Replies: 38 comments
-
|
rpc 还是http? |
Beta Was this translation helpful? Give feedback.
-
|
生成证书时密码设置了吗? |
Beta Was this translation helpful? Give feedback.
-
|
客户端跟踪是握手失败,服务端,客户端初始化都是成功的 |
Beta Was this translation helpful? Give feedback.
-
|
你先把密码改成test试试。 |
Beta Was this translation helpful? Give feedback.
-
|
把512改成2048试试 |
Beta Was this translation helpful? Give feedback.
-
|
dh512.pem dhparam.pem 两个文件内部有用到吗 |
Beta Was this translation helpful? Give feedback.
-
|
你的openssl是什么版本? |
Beta Was this translation helpful? Give feedback.
-
|
好的,稍晚点测试查一下。 |
Beta Was this translation helpful? Give feedback.
-
|
好的,谢谢。 我用 1024,产生server.key, 初始化报错EE key too small |
Beta Was this translation helpful? Give feedback.
-
|
目前还没有windows环境,我在centos7 机器上安装并验证了openssl3.2.1,过程如下,供你参考: 生成server.key输入: 提示: 接着会继续提示: 输入 生成server.csr输入: openssl req -new -key server.key -out server.csr会出现下列输入提示: Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:在 之后一路回车到最后一步。 生成server.key输入: openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt提示输入: 输入 显示: coro_rpc 使用生成openssl文件coro_rpc_server使用刚生成的server.crt和server.key文件: server.init_ssl(
ssl_configure{"../openssl_files", "server.crt", "server.key"});coro_rpc_client使用刚生成的server.key文件: client->init_ssl("../openssl_files", "server.crt");
co_await client->connect("127.0.0.1", port);注意在编译时要设置YLT_ENABLE_SSL为ON,以上测试可以正常连接到服务端。 openssl 测试代码在src/coro_rpc/tests/test_coro_rpc_client.cpp文件中。 |
Beta Was this translation helpful? Give feedback.
-
|
好的,谢谢,我马上验证下 |
Beta Was this translation helpful? Give feedback.
-
|
windows下还是报错,相关操作步骤和提示跟上面提到的一样,服务端报错: [coro_connection.hpp:168] handshake failed: tlsv1 alert internal error (SSL routines) conn_id 1; 客户端报错: [impl/coro_rpc_client.hpp:443] client_id 0 handshake failed: certificate verify failed (SSL routines) |
Beta Was this translation helpful? Give feedback.
-
|
你在Linux 也测试一下看看。 |
Beta Was this translation helpful? Give feedback.
-
|
能否用windows下生成的几个文件到centos7试下? |
Beta Was this translation helpful? Give feedback.
-
|
这个要晚点找个环境试一下才行。 为啥一定要在windows上,你的部署环境是windows吗? |
Beta Was this translation helpful? Give feedback.
-
|
是的,我是在windows系统下用 |
Beta Was this translation helpful? Give feedback.
-
|
有办法在windows系统下测试吗,或者是否可以用我在windows下产生的server.crt,server.key,server.csr等文件,在centos7下确认下?可以的话我上传下,谢谢 |
Beta Was this translation helpful? Give feedback.
-
我稍后会测试一下 |
Beta Was this translation helpful? Give feedback.
-
|
openssl_files.zip |
Beta Was this translation helpful? Give feedback.
-
|
在windows平台下,找第三方编译的openssl也尝试过,还是报一样的错误,不知道是证书问题还是其它BUG?直接把生成的证书相关文件放在demo里面,也是报同样的错误,还请帮忙验证下,谢谢 |
Beta Was this translation helpful? Give feedback.
-
|
已经解决 openssl x509 命令需要增加参数 -subj "/CN=localhost" |
Beta Was this translation helpful? Give feedback.
-
|
但是linux下不需要加这个参数啊 |
Beta Was this translation helpful? Give feedback.
-
我按下面步骤产生 server.key,server.csr, server.crt,客户端连接失败,不知道什么原因,但用demo里面的文件是可以的。
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
openssl dhparam -out dh512.pem 512
openssl dhparam -out dhparam.pem 4096
Beta Was this translation helpful? Give feedback.
All reactions