企业微信朋友圈开辟营销新思路
- 机器学习:XGBoost算法
- 浅谈数据挖掘与机器学习
- 公务员备考(十) 行测 资料分析
- matlab学生信息按成绩排列,基于Matlab的学生成绩综合分析
- Java8 Function 用法简介
- AR工业应用|企业中使用的7个增强现实创新案例|effiarAR工业云平台
- android adb 安装工具,adb工具安装apk到安卓手机