Delphi,Indy,OpenSSL,cryptografic卡 - libeay32.dll中的访问冲突

时间:2017-10-23 06:52:34

标签: delphi openssl indy pkcs#11

我正在Delphi 2007中编写一个将数据发送到Web服务的应用程序,我使用的是Indy 10和OpenSSL。我在.p12文件中使用证书时效果很好。现在我想使用存储在Gemalto(IDPrimePKCS11.dll,IDPrimePKCS1164.dll)和Athena(asepkcs32.dll,asepkcs64.dll)加密卡上的证书。

我在OpenSC项目中构建了Visual Studio,openssl和引擎pkcs11。 当我连接到Web服务时,有一个问题,即在下面建立连接的日志:

SSL status: "before/connect initialization"
SSL status: "SSLv3 write client hello A"
SSL status: "SSLv3 read server hello A"
AOk = False
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
2022-05-20 23:36:50
AOk = True
/C=US/O=GeoTrust Inc./CN=GeoTrust SSL CA - G3
/C=PL/ST=mazowieckie/L=Warszawa/O=Ministerstwo Spraw Wewnetrznych/OU=IT/CN=*.obywatel.gov.pl
2017-12-25 01:59:59
SSL status: "SSLv3 read server certificate A"
SSL status: "SSLv3 read server certificate request A"
SSL status: "SSLv3 read server done A"
Access violation at address 6865A57C in module 'libeay32.dll'. Read of address 37313032
EAccessViolation

我知道我应该在自己的代码中查找错误。 我不知道接下来该做什么,所以我请求你帮忙解释错误。

我按以下顺序使用openssl函数:

ENGINE_load_builtin_engines

ENGINE_by_id返回指向引擎的指针

ENGINE_register_complete返回1

ENGINE_get_id返回pkcs11(引擎ID)

ENGINE_get_name返回pkcs11引擎(引擎名称)

ENGINE_ctrl_cmd_string(MODULE_PATH)返回1

ENGINE_ctrl_cmd_string(PIN)返回1

ENGINE_init返回1

ENGINE_load_private_key返回PEVP_PKEY<>零

SSL_CTX_use_certificate返回1

SSL_CTX_use_PrivateKey返回1

SSL_CTX_check_private_key返回1

我尝试使用ENGINE_load_ssl_client_cert,但我做不到。 正如我注意到的那样,在struct ENGINE中,字段load_ssl_client_cert为nil。 我不知道这是否正常。 我有2张牌,总的来说效果相同。 我从卡片的属性中读取了证书。

如果有人想要解决方案,请帮助。

这是代码

// changes in IdSSLOpenSSLHeaders

type
  PENGINE_CMD_DEFN = ^ENGINE_CMD_DEFN;                                          
  ENGINE_CMD_DEFN = record                                                      
    cmd_num: TIdC_UINT;
    cmd_name: PAnsiChar;
    cmd_desc: PAnsiChar;
    cmd_flags: TIdC_UINT;
  end;

  ENGINE = record                                                             
    id: PIdAnsiChar;
    name: PIdAnsiChar;
    rsa_meth: PRSA_METHOD;
    dsa_meth: Pointer;
    dh_meth: Pointer;
    ecdh_meth: Pointer;
    ecdsa_meth: Pointer;
    rand_meth: Pointer;
    store_meth: Pointer;
    ciphers: ENGINE_CIPHERS_PTR;
    digests: ENGINE_DIGESTS_PTR;
    pkey_meths: ENGINE_PKEY_METHS_PTR;
    pkey_asn1_meths: ENGINE_PKEY_ASN1_METHS_PTR;
    _destroy: ENGINE_GEN_INT_FUNC_PTR;
    init: ENGINE_GEN_INT_FUNC_PTR;
    finish: ENGINE_GEN_INT_FUNC_PTR;
    ctrl: ENGINE_CTRL_FUNC_PTR;
    load_privkey: ENGINE_LOAD_KEY_PTR;
    load_pubkey: ENGINE_LOAD_KEY_PTR;
    load_ssl_client_cert: ENGINE_SSL_CLIENT_CERT_PTR;
    cmd_defns: PENGINE_CMD_DEFN;
    flags: TIdC_INT;
    struct_ref: TIdC_INT;
    funct_ref: TIdC_INT;
    ex_data: CRYPTO_EX_DATA;
    prev: PENGINE;
    next: PENGINE;
  end;

var
  {$EXTERNALSYM OPENSSL_load_builtin_modules}
  OPENSSL_load_builtin_modules: procedure; cdecl = nil;
  {$EXTERNALSYM ENGINE_get_first}
  ENGINE_get_first : function : PEngine cdecl = nil;
  {$EXTERNALSYM ENGINE_get_last}
  ENGINE_get_last : function : PEngine cdecl = nil;
  {$EXTERNALSYM ENGINE_get_next}
  ENGINE_get_next : function(e: PEngine) : PEngine cdecl = nil;
  {$EXTERNALSYM ENGINE_get_prev}
  ENGINE_get_prev : function(e: PEngine) : PEngine cdecl = nil;
  {$EXTERNALSYM ENGINE_by_id}
  ENGINE_by_id : function(id: PAnsiChar) : PEngine cdecl = nil;
  {$EXTERNALSYM ENGINE_load_dynamic}
  ENGINE_load_dynamic : procedure cdecl = nil;
  {$EXTERNALSYM ENGINE_load_builtin_engines}
  ENGINE_load_builtin_engines : procedure cdecl = nil;
  {$EXTERNALSYM ENGINE_load_capi}
  ENGINE_load_capi : procedure cdecl = nil;
  {$EXTERNALSYM ENGINE_cleanup}
  ENGINE_cleanup : procedure cdecl = nil;
  {$EXTERNALSYM ENGINE_register_complete}
  ENGINE_register_complete : function(e: PEngine) : Integer cdecl = nil;
  {$EXTERNALSYM ENGINE_register_all_complete}
  ENGINE_register_all_complete : function : Integer cdecl = nil;
  int ENGINE_register_all_complete(void);
  {$EXTERNALSYM ENGINE_ctrl_cmd_string}
  ENGINE_ctrl_cmd_string : function(e: PEngine; const cmd_name: PAnsiChar; const arg: PIdAnsiChar; cmd_optional: Integer) : TIdC_Int cdecl = nil;
  {$EXTERNALSYM ENGINE_free}
  ENGINE_free : function(e: PEngine) : Integer cdecl = nil;
  {$EXTERNALSYM ENGINE_get_id}
  ENGINE_get_id : function(const e: PEngine) : PAnsiChar cdecl = nil;
  {$EXTERNALSYM ENGINE_get_name}
  ENGINE_get_name : function(const e: PEngine) : PAnsiChar cdecl = nil;
  {$EXTERNALSYM ENGINE_init}
  ENGINE_init : function(e: PEngine) : Integer cdecl = nil;
  {$EXTERNALSYM ENGINE_finish}
  ENGINE_finish : function(e: PEngine) : Integer cdecl = nil;
  {$EXTERNALSYM ERR_load_ENGINE_strings}
  ERR_load_ENGINE_strings : procedure cdecl = nil;
  {$EXTERNALSYM ENGINE_load_private_key}
  ENGINE_load_private_key : function(e: PEngine; const key_id: PIdAnsiChar;
                                     ui_method: PUI_METHOD; callback_data : Pointer) : PEVP_PKEY cdecl = nil;
  {$EXTERNALSYM ENGINE_load_public_key}

  ENGINE_load_public_key : function(e: PEngine; const key_id: PIdAnsiChar;
                                    ui_method: PUI_METHOD; callback_data : Pointer) : PEVP_PKEY cdecl = nil;
  {$EXTERNALSYM ENGINE_load_ssl_client_cert}

  ENGINE_load_ssl_client_cert : function(e: PEngine; s: PSSL;
                                         ca_dn: PSTACK_OF_X509_NAME; var pcert : PPX509;
                                         var ppkey : PPEVP_PKEY; var pother : PPSTACK_OF_X509;
                                         ui_method: PUI_METHOD; callback_data : Pointer) : TIdC_Int cdecl = nil;
  {$EXTERNALSYM ENGINE_set_default}
  ENGINE_set_default : function(e: PEngine; flags: Cardinal) : Integer cdecl = nil;
  {$EXTERNALSYM UI_OpenSSL}
  UI_OpenSSL : function : PUI_METHOD cdecl = nil;
  {$EXTERNALSYM ERR_load_UI_strings}
  ERR_load_UI_strings : procedure cdecl = nil;
  {$EXTERNALSYM ASN1_TIME_to_generalizedtime}
  ASN1_TIME_to_generalizedtime: function(t: PASN1_TIME; _out: PPASN1_GENERALIZEDTIME): PASN1_GENERALIZEDTIME cdecl = nil;
  {$EXTERNALSYM CONF_modules_load_file}
  CONF_modules_load_file: function(const  _filename: PIdAnsiChar; const  _appname: PIdAnsiChar;  s: TIdC_LONG): TIdC_Int; cdecl = nil;

// changes in IdSSLOpenSSL
  TIdSSLOptions = class(TPersistent)
  protected
    ...
    fPrivateKey : PEVP_PKEY;                                                   
    fCertificate : PX509;                      
    fEngine : PEngine;                           
    ...
  public
    ...
    property PrivateKey: PEVP_PKEY read fPrivateKey write fPrivateKey;   
    property Certificate: PX509 read fCertificate write fCertificate;    
    property Engine: PEngine read fEngine write fEngine;                 
  end
  TIdSSLContext = class(TObject)
  protected
    ...
    fPrivateKey : PEVP_PKEY;              
    fCertificate : PX509;          
    fEngine : PEngine; 
    ...       
  public
    ...
    property PrivateKey: PEVP_PKEY read fPrivateKey write fPrivateKey;    
    property Certificate: PX509 read fCertificate write fCertificate; 
    property Engine: PEngine read fEngine write fEngine;  
  end;
function IndySSL_CTX_use_PrivateKey_Engine(ctx: PSSL_CTX; const AEVP_PrivateKey: PEVP_PKEY): TIdC_INT;
begin
  Result := 0;
  if not Assigned(AEVP_PrivateKey) then begin
      SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_ENGINE_LIB);
      Exit;
  end;
  Result := SSL_CTX_use_PrivateKey(ctx, AEVP_PrivateKey);
end;
function IndySSL_CTX_use_certificate_Engine(ctx: PSSL_CTX; const APX509: PX509): TIdC_INT;
begin
  Result := 0;
  if not Assigned(APX509) then begin
      SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_ENGINE_LIB);
      Exit;
  end;
  Result := SSL_CTX_use_certificate(ctx, APX509);
end;
function LoadOpenSSLLibrary: Boolean;
begin
  ...
    ENGINE_load_builtin_engines;
    ENGINE_register_all_complete;
    SSLIsLoaded.Value := True;
  ...
end;
procedure TIdSSLOptions.AssignTo(Destination: TPersistent);
var
  LDest: TIdSSLOptions;
begin
  if Destination is TIdSSLOptions then begin
    ...
    LDest.PrivateKey := PrivateKey;  
    LDest.Certificate := Certificate;   
    LDest.Engine := Engine;  
  end else begin
    inherited AssignTo(Destination);
  end;
end;
procedure TIdServerIOHandlerSSLOpenSSL.Init;
begin
  ...
  fSSLContext.PrivateKey := SSLOptions.PrivateKey;   
  fSSLContext.Certificate := SSLOptions.Certificate; 
  fSSLContext.Engine := SSLOptions.Engine;     
  fSSLContext.InitContext(sslCtxServer);
end;
procedure TIdSSLIOHandlerSocketOpenSSL.Init;
begin
    ...
    fSSLContext.PrivateKey := SSLOptions.PrivateKey;   
    fSSLContext.Certificate := SSLOptions.Certificate; 
    fSSLContext.Engine := SSLOptions.Engine;    
    fSSLContext.InitContext(sslCtxClient);
  end;
end;

function TIdSSLContext.LoadCert: Boolean;
begin
  if PosInStrArray(ExtractFileExt(CertFile), ['.p12', '.pfx'], False) <> -1 then begin 
    Result := IndySSL_CTX_use_certificate_file_PKCS12(fContext, CertFile) > 0;
  end
  else if PosInStrArray(ExtractFileExt(CertFile), ['.pem'], False) <> -1 then begin
    //OpenSSL 1.0.2 has a new function, SSL_CTX_use_certificate_chain_file
    //that handles a chain of certificates in a PEM file.  That is prefered.
    if Assigned(SSL_CTX_use_certificate_chain_file) then begin
       Result := IndySSL_CTX_use_certificate_chain_file(fContext, CertFile) > 0;
    end else begin
      Result := IndySSL_CTX_use_certificate_file(fContext, CertFile, SSL_FILETYPE_PEM) > 0;
    end;
  end
  else begin
    Result := IndySSL_CTX_use_certificate_Engine(fContext, fCertificate) > 0;
  end;                                                                                     
end;

function TIdSSLContext.LoadKey: Boolean;
begin
  if PosInStrArray(ExtractFileExt(KeyFile), ['.p12', '.pfx'], False) <> -1 then begin
    Result := IndySSL_CTX_use_PrivateKey_file_PKCS12(fContext, KeyFile) > 0;
  end
  else if PosInStrArray(ExtractFileExt(KeyFile), ['.pem'], False) <> -1 then begin
    Result := IndySSL_CTX_use_PrivateKey_file(fContext, KeyFile, SSL_FILETYPE_PEM) > 0;
  end
  else begin
    Result := IndySSL_CTX_use_PrivateKey_Engine(fContext, fPrivateKey) > 0;
  end; 

  if Result then begin
    Result := SSL_CTX_check_private_key(fContext) > 0;
  end;
end;

function TIdSSLContext.Clone: TIdSSLContext;
begin
  ...
  Result.PrivateKey := PrivateKey;  
  Result.Certificate := Certificate;
  Result.Engine := Engine;  
end;

这是来自过程SslLockingCallback的日志片段。 我把这个日志放在了因为我想看看openssl里面发生了什么。

SSL_CTX_load_verify_location 1, c:\test\dane\rootcert.pem c:\test
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 30 .\crypto\engine\eng_table.c 259
10 30 .\crypto\engine\eng_table.c 330
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 10 .\crypto\asn1\x_pubkey.c 163
10 10 .\crypto\asn1\x_pubkey.c 170
9 10 .\crypto\asn1\x_pubkey.c 172
10 10 .\crypto\asn1\x_pubkey.c 172
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 3 .\ssl\ssl_rsa.c 445
10 3 .\ssl\ssl_rsa.c 445
SSL_CTX_use_certificate 1
9 10 .\crypto\asn1\x_pubkey.c 135
10 10 .\crypto\asn1\x_pubkey.c 135
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 10 .\crypto\asn1\x_pubkey.c 135
10 10 .\crypto\asn1\x_pubkey.c 135
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 10 .\ssl\ssl_rsa.c 232
10 10 .\ssl\ssl_rsa.c 232
SSL_CTX_use_PrivateKey 1
9 10 .\crypto\asn1\x_pubkey.c 135
10 10 .\crypto\asn1\x_pubkey.c 135
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 30 .\crypto\engine\tb_asnmth.c 236
10 30 .\crypto\engine\tb_asnmth.c 244
9 30 .\crypto\engine\tb_asnmth.c 236
10 30 .\crypto\engine\tb_asnmth.c 244
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 21 .\crypto\bio\bio_lib.c 114
10 21 .\crypto\bio\bio_lib.c 114
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 3 .\crypto\asn1\tasn_utl.c 118
10 3 .\crypto\asn1\tasn_utl.c 118
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 3 .\ssl\ssl_cert.c 295
10 3 .\ssl\ssl_cert.c 295
9 10 .\ssl\ssl_cert.c 300
10 10 .\ssl\ssl_cert.c 300
9 12 .\ssl\ssl_lib.c 362
10 12 .\ssl\ssl_lib.c 362
9 12 .\ssl\ssl_lib.c 374
10 12 .\ssl\ssl_lib.c 374
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 18 .\crypto\rand\md_rand.c 230
10 18 .\crypto\rand\md_rand.c 262
9 18 .\crypto\rand\md_rand.c 311
10 18 .\crypto\rand\md_rand.c 324
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 12 .\ssl\s3_both.c 614
10 12 .\ssl\s3_both.c 624
9 12 .\ssl\s3_both.c 614
10 12 .\ssl\s3_both.c 624
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 18 .\crypto\rand\md_rand.c 386
9 19 .\crypto\rand\md_rand.c 389
10 19 .\crypto\rand\md_rand.c 391
10 18 .\crypto\rand\md_rand.c 466
9 18 .\crypto\rand\md_rand.c 515
10 18 .\crypto\rand\md_rand.c 519
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 3 .\crypto\x509\x509_vfy.c 228
10 3 .\crypto\x509\x509_vfy.c 228
9 3 .\crypto\x509v3\v3_purp.c 132
10 3 .\crypto\x509v3\v3_purp.c 134
9 3 .\crypto\x509\x509_vfy.c 284
10 3 .\crypto\x509\x509_vfy.c 284
9 11 .\crypto\x509\x509_lu.c 305
10 11 .\crypto\x509\x509_lu.c 307
9 11 .\crypto\x509\by_dir.c 380
10 11 .\crypto\x509\by_dir.c 386
9 11 .\crypto\x509\by_dir.c 380
10 11 .\crypto\x509\by_dir.c 386
9 11 .\crypto\x509\x509_lu.c 305
10 11 .\crypto\x509\x509_lu.c 307
9 11 .\crypto\x509\by_dir.c 380
10 11 .\crypto\x509\by_dir.c 386
9 11 .\crypto\x509\by_dir.c 380
10 11 .\crypto\x509\by_dir.c 386
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 30 .\crypto\engine\eng_table.c 259
10 30 .\crypto\engine\eng_table.c 330
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 10 .\crypto\asn1\x_pubkey.c 163
10 10 .\crypto\asn1\x_pubkey.c 170
9 10 .\crypto\asn1\x_pubkey.c 172
10 10 .\crypto\asn1\x_pubkey.c 172
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 30 .\crypto\engine\eng_table.c 259
10 30 .\crypto\engine\eng_table.c 330
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 10 .\crypto\asn1\x_pubkey.c 163
10 10 .\crypto\asn1\x_pubkey.c 170
9 10 .\crypto\asn1\x_pubkey.c 172
10 10 .\crypto\asn1\x_pubkey.c 172
9 10 .\crypto\evp\pmeth_lib.c 186
10 10 .\crypto\evp\pmeth_lib.c 186
9 10 .\crypto\evp\pmeth_lib.c 302
10 10 .\crypto\evp\pmeth_lib.c 302
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
5 9 .\crypto\bn\bn_mont.c 527
6 9 .\crypto\bn\bn_mont.c 529
9 9 .\crypto\bn\bn_mont.c 550
10 9 .\crypto\bn\bn_mont.c 556
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 3 .\crypto\asn1\tasn_utl.c 118
10 3 .\crypto\asn1\tasn_utl.c 118
9 3 .\crypto\asn1\tasn_utl.c 118
10 3 .\crypto\asn1\tasn_utl.c 118
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 10 .\crypto\asn1\x_pubkey.c 135
10 10 .\crypto\asn1\x_pubkey.c 135
9 3 .\ssl\s3_clnt.c 1331
10 3 .\ssl\s3_clnt.c 1331
9 3 .\ssl\s3_clnt.c 1343
10 3 .\ssl\s3_clnt.c 1343
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 10 .\crypto\asn1\x_pubkey.c 135
10 10 .\crypto\asn1\x_pubkey.c 135
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 426
6 2 .\crypto\ex_data.c 436
9 3 .\crypto\x509\x509_vfy.c 228
10 3 .\crypto\x509\x509_vfy.c 228
9 3 .\crypto\x509v3\v3_purp.c 132
9 1 .\crypto\err\err.c 452
10 1 .\crypto\err\err.c 462
5 1 .\crypto\err\err.c 499
6 1 .\crypto\err\err.c 501
9 1 .\crypto\err\err.c 473
10 1 .\crypto\err\err.c 473
9 16 .\ssl\ssl_lib.c 569
10 16 .\ssl\ssl_lib.c 569
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 21 .\crypto\bio\bio_lib.c 114
10 21 .\crypto\bio\bio_lib.c 114
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 21 .\crypto\bio\bio_lib.c 114
10 21 .\crypto\bio\bio_lib.c 114
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 14 .\ssl\ssl_sess.c 856
10 14 .\ssl\ssl_sess.c 856
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 15 .\ssl\ssl_cert.c 658
10 15 .\ssl\ssl_cert.c 658
9 3 .\crypto\asn1\tasn_utl.c 118
10 3 .\crypto\asn1\tasn_utl.c 118
9 3 .\crypto\asn1\tasn_utl.c 118
10 3 .\crypto\asn1\tasn_utl.c 118
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 9 .\crypto\rsa\rsa_lib.c 216
10 9 .\crypto\rsa\rsa_lib.c 216
9 30 .\crypto\engine\eng_init.c 149
10 30 .\crypto\engine\eng_init.c 151
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 3 .\crypto\asn1\tasn_utl.c 118
10 3 .\crypto\asn1\tasn_utl.c 118
9 3 .\crypto\asn1\tasn_utl.c 118
10 3 .\crypto\asn1\tasn_utl.c 118
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 9 .\crypto\rsa\rsa_lib.c 216
10 9 .\crypto\rsa\rsa_lib.c 216
9 30 .\crypto\engine\eng_init.c 149
10 30 .\crypto\engine\eng_init.c 151
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 13 .\ssl\ssl_cert.c 459
10 13 .\ssl\ssl_cert.c 459
9 3 .\crypto\asn1\tasn_utl.c 118
10 3 .\crypto\asn1\tasn_utl.c 118
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 12 .\ssl\ssl_lib.c 2106
10 12 .\ssl\ssl_lib.c 2106
9 12 .\ssl\s3_both.c 635
10 12 .\ssl\s3_both.c 648
9 12 .\ssl\s3_both.c 635
10 12 .\ssl\s3_both.c 648
9 21 .\crypto\bio\bio_lib.c 114
10 21 .\crypto\bio\bio_lib.c 114
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 12 .\ssl\ssl_lib.c 2106
10 12 .\ssl\ssl_lib.c 2106
9 12 .\ssl\ssl_lib.c 2106
10 12 .\ssl\ssl_lib.c 2106
9 12 .\ssl\ssl_sess.c 1125
10 12 .\ssl\ssl_sess.c 1131
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 11 .\crypto\x509\x509_lu.c 241
10 11 .\crypto\x509\x509_lu.c 241
9 3 .\crypto\asn1\tasn_utl.c 118
10 3 .\crypto\asn1\tasn_utl.c 118
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 2 .\crypto\ex_data.c 318
10 2 .\crypto\ex_data.c 338
5 2 .\crypto\ex_data.c 507
6 2 .\crypto\ex_data.c 517
9 13 .\ssl\ssl_cert.c 459
10 13 .\ssl\ssl_cert.c 459
9 3 .\crypto\asn1\tasn_utl.c 118
10 3 .\crypto\asn1\tasn_utl.c 118
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 10 .\crypto\evp\p_lib.c 391
10 10 .\crypto\evp\p_lib.c 391
9 30 .\crypto\engine\eng_init.c 149
10 30 .\crypto\engine\eng_init.c 151
9 30 .\crypto\engine\eng_lib.c 116
10 30 .\crypto\engine\eng_lib.c 116

在调用SSL_connect时发生AV。

如日志所示,

SSL status: "before/connect initialization"
SSL status: "SSLv3 write client hello A"
SSL status: "SSLv3 read server hello A"
SSL status: "SSLv3 read server certificate A"
SSL status: "SSLv3 read server certificate request A"
SSL status: "SSLv3 read server done A"

下一步应该是:

SSL status: "SSLv3 write client certificate A"

补充

到目前为止,为了从卡中读取证书,我读取了CKO_CERTIFICATE对象的CKA_VALUE属性。我使用了d2i_X509函数,它返回了传递给SSL_CTX_use_certificate的PX509变量。 我决定将证书保存到.pem文件并使用此文件建立SSL连接。

连接日志如下:

SSL status: "before/connect initialization"
SSL status: "before/connect initialization"
SSL status: "SSLv3 write client hello A"
SSL status: "SSLv3 read server hello A"
SSL status: "SSLv3 read server certificate A"
SSL status: "SSLv3 read server certificate request A"
SSL status: "SSLv3 read server done A"
SSL status: "SSLv3 write client certificate A"
SSL status: "SSLv3 write client key exchange A"
SSL status: "SSLv3 write certificate verify A"
SSL status: "SSLv3 write change cipher spec A"
SSL status: "SSLv3 write finished A"
SSL status: "SSLv3 flush data"
SSL status: "SSLv3 read finished A"
SSL status: "SSL negotiation finished successfully"
Type: Handshake Done
Msg:  SSL negotiation finished successfully
SSL status: "SSL negotiation finished successfully"
Type: Connect Exit
Msg:  SSL negotiation finished successfully
Cipher: name = AES256-GCM-SHA384; description = AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
; bits = 256; version = TLSv1/SSLv3;
SSL status: "SSL negotiation finished successfully"
Type: warning Read Alert
Msg:  close notify

谈判成功(“SSL协商成功完成”),但服务器返回了错误

EIdHTTPProtocolException
HTTP/1.0 500 Internal Server Error
<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
  <env:Body>
    <env:Fault>
      <faultcode>env:Server</faultcode>
      <faultstring>Internal Error (from server)</faultstring>
    </env:Fault>
  </env:Body>
</env:Envelope>

0 个答案:

没有答案
相关问题
最新问题