0x2180 证书格式无效,可以检查证书的格式是否正确,或传入的证书长度是否正确
mbedtls_x509_crt_parse-》mbedtls_x509_crt_parse_der-》x509_crt_parse_der_core-》mbedtls_x509_get_sig_alg-》return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret );
所以262e就是MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND = 0x2600 + 0x2e
openssl s_client -connect iot-api.zybang.com:443
这条命令的意思是使用 OpenSSL 的 s_client 工具与 iot-api.zybang.com 这个主机的 443 端口建立 SSL/TLS 连接
rc@ubuntu:~$ openssl s_client -connect iot-api.zybang.com:443
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
verify return:1
depth=1 C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia RSA DV TLS CA G2
verify return:1
depth=0 CN = *.zuoyebang.com
verify return:1
---
Certificate chain0 s:/CN=*.zuoyebang.comi:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G21 s:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services2 s:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Servicesi:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGeDCCBOCgAwIBAgIRAOJKOAEF6SYgsd3jH0j/EWcwDQYJKoZIhvcNAQEMBQAw
WTELMAkGA1UEBhMCQ04xJTAjBgNVBAoTHFRydXN0QXNpYSBUZWNobm9sb2dpZXMs
IEluYy4xIzAhBgNVBAMTGlRydXN0QXNpYSBSU0EgRFYgVExTIENBIEcyMB4XDTI0
MDExNTAwMDAwMFoXDTI1MDIxMzIzNTk1OVowGjEYMBYGA1UEAwwPKi56dW95ZWJh
bmcuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwT03K2OgJ9wX
vacAP/L/V0RpnjXiw5sw1q/3CaieAu/0ZekooKgg3VBAqnvA10hyJ03iPkU9YmBv
JcWlkYLrjX2NUEl8Jrk7gY4qdEsN/bJZrDHI0g5HZZ0Vpx0IStmfOU0PAtbUVkTD
Tk21PO6ebazhNvJEJkvFIZFLT1GCBLyPjhMnkXrnXcUBYVjxdQ1ktLyGuUPMu6/S
rhc5sc7iHTngFysSTamSmNO8kqsVd4pdyR84J+SPky6lqHdHGtIHx01ywNyR1T/5
nr0K/VH/ucoTlrKo7wzQCEubHqD9djWwjy57IlyjFCKWPFiDnGidUrEDZj/hxOgP
dzKCTRW3xQIDAQABo4IC+DCCAvQwHwYDVR0jBBgwFoAUXzp8ERB+DGdxYdyLo7UA
A2f1VxwwHQYDVR0OBBYEFOntymGjbzrMAMpXeTGqbFehX9HcMA4GA1UdDwEB/wQE
AwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIxMCUwIwYIKwYBBQUHAgEWF2h0dHBz
Oi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATB9BggrBgEFBQcBAQRxMG8wQgYI
KwYBBQUHMAKGNmh0dHA6Ly9jcnQudHJ1c3QtcHJvdmlkZXIuY24vVHJ1c3RBc2lh
UlNBRFZUTFNDQUcyLmNydDApBggrBgEFBQcwAYYdaHR0cDovL29jc3AudHJ1c3Qt
cHJvdmlkZXIuY24wKQYDVR0RBCIwIIIPKi56dW95ZWJhbmcuY29tgg16dW95ZWJh
bmcuY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgAdQDPEVbu1S58r/OHW9lp
LpvpGnFnSrAX7KwB0lt3zsw7CAAAAY0L8rcYAAAEAwBGMEQCIH75arYOOMVtcx1m
lZy4J3ojxO/iEPixG2m8t3Xmb9arAiA1QEBZ3hQko3stOAh6G2IJ9pgAJ1GlQdSU
UjPx5XhS6wB3AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABjQvy
t1EAAAQDAEgwRgIhAKubiEa95sDGWBPxPnn2uyU2wDjfIE0At9f8N9FmH44HAiEA
7r/jApmT4TCjPR0aFZvapiYfKcIxBGcrKAfv93N1OhYAdgBOdaMnXJoQwzhbbNTf
P1LrHfDgjhuNacCx+mSxYpo53wAAAY0L8ra5AAAEAwBHMEUCIQCxN6RrXb/6vpqF
jql2NIwKilHmqMp71dGmy03Crih7EwIgJBlb2PAAJ8MeeAjBxD9SaqrOgaLsiTpF
6Bcd68FkVqkwDQYJKoZIhvcNAQEMBQADggGBAJlTUe1x+Wy5ufuwh6/QpvrYxFVg
TiOccpbCcZK6uJLd2eqKbmgyy2Qq60pohdL70u3mDVPhDc1grw7vRV6kiy7MRYUb
k12n3ctMXT+vgJNid70x4tUc1d4Yu1dyjRRCmbY9AHUUFwm5JT9t1W/l0zBVrTEl
fkLkY6SeUt0EJiFatW09dpvpqjS+rSKJs9pZpsWiqCKMX9NZRcamAFkDEha3cOrW
V/6/JE6Z4nu74y936aEQoquf0jtU+6lgxuNvY69q2I1DYMjGSUhI0MP1x5dSy7rl
LW8geoeGI8aeUmt+/5TBQdAPv7r4mOXlSnDYUVLjIviGc3TgE6XSFYT9Jwca4kCw
GP8e13/tPdhycOHjgvizGRD1bvUuyB7tn7ssT/kguns5PhdqqN6x5AFq2YEHg43b
UwZ+kboCew5gd0+l7C5qssGG1IT428487YFslww8eYwnSICiL64fhqaWT8pZBSxb
z4gc0fxMbFVMrJG6ySW188I0HD4TES1lQqnl7g==
-----END CERTIFICATE-----
subject=/CN=*.zuoyebang.com
issuer=/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4705 bytes and written 391 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:Protocol : TLSv1.2Cipher : ECDHE-RSA-AES128-GCM-SHA256Session-ID: 7C7304770486A9E00751B6E4B5CF73D0221F56307EADB991A1817B4D6D095232Session-ID-ctx: Master-Key: A6073704EF9D44DAB2AE721F9970F0AAEDE8EAFDF743C57CFA52E2BAD6D8DBCE667A482D11DF3DF6DB11C826E7E5E0CCKey-Arg : NonePSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 100800 (seconds)TLS session ticket:0000 - 50 bb 2f ff fb 6b a4 e1-7c db 6d 4c 62 39 f8 de P./..k..|.mLb9..0010 - 12 7d ef 72 48 84 d0 e4-4a e2 eb 31 4c 56 50 cd .}.rH...J..1LVP.0020 - 9e 06 ea e9 ed 81 b7 02-b8 e2 df f2 1d cf 9c c2 ................0030 - 4f c2 51 03 80 77 40 76-e6 8b 29 67 95 48 40 ba O.Q..w@v..)g.H@.0040 - 6a cd 19 3a 40 b7 dd 8d-1d 6f 70 5c d8 b9 89 a2 j..:@....op\....0050 - 4e 31 7a 59 35 ca 3b 24-83 5f fe 60 86 d7 a4 ba N1zY5.;$._.`....0060 - 25 69 0a 11 9a 08 2c 73-40 4a 2d cb 99 2a 68 94 %i....,s@J-..*h.0070 - 20 00 2c a3 bd dc 16 81-58 f5 3e 5e 99 d8 e9 81 .,.....X.>^....0080 - 73 4d 50 b0 01 87 00 c5-47 96 35 2c 96 8c 1c e2 sMP.....G.5,....0090 - 91 4b 69 fc 2c 39 8d 92-be ca 69 37 8b 45 1f b7 .Ki.,9....i7.E..00a0 - 58 63 66 9f 78 e7 0b 9e-05 b5 43 a4 88 36 b4 22 Xcf.x.....C..6."Start Time: 1726113355Timeout : 300 (sec)Verify return code: 0 (ok)
---以下是对这段输出的逐步解释:1. `CONNECTED(00000003)`: 表示成功建立与 `iot-api.zybang.com:443` 的连接。2. 证书链的深度和相关信息:- 显示了证书链中各个证书的颁发者(issuer)和主体(subject)信息。- 深度为 2 的证书由 `Comodo CA Limited` 颁发。- 深度为 1 的证书由 `TrustAsia Technologies, Inc.` 颁发。- 深度为 0 的证书主体是 `*.zuoyebang.com` 。3. 服务器证书的详细信息:- 包括证书的版本、序列号、颁发者、主体、有效期等。4. 关于客户端证书:- `No client certificate CA names sent` 表示没有发送客户端证书的 CA 名称。5. 有关密钥和加密的信息:- 例如服务器使用的临时密钥(Server Temp Key)、协商的密码套件(Cipher)等。6. SSL 握手的信息:- 包括读取和写入的字节数。7. SSL 会话的详细信息:- 协议版本(TLSv1.2)、密码套件(ECDH-RSA-AES128-GCM-SHA256)、会话 ID 等。- `Verify return code: 0 (ok)` 表示证书验证成功。总的来说,这段输出提供了关于与 `iot-api.zybang.com:443` 建立 SSL/TLS 连接的详细信息,包括证书链、密钥交换、密码套件和会话参数等,并且最终的证书验证结果是成功的。
-showcerts 选项会指示 openssl s_client 不仅获取服务器证书,还获取并显示整个证书链
rc@ubuntu:~$ openssl s_client -connect iot-api.zybang.com:443 -showcerts
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
verify return:1
depth=1 C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia RSA DV TLS CA G2
verify return:1
depth=0 CN = *.zybang.com
verify return:1
---
Certificate chain0 s:/CN=*.zybang.comi:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
-----BEGIN CERTIFICATE-----
MIIGbjCCBNagAwIBAgIQJ0mgvvGfIeKs4pfCRFOxzDANBgkqhkiG9w0BAQwFADBZ
MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg
SW5jLjEjMCEGA1UEAxMaVHJ1c3RBc2lhIFJTQSBEViBUTFMgQ0EgRzIwHhcNMjMx
MTA2MDAwMDAwWhcNMjQxMjA1MjM1OTU5WjAXMRUwEwYDVQQDDAwqLnp5YmFuZy5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwwEHVEqnq8yt4BEgn
lMJ5KIfCfvJQ375JdJ4DW5lFvEUtSL6pRsbsRclQjbnee3jcf0U9FhAYm/tWBEM7
KwB6Nsuj4ESg9EaHzb5qxisZDghHBzScq9DT49poiA6ZG7Yl+VrI38bFnugYb/CZ
drMF+oN02Rnq3N19JZBmf0+bFIi6KjDrATHmNjAOnVHXQi4c1e4hEiUb8fWEsvQI
QT3rSDvVtR10uumwaM/6I7NvZ5LpZMBV2iN/apeRERVxXVLg6afVYjaE2jpK9YDG
ZHbL7lb9iPyquRvqiBfhev0QORCERBIaNyVPcmFlkzxJtxQhmYAsrFaHyFXx1RkT
ttzXAgMBAAGjggLyMIIC7jAfBgNVHSMEGDAWgBRfOnwREH4MZ3Fh3IujtQADZ/VX
HDAdBgNVHQ4EFgQUfMYj6IU6sLDHljLuQuVJ+9TJS98wDgYDVR0PAQH/BAQDAgWg
MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkG
A1UdIARCMEAwNAYLKwYBBAGyMQECAjEwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9z
ZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMH0GCCsGAQUFBwEBBHEwbzBCBggrBgEF
BQcwAoY2aHR0cDovL2NydC50cnVzdC1wcm92aWRlci5jbi9UcnVzdEFzaWFSU0FE
VlRMU0NBRzIuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC50cnVzdC1wcm92
aWRlci5jbjAjBgNVHREEHDAaggwqLnp5YmFuZy5jb22CCnp5YmFuZy5jb20wggF+
BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AHb/iD8KtvuVUcJhzPWHujS0pM27Kdxo
Qgqf5mdMWjp0AAABi6MJrvkAAAQDAEcwRQIhAJzp0qu6M5paopXz2jtNtXP96NkN
UXTjGPyYlQp1//myAiBjKNfgX8eUeROrowkxElJsA/ux7gaM0E+i4JD7GtY0DwB2
AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABi6MJr4UAAAQDAEcw
RQIgcu6gu8uxv2L4gZkXKjjd9e0dPwGUVnFrHHm4AotwYpECIQDB48eKTUp97PFF
stj6exR8bL0xZRPDBgwAA8jyuEFQBAB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOze
w1FIWUZxH7WbAAABi6MJryEAAAQDAEcwRQIhAIs5SrMTzc0zbo40FTg3rfu2TQ17
aWUAFoeQAnJWxWRvAiAnaKfK0Vvim8SIruUagSM+MBTQRvvwINi9oixDsKny/zAN
BgkqhkiG9w0BAQwFAAOCAYEAkPj68EAVM/8MQH2VszGkIs1h9r9mPYVVEg25Olsu
MpN7UTI4/wpscGLasAqBpxqMhPZ9OCc7NTEgMPevjv00otPeaUBpb9zF7noBbZ+d
ZnnyLp9lvIfjOeHg6z/swsx6JBB2OTkmtHHglrW+1+CLg+5ZXuFGV0kGT55/iLii
Z03pvUkVrkhiwVQcPJFDZjyQG8HY31XBHbC7PyauUnsnXnlDc2qTia+6IMSs1RvV
VGMO72CvElaLN/Upb0kDagOxqM6ZixV1O0n+05bCh5Ad+WuO2Uh2uFN6XsUzJXwg
typSYOebBNh3rm5GHxSlcQcZj8AFw1gbd4RVNPo29ULPshijW0MFTxTAm8Z4vLgz
FPbuizkVtpMkW67z9fNXe4CQ3aKE1w8esw4qgpdZ+pZkN3ItCPIGA4Fw0YnDFBLe
AX0hzw31MXWk3nMWDCkJciGdmtkhuX308iq24o+syp8xQyh7bW6swB3r9ZHs3UWO
QOfnDPEUGSjdOZyaCGMAAzai
-----END CERTIFICATE-----1 s:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIRALIM7VUuMaC/NDp1KHQ76aswDQYJKoZIhvcNAQELBQAw
ezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczAeFw0yMjAxMTAwMDAwMDBaFw0y
ODEyMzEyMzU5NTlaMFkxCzAJBgNVBAYTAkNOMSUwIwYDVQQKExxUcnVzdEFzaWEg
VGVjaG5vbG9naWVzLCBJbmMuMSMwIQYDVQQDExpUcnVzdEFzaWEgUlNBIERWIFRM
UyBDQSBHMjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKjGDe0GSaBs
Yl/VhMaTM6GhfR1TAt4mrhN8zfAMwEfLZth+N2ie5ULbW8YvSGzhqkDhGgSBlafm
qq05oeESrIJQyz24j7icGeGyIZ/jIChOOvjt4M8EVi3O0Se7E6RAgVYcX+QWVp5c
Sy+l7XrrtL/pDDL9Bngnq/DVfjCzm5ZYUb1PpyvYTP7trsV+yYOCNmmwQvB4yVjf
IIpHC1OcsPBntMUGeH1Eja4D+qJYhGOxX9kpa+2wTCW06L8T6OhkpJWYn5JYiht5
8exjAR7b8Zi3DeG9oZO5o6Qvhl3f8uGU8lK1j9jCUN/18mI/5vZJ76i+hsgdlfZB
Rh5lmAQjD80M9TY+oD4MYUqB5XrigPfFAUwXFGehhlwCVw7y6+5kpbq/NpvM5Ba8
SeQYUUuMA8RXpTtGlrrTPqJryfa55hTuX/ThhX4gcCVkbyujo0CYr+Uuc14IOyNY
1fD0/qORbllbgV41wiy/2ZUWZQUodqHWkjT1CwIMbQOY5jmrSYGBwwIDAQABo4IB
JjCCASIwHwYDVR0jBBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYDVR0OBBYE
FF86fBEQfgxncWHci6O1AANn9VccMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8E
CDAGAQH/AgEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAiBgNVHSAE
GzAZMA0GCysGAQQBsjEBAgIxMAgGBmeBDAECATBDBgNVHR8EPDA6MDigNqA0hjJo
dHRwOi8vY3JsLmNvbW9kb2NhLmNvbS9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNy
bDA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmNvbW9k
b2NhLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEAHMUom5cxIje2IiFU7mOCsBr2F6CY
eU5cyfQ/Aep9kAXYUDuWsaT85721JxeXFYkf4D/cgNd9+hxT8ZeDOJrn+ysqR7NO
2K9AdqTdIY2uZPKmvgHOkvH2gQD6jc05eSPOwdY/10IPvmpgUKaGOa/tyygL8Og4
3tYyoHipMMnS4OiYKakDJny0XVuchIP7ZMKiP07Q3FIuSS4omzR77kmc75/6Q9dP
v4wa90UCOn1j6r7WhMmX3eT3Gsdj3WMe9bYD0AFuqa6MDyjIeXq08mVGraXiw73s
Zale8OMckn/BU3O/3aFNLHLfET2H2hT6Wb3nwxjpLIfXmSVcVd8A58XH0g==
-----END CERTIFICATE-----2 s:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Servicesi:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
YXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAwMFoXDTI4MTIzMTIzNTk1OVowezEL
MAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UE
BwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNVBAMM
GEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQua
BtDFcCLNSS1UY8y2bmhGC1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe
3M/vg4aijJRPn2jymJBGhCfHdr/jzDUsi14HZGWCwEiwqJH5YZ92IFCokcdmtet4
YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszWY19zjNoFmag4qMsXeDZR
rOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjHYpy+g8cm
ez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQU
oBEKIz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wewYDVR0fBHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20v
QUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29t
b2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2VzLmNybDANBgkqhkiG9w0BAQUF
AAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm7l3sAg9g1o1Q
GE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2
G9w84FoVxp7Z8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsi
l2D4kF501KKaU73yqWjgom7C12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3
smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=*.zybang.com
issuer=/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4695 bytes and written 391 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:Protocol : TLSv1.2Cipher : ECDHE-RSA-AES128-GCM-SHA256Session-ID: 03E19C65CC4B448451945B5043C7205B61A89A79E14CE52C6D4579540A25E5FESession-ID-ctx: Master-Key: E421097FBFF6CE69B7EDEB248B064509AB5E7F31157940A89AA50064653D183C75E251DA1A2F41BB7ED4647147AB90D9Key-Arg : NonePSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 300 (seconds)TLS session ticket:0000 - 46 6a 64 6c 39 33 69 4c-35 6d 55 35 54 66 37 38 Fjdl93iL5mU5Tf780010 - b5 94 1a 2a 60 54 3e 88-03 67 fb 11 d4 c2 ee aa ...*`T>..g......0020 - 01 f8 33 07 26 96 53 60-12 3a 41 99 a4 1b 15 5b ..3.&.S`.:A....[0030 - ef 14 91 96 d2 d6 1c 85-e8 6d 49 c5 ae e3 aa 73 .........mI....s0040 - 81 e5 02 32 a7 c3 97 70-7e ee ef f5 83 ca 82 a6 ...2...p~.......0050 - df 35 5e 3f 5e 21 3e a2-a7 53 92 9d 7f 18 de 00 .5^?^!>..S......0060 - 4b 14 f6 e8 1e b8 cc 80-52 40 7d 7c 10 46 d3 77 K.......R@}|.F.w0070 - 11 35 c3 56 0a cc a5 55-c1 82 af bf 47 df 69 39 .5.V...U....G.i90080 - 62 8f dc 4d 73 66 12 44-28 e3 da 00 80 b6 f2 0b b..Msf.D(.......0090 - 22 82 a9 ac c2 61 ff 50-ce 37 5c 32 33 29 3f 3a "....a.P.7\23)?:00a0 - 98 49 8c a9 ff 86 27 b5-b2 2f 8d 8f 01 29 b2 cf .I....'../...)..Start Time: 1726120470Timeout : 300 (sec)Verify return code: 0 (ok)
---
mbedtls如何设置缓冲大小:
在mbedtls_ssl_setup函数中会设置
路径 mbedtls-2.16.0\mbedtls\ssl.h
/** Maximum fragment length in bytes,* determines the size of each of the two internal I/O buffers.** Note: the RFC defines the default size of SSL / TLS messages. If you* change the value here, other clients / servers may not be able to* communicate with you anymore. Only change this value if you control* both sides of the connection and have it reduced at both sides, or* if you're using the Max Fragment Length extension and you know all your* peers are using it too!*/
#if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN)
// #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */
#define MBEDTLS_SSL_MAX_CONTENT_LEN 32768 /**< Size of the input / output buffer */
#endif#if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN //接收数据的输入缓冲区的长度,用于存储接收到的 SSL/TLS 数据
#endif#if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN //发送数据的输出缓冲区的长度,用于存储要发送的 SSL/TLS 数据。
#endif在 openssl 中,您可以使用 s_client 工具并通过 -CAfile 选项传入信任的根证书文件来进行证书校验。
rc@ubuntu:~$ ls
bin core Desktop Documents Downloads examples.desktop Music Pictures Public Python-3.7.7 Python-3.7.7.tgz repo_git share Templates Videos vscode-cpptools zyb.pem
rc@ubuntu:~$
rc@ubuntu:~$
rc@ubuntu:~$
rc@ubuntu:~$
rc@ubuntu:~$ openssl s_client -connect iot-api.zybang.com:443 -CAfile ./zyb.pem
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
verify return:1
depth=1 C = CN, O = "TrustAsia Technologies, Inc.", CN = TrustAsia RSA DV TLS CA G2
verify return:1
depth=0 CN = *.zybang.com
verify return:1
---
Certificate chain0 s:/CN=*.zybang.comi:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G21 s:/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2i:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services2 s:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Servicesi:/C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGbjCCBNagAwIBAgIQJ0mgvvGfIeKs4pfCRFOxzDANBgkqhkiG9w0BAQwFADBZ
MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg
SW5jLjEjMCEGA1UEAxMaVHJ1c3RBc2lhIFJTQSBEViBUTFMgQ0EgRzIwHhcNMjMx
MTA2MDAwMDAwWhcNMjQxMjA1MjM1OTU5WjAXMRUwEwYDVQQDDAwqLnp5YmFuZy5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwwEHVEqnq8yt4BEgn
lMJ5KIfCfvJQ375JdJ4DW5lFvEUtSL6pRsbsRclQjbnee3jcf0U9FhAYm/tWBEM7
KwB6Nsuj4ESg9EaHzb5qxisZDghHBzScq9DT49poiA6ZG7Yl+VrI38bFnugYb/CZ
drMF+oN02Rnq3N19JZBmf0+bFIi6KjDrATHmNjAOnVHXQi4c1e4hEiUb8fWEsvQI
QT3rSDvVtR10uumwaM/6I7NvZ5LpZMBV2iN/apeRERVxXVLg6afVYjaE2jpK9YDG
ZHbL7lb9iPyquRvqiBfhev0QORCERBIaNyVPcmFlkzxJtxQhmYAsrFaHyFXx1RkT
ttzXAgMBAAGjggLyMIIC7jAfBgNVHSMEGDAWgBRfOnwREH4MZ3Fh3IujtQADZ/VX
HDAdBgNVHQ4EFgQUfMYj6IU6sLDHljLuQuVJ+9TJS98wDgYDVR0PAQH/BAQDAgWg
MAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkG
A1UdIARCMEAwNAYLKwYBBAGyMQECAjEwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9z
ZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQIBMH0GCCsGAQUFBwEBBHEwbzBCBggrBgEF
BQcwAoY2aHR0cDovL2NydC50cnVzdC1wcm92aWRlci5jbi9UcnVzdEFzaWFSU0FE
VlRMU0NBRzIuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC50cnVzdC1wcm92
aWRlci5jbjAjBgNVHREEHDAaggwqLnp5YmFuZy5jb22CCnp5YmFuZy5jb20wggF+
BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AHb/iD8KtvuVUcJhzPWHujS0pM27Kdxo
Qgqf5mdMWjp0AAABi6MJrvkAAAQDAEcwRQIhAJzp0qu6M5paopXz2jtNtXP96NkN
UXTjGPyYlQp1//myAiBjKNfgX8eUeROrowkxElJsA/ux7gaM0E+i4JD7GtY0DwB2
AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABi6MJr4UAAAQDAEcw
RQIgcu6gu8uxv2L4gZkXKjjd9e0dPwGUVnFrHHm4AotwYpECIQDB48eKTUp97PFF
stj6exR8bL0xZRPDBgwAA8jyuEFQBAB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOze
w1FIWUZxH7WbAAABi6MJryEAAAQDAEcwRQIhAIs5SrMTzc0zbo40FTg3rfu2TQ17
aWUAFoeQAnJWxWRvAiAnaKfK0Vvim8SIruUagSM+MBTQRvvwINi9oixDsKny/zAN
BgkqhkiG9w0BAQwFAAOCAYEAkPj68EAVM/8MQH2VszGkIs1h9r9mPYVVEg25Olsu
MpN7UTI4/wpscGLasAqBpxqMhPZ9OCc7NTEgMPevjv00otPeaUBpb9zF7noBbZ+d
ZnnyLp9lvIfjOeHg6z/swsx6JBB2OTkmtHHglrW+1+CLg+5ZXuFGV0kGT55/iLii
Z03pvUkVrkhiwVQcPJFDZjyQG8HY31XBHbC7PyauUnsnXnlDc2qTia+6IMSs1RvV
VGMO72CvElaLN/Upb0kDagOxqM6ZixV1O0n+05bCh5Ad+WuO2Uh2uFN6XsUzJXwg
typSYOebBNh3rm5GHxSlcQcZj8AFw1gbd4RVNPo29ULPshijW0MFTxTAm8Z4vLgz
FPbuizkVtpMkW67z9fNXe4CQ3aKE1w8esw4qgpdZ+pZkN3ItCPIGA4Fw0YnDFBLe
AX0hzw31MXWk3nMWDCkJciGdmtkhuX308iq24o+syp8xQyh7bW6swB3r9ZHs3UWO
QOfnDPEUGSjdOZyaCGMAAzai
-----END CERTIFICATE-----
subject=/CN=*.zybang.com
issuer=/C=CN/O=TrustAsia Technologies, Inc./CN=TrustAsia RSA DV TLS CA G2
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4695 bytes and written 391 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:Protocol : TLSv1.2Cipher : ECDHE-RSA-AES128-GCM-SHA256Session-ID: 9F8C40B3549D53AF0E03CCAAA90CB5977D6D01FC928103FDF0074B1A36EDEBB9Session-ID-ctx: Master-Key: 29A10E0C6FE780D2617C5470427E343E5348A042760F36903BD38FC8F5192E1ADE9DC865AC9CD99061E95EE57C18F569Key-Arg : NonePSK identity: NonePSK identity hint: NoneSRP username: NoneTLS session ticket lifetime hint: 100800 (seconds)TLS session ticket:0000 - 50 bb 2f ff fb 6b a4 e1-7c db 6d 4c 62 39 f8 de P./..k..|.mLb9..0010 - 26 1b 93 14 07 61 b5 9f-67 1e 30 26 58 7e a1 67 &....a..g.0&X~.g0020 - ac e3 7f d0 ad a7 17 72-c7 96 2f b3 c0 7b 46 d1 .......r../..{F.0030 - b7 e4 75 0e 01 18 bb 0d-d1 ad 77 38 0c 46 cc 8c ..u.......w8.F..0040 - 35 71 cc cc 8f b4 0b cd-e0 b8 c7 b3 63 47 ab f9 5q..........cG..0050 - 5f 5d cc 5c f8 dd 26 75-59 e7 24 12 db a9 fb ba _].\..&uY.$.....0060 - fe 71 2e 74 be d7 37 5f-3a c0 b2 15 12 2d 7f 48 .q.t..7_:....-.H0070 - 67 1a 43 1b 59 ef 1d db-63 b0 9a b6 4c e8 ea 76 g.C.Y...c...L..v0080 - 14 f1 16 0a d0 bb ac a7-6f 9b e5 7c 91 8f e9 44 ........o..|...D0090 - 34 23 a8 4f b2 63 05 b9-32 47 05 89 9b 7c 49 d3 4#.O.c..2G...|I.00a0 - 43 7f 0c 5e 16 4a 8d e7-2c ff 27 e4 69 4e c3 ba C..^.J..,.'.iN..Start Time: 1726132430Timeout : 300 (sec)Verify return code: 0 (ok)
---
mbedtls返回0x2700,握手失败的原因可能有:
1、mbedtls证书签名算法不支持导致,可以通过https://myssl.com/ 该网站查看证书相关信息
再检查mbedtls有没有开启对应的签名算法的宏
