1

我正在尝试在我的 IoT 项目中实现 SSL 客户端。我已将在 STM32Cube_FW_F7_V1.15.0 中找到的 SSL_Client 示例复制到我的项目中,并且能够成功编译。但是 SSL 握手失败并显示 -0x7780 MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE。我附上控制台调试输出:

    . Seeding the random number generator... ok
    . Loading the CA root certificate ... ok (1 skipped)
    . Connecting to tcp/www.google.de/443... ok
    . Setting up the SSL/TLS structure... ok
    . Performing the SSL/TLS handshake...=> handshake
  client state: 0
  => flush output
  <= flush output
  client state: 1
  => flush output
  <= flush output
  => write client hello
  client hello, max version: [3:3]
  dumping 'client hello, random bytes' (32 bytes)
  0000:  88 d9 c4 b1 4f 82 ef a2 74 80 5c 6e 3f c4 29 ca  ....O...t.\n?.).
  0010:  a4 8d 61 2b f6 37 ec 93 39 cb 7d d0 39 5a 67 9b  ..a+.7..9.}.9Zg.
  client hello, session id len.: 0
  dumping 'client hello, session id' (0 bytes)
  client hello, add ciphersuite: c02b
  client hello, add ciphersuite: c031
  client hello, add ciphersuite: c02d
  client hello, add ciphersuite: 00a8
  client hello, got 4 ciphersuites (excluding SCSVs)
  adding EMPTY_RENEGOTIATION_INFO_SCSV
  client hello, compress len.: 1
  client hello, compress alg.: 0
  client hello, adding server name extension: mbed TLS Server 1
  client hello, adding signature_algorithms extension
  client hello, adding supported_elliptic_curves extension
  client hello, adding supported_point_formats extension
  client hello, adding encrypt_then_mac extension
  client hello, adding extended_master_secret extension
  client hello, total extension length: 62
  => write handshake message
  => write record
  output record: msgtype = 22, version = [3:3], msglen = 117
  dumping 'output record sent to network' (122 bytes)
  0000:  16 03 03 00 75 01 00 00 71 03 03 88 d9 c4 b1 4f  ....u...q......O
  0010:  82 ef a2 74 80 5c 6e 3f c4 29 ca a4 8d 61 2b f6  ...t.\n?.)...a+.
  0020:  37 ec 93 39 cb 7d d0 39 5a 67 9b 00 00 0a c0 2b  7..9.}.9Zg.....+
  0030:  c0 31 c0 2d 00 a8 00 ff 01 00 00 3e 00 00 00 16  .1.-.......>....
  0040:  00 14 00 00 11 6d 62 65 64 20 54 4c 53 20 53 65  .....mbed TLS Se
  0050:  72 76 65 72 20 31 00 0d 00 0a 00 08 04 03 04 01  rver 1..........
  0060:  03 03 03 01 00 0a 00 04 00 02 00 17 00 0b 00 02  ................
  0070:  01 00 00 16 00 00 00 17 00 00                    ..........
  => flush output
  message length: 122, out_left: 122
  ssl->f_send() returned 122 (-0xffffff86)
  <= flush output
  <= write record
  <= write handshake message
  <= write client hello
  client state: 2
  => flush output
  <= flush output
  => parse server hello
  => read record
  => fetch input
  in_left: 0, nb_want: 5
  in_left: 0, nb_want: 5
  ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
  <= fetch input
  dumping 'input record header' (5 bytes)
  0000:  15 03 03 00 02                                   .....
  input record: msgtype = 21, version = [3:3], msglen = 2
  => fetch input
  in_left: 5, nb_want: 7
  in_left: 5, nb_want: 7
  ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)
  <= fetch input
  dumping 'input record from network' (7 bytes)
  0000:  15 03 03 00 02 02 28                             ......(
  got an alert message, type: [2:40]
  is a fatal alert message (msg 40)
  mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
  mbedtls_ssl_read_record() returned -30592 (-0x7780)
  <= handshake
   failed
    ! mbedtls_ssl_handshake returned -0x7780

我很感激每一个正确方向的提示。

4

1 回答 1

1

客户端你好,添加服务器扩展名:mbed TLS Server 1

客户端正在使用SNI扩展来表明它想要与之交谈mbed TLS Server 1。端口 443 上的服务器www.google.de可以响应为www.google.degoogle.de以及 Google 控制的一堆其他名称,但它确实知道mbed TLS Server 1,因此它发送一个致命警报,表明它无法完成握手。

您可以按原样使用示例客户端与源代码应位于其旁边的示例服务器通信。要联系另一台服务器,您需要更改或删除对 的调用mbedtls_ssl_set_hostname

于 2021-05-07T21:51:38.800 回答