我们需要使用相互SSL连接到服务器但由于某种原因,我们在尝试发出请求时收到以下错误:
[...]
readIncomingTls_changeCipherSpec2:
processTlsRecord:
processAlert:
TlsAlert:
level: fatal
descrip: handshake failure
--TlsAlert
--processAlert
--processTlsRecord
--readIncomingTls_changeCipherSpec2
Failed to read incoming handshake messages. (3)
Client handshake failed. (3)
Failed to connect.
[...]
私钥和CSR由我们提出,证书由我们连接的人员返回给我们。
将密钥和证书组合到一个pem文件中并添加到请求中就可以在其他脚本中使用各自的密钥证书和目标而无问题地工作:
var Gateway = new ActiveXObject("Chilkat.Http");
Gateway.UnlockComponent("redacted");
var pemSuccess = Gateway.SetSslClientCertPem(Server.MapPath(certPath), "");
Gateway.ConnectTimeout = 10;
Gateway.ReadTimeout = 10;
然而在这个例子中,pemSuccess不仅返回0,而且我注意到改变这个或完全删除该行不会改变错误,这表明它在此之前就已经破裂了?
不幸的是,我在这个过程中的知识是有限的,我不知道如何解决这个问题。
一些谷歌搜索导致chilkat支持页面建议更新DLL并确保.pem使用正确的密钥和证书,但这些都是应有的。
编辑08/06/2015: 改变----- BEGIN CERTIFICATE的格式----- 页眉/页脚---开始证书--- 允许SetSslClientCertPem返回true,否则不会更改LastErrorText ......
完整LastErrorText:
SynchronousRequest:
DllDate: Dec 12 2012
UnlockPrefix: [redacted]
Username: [redacted]
Architecture: Little Endian; 32-bit
Language: ActiveX
VerboseLogging: 0
domain: [redacted]
port: 9000
ssl: 1
RequestData:
HttpVersion: 1.1
Verb: POST
Path: [redacted]
Charset: utf-8
SendCharset: 0
MimeHeader: SOAPAction:
Content-Type: text/xml
--RequestData
ReadTimeout: 10
ConnectTimeout: 10
httpConnect:
hostname: [redacted]
port: 9000
ssl: 1
Need to establish connection to the HTTP server...
ConnectTimeoutMs_1: 10000
calling ConnectSocket2
IPV6 enabled connect with NO heartbeat.
connectingTo: [redacted]
resolveHostname1:
dnsCacheLookup: [redacted]
dnsCacheHit: [redacted]
--resolveHostname1
GetHostByNameHB_ipv4: Elapsed time: 0 millisec
myIP_1: [redacted]
myPort_1: [redacted]
connect successful (1)
clientHelloMajorMinorVersion: 3.1
buildClientHello:
majorVersion: 3
minorVersion: 1
numRandomBytes: 32
sessionIdSize: 0
numCipherSuites: 10
numCompressionMethods: 1
--buildClientHello
readIncomingTls_serverHello:
processTlsRecord:
processHandshake:
handshakeMessageType: ServerHello
handshakeMessageLen: 0x46
processHandshakeMessage:
MessageType: ServerHello
Processing ServerHello...
ServerHello:
MajorVersion: 3
MinorVersion: 1
SessionIdLen: 32
CipherSuite: RSA_WITH_AES_256_CBC_SHA
CipherSuite: 00,35
CompressionMethod: 0
Queueing ServerHello message.
ServerHello is OK.
--ServerHello
--processHandshakeMessage
--processHandshake
--processTlsRecord
--readIncomingTls_serverHello
HandshakeQueue:
MessageType: ServerHello
--HandshakeQueue
Dequeued ServerHello message.
readIncomingTls_6:
processTlsRecord:
processHandshake:
handshakeMessageType: Certificate
handshakeMessageLen: 0xf13
processHandshakeMessage:
MessageType: Certificate
ProcessCertificates:
Certificate:
[cert info]
--Certificate
Certificate:
[cert info]
--Certificate
Certificate:
[cert info]
--Certificate
NumCertificates: 3
Queueing Certificates message...
--ProcessCertificates
--processHandshakeMessage
--processHandshake
--processTlsRecord
--readIncomingTls_6
Dequeued Certificate message.
readIncomingTls_6:
processTlsRecord:
processHandshake:
handshakeMessageType: CertificateRequest
handshakeMessageLen: 0x6
processHandshakeMessage:
MessageType: CertificateRequest
CertificateRequest:
NumCertificateTypes: 3
Certificate Type: RSA Sign
Certificate Type: DSS Sign
OtherCertificateType: 64
totalLen: 0
NumDistinguishedNames: 0
CertificateRequest message is OK.
Queueing CertificateRequest message.
--CertificateRequest
--processHandshakeMessage
handshakeMessageType: ServerHelloDone
handshakeMessageLen: 0x0
processHandshakeMessage:
MessageType: ServerHelloDone
Queueing HelloDone message.
--processHandshakeMessage
--processHandshake
--processTlsRecord
--readIncomingTls_6
Dequeued CertificateRequest message.
DequeuedMessageType: ServerHelloDone
OK to ServerHelloDone!
Sending 0-length certificate (this is normal).
CertificatesMessage:
numCerts: 0
CertificateSize: 0x3
--CertificatesMessage
Encrypted pre-master secret with server certificate RSA public key is OK.
Sending ClientKeyExchange...
Sent ClientKeyExchange message.
Sending ChangeCipherSpec...
Sent ChangeCipherSpec message.
Derived keys.
Installed new outgoing security params.
Sending FINISHED message..
algorithm: aes
keyLength: 256
Sent FINISHED message..
readIncomingTls_changeCipherSpec2:
processTlsRecord:
processAlert:
TlsAlert:
level: fatal
descrip: handshake failure
--TlsAlert
--processAlert
--processTlsRecord
--readIncomingTls_changeCipherSpec2
Failed to read incoming handshake messages. (3)
Client handshake failed. (3)
Failed to connect.
--httpConnect
connectTime1: Elapsed time: 47 millisec
totalTime: Elapsed time: 47 millisec
Failed.
--SynchronousRequest
--ChilkatLog
答案 0 :(得分:0)
事实证明,尽管发件人坚持多次证明证书是正确的,尽管他们坚持(当被问及)电子邮件编码没有删除任何字符时,但事实证明证书不正确并且电子邮件编码已经从正文中删除了一些字符。
请注意以+字符开头的行。