1. 首页
  2. 问答
  3. 通过相互连接的SSL失败读进来的ChangeCipherSpec

通过相互连接的SSL失败读进来的ChangeCipherSpec

2015-06-05 80 views
0

我们需要使用相互SSL连接到服务器,但由于某种原因,我们正在努力使一个请求时,出现以下错误:通过相互连接的SSL失败读进来的ChangeCipherSpec

[...] 
readIncomingTls_changeCipherSpec2: 
    processTlsRecord: 
    processAlert: 
     TlsAlert: 
     level: fatal 
     descrip: handshake failure 
     --TlsAlert 
    --processAlert 
    --processTlsRecord 
--readIncomingTls_changeCipherSpec2 
Failed to read incoming handshake messages. (3) 
Client handshake failed. (3) 
Failed to connect. 
[...]

私钥而CSR是由我们提出的,并且我们所连接的人员向我们返回的证书。

结合按键和证书成PEM文件并添加到像这样的请求,工作没有问题,在其他脚本中各自的密钥证书和目标:

var Gateway = new ActiveXObject("Chilkat.Http"); 
    Gateway.UnlockComponent("redacted"); 
var pemSuccess = Gateway.SetSslClientCertPem(Server.MapPath(certPath), ""); 
    Gateway.ConnectTimeout = 10;   
    Gateway.ReadTimeout = 10;

然而,在这种情况下,不仅是pemSuccess返回0,但我注意到,改变这个或完全删除线不会改变错误,暗示它在这之前已经破裂了?

不幸的是,我在这个过程的知识水平有限,我不知道如何解决这个问题。

一些Google导致chilkat支持页面提示更新DLL并确保.pem使用正确的密钥和证书,但这些都是应有的。

编辑2015年8月6日: 改变----- BEGIN CERTIFICATE -----的 页眉/页脚--- BEGIN CERTIFICATE --- 已经允许SetSslClientCertPem返回true格式,但在其他方面不改变LastErrorText ...

完全LastErrorText:

SynchronousRequest: 
    DllDate: Dec 12 2012 
    UnlockPrefix: [redacted] 
    Username: [redacted] 
    Architecture: Little Endian; 32-bit 
    Language: ActiveX 
    VerboseLogging: 0 
    domain: [redacted] 
    port: 9000 
    ssl: 1 
    RequestData: 
     HttpVersion: 1.1 
     Verb: POST 
     Path: [redacted] 
     Charset: utf-8 
     SendCharset: 0 
     MimeHeader: SOAPAction: 
Content-Type: text/xml 
    --RequestData 
    ReadTimeout: 10 
    ConnectTimeout: 10 
    httpConnect: 
     hostname: [redacted] 
     port: 9000 
     ssl: 1 
     Need to establish connection to the HTTP server... 
     ConnectTimeoutMs_1: 10000 
     calling ConnectSocket2 
     IPV6 enabled connect with NO heartbeat. 
     connectingTo: [redacted] 
     resolveHostname1: 
     dnsCacheLookup: [redacted] 
     dnsCacheHit: [redacted] 
     --resolveHostname1 
     GetHostByNameHB_ipv4: Elapsed time: 0 millisec 
     myIP_1: [redacted] 
     myPort_1: [redacted] 
     connect successful (1) 
     clientHelloMajorMinorVersion: 3.1 
     buildClientHello: 
     majorVersion: 3 
     minorVersion: 1 
     numRandomBytes: 32 
     sessionIdSize: 0 
     numCipherSuites: 10 
     numCompressionMethods: 1 
     --buildClientHello 
     readIncomingTls_serverHello: 
     processTlsRecord: 
      processHandshake: 
      handshakeMessageType: ServerHello 
      handshakeMessageLen: 0x46 
      processHandshakeMessage: 
       MessageType: ServerHello 
       Processing ServerHello... 
       ServerHello: 
       MajorVersion: 3 
       MinorVersion: 1 
       SessionIdLen: 32 
       CipherSuite: RSA_WITH_AES_256_CBC_SHA 
       CipherSuite: 00,35 
       CompressionMethod: 0 
       Queueing ServerHello message. 
       ServerHello is OK. 
       --ServerHello 
      --processHandshakeMessage 
      --processHandshake 
     --processTlsRecord 
     --readIncomingTls_serverHello 
     HandshakeQueue: 
     MessageType: ServerHello 
     --HandshakeQueue 
     Dequeued ServerHello message. 
     readIncomingTls_6: 
     processTlsRecord: 
      processHandshake: 
      handshakeMessageType: Certificate 
      handshakeMessageLen: 0xf13 
      processHandshakeMessage: 
       MessageType: Certificate 
       ProcessCertificates: 
       Certificate: 
        [cert info] 
       --Certificate 
       Certificate: 
        [cert info] 
       --Certificate 
       Certificate: 
        [cert info] 
       --Certificate 
       NumCertificates: 3 
       Queueing Certificates message... 
       --ProcessCertificates 
      --processHandshakeMessage 
      --processHandshake 
     --processTlsRecord 
     --readIncomingTls_6 
     Dequeued Certificate message. 
     readIncomingTls_6: 
     processTlsRecord: 
      processHandshake: 
      handshakeMessageType: CertificateRequest 
      handshakeMessageLen: 0x6 
      processHandshakeMessage: 
       MessageType: CertificateRequest 
       CertificateRequest: 
       NumCertificateTypes: 3 
       Certificate Type: RSA Sign 
       Certificate Type: DSS Sign 
       OtherCertificateType: 64 
       totalLen: 0 
       NumDistinguishedNames: 0 
       CertificateRequest message is OK. 
       Queueing CertificateRequest message. 
       --CertificateRequest 
      --processHandshakeMessage 
      handshakeMessageType: ServerHelloDone 
      handshakeMessageLen: 0x0 
      processHandshakeMessage: 
       MessageType: ServerHelloDone 
       Queueing HelloDone message. 
      --processHandshakeMessage 
      --processHandshake 
     --processTlsRecord 
     --readIncomingTls_6 
     Dequeued CertificateRequest message. 
     DequeuedMessageType: ServerHelloDone 
     OK to ServerHelloDone! 
     Sending 0-length certificate (this is normal). 
     CertificatesMessage: 
     numCerts: 0 
     CertificateSize: 0x3 
     --CertificatesMessage 
     Encrypted pre-master secret with server certificate RSA public key is OK. 
     Sending ClientKeyExchange... 
     Sent ClientKeyExchange message. 
     Sending ChangeCipherSpec... 
     Sent ChangeCipherSpec message. 
     Derived keys. 
     Installed new outgoing security params. 
     Sending FINISHED message.. 
     algorithm: aes 
     keyLength: 256 
     Sent FINISHED message.. 
     readIncomingTls_changeCipherSpec2: 
     processTlsRecord: 
      processAlert: 
      TlsAlert: 
       level: fatal 
       descrip: handshake failure 
      --TlsAlert 
      --processAlert 
     --processTlsRecord 
     --readIncomingTls_changeCipherSpec2 
     Failed to read incoming handshake messages. (3) 
     Client handshake failed. (3) 
     Failed to connect. 
    --httpConnect 
    connectTime1: Elapsed time: 47 millisec 
    totalTime: Elapsed time: 47 millisec 
    Failed. 
    --SynchronousRequest 
--ChilkatLog

来源

2015-06-05 Gavin

回答

0

所以事实证明,尽管发送方坚持几次证书是正确的,尽管他们坚持(当问)那电子邮件编码还没有剥离任何字符,结果证明了这一点证书不正确,电子邮件编码从正文中剥离了一些字符。

谨防以+字符开头的行。

来源

2015-06-19 15:11:13 Gavin

相关问题

 相关问题