Добрый день.
Подскажите, настраиваю клиент для связи с HSM.
Поднимаю по инструкции:
https://support.cryptopr...lient-n-astra-linux-1516В момент проверки провайдера ошибка:
*@CMP:~/MARK2$ /opt/cprocsp/bin/amd64/csptest -enum -provider "Crypto-Pro GOST R 34.10-2012 Strong HSM CSP" -provtype 81 -info
An error occurred in running the program.
/dailybuildsbranches/CSP_4_0/CSPbuild/CSP/samples/support/getcspparam.c:28:Can not get CSP param: AcquireContext failed.
Error number 0x2746 (10054).
Удаленный хост принудительно разорвал существующее подключение.
An error occurred in running the program.
/dailybuildsbranches/CSP_4_0/CSPbuild/CSP/samples/csptest/enum.c:409:Error during CryptAcquireContext.
Error number 0x2746 (10054).
Удаленный хост принудительно разорвал существующее подключение.
Program is terminating.
[ErrorCode: 0x00002746]
В journalctl:
ноя 27 12:11:32 CMP stunnel_fork[8196]: libssp: CPDeleteSecurityContext bad context pointer!
ноя 27 12:11:32 CMP csptest[8193]: libcspr: read_socket_N read_socket_N: read (fd 4) error: 0x2746
ноя 27 12:11:32 CMP csptest[8193]: libcspr: KChanRecvSock KChanRecvSock: read error: 0x2746
ноя 27 12:11:32 CMP csptest[8193]: libcspr: WireCPTransport : KChanRecvSock error: 0x2746
ноя 27 12:11:32 CMP csptest[8193]: libcspr: CPLookupSession : WireCPBeginSession failed: 0x2746
В логах stunnel пусто.
Сам сервер HSM доступен по телнету:
*@CMP:~$ nc -v 10.10.5.240 1501
Connection to 10.10.5.240 1501 port [tcp/*] succeeded!
*@CMP:~$ nc -v 10.10.5.240 443
Connection to 10.10.5.240 443 port [tcp/https] succeeded!
Проверка TLS:
*@CMP:~$ /opt/cprocsp/bin/amd64/csptestf -tlsc -server 10.10.5.240 -port 1501 -user 1014.1014 -nocheck -v
#0:
Subject: CN=1014.1014
Valid : 15.11.2019 16:30:48 - 15.02.2021 16:30:48 (UTC)
Issuer : CN=HSM43-000280
Client certificate:
Subject: CN=1014.1014
Valid : 15.11.2019 16:30:48 - 15.02.2021 16:30:48 (UTC)
Issuer : CN=HSM43-000280
8 algorithms supported:
Aglid Class OID
[00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89)
[01] 0x801e 0x8000 1.2.643.2.2.3 (ГОСТ Р 34.11/34.10-2001)
[02] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит)
[03] 0x801f 0x8000
[04] 0x2e1e 0x2000 1.2.643.2.2.20 (ГОСТ Р 34.10-94)
[05] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001)
[06] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012)
[07] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012)
Cipher strengths: 256..256
Supported protocols: 0xa80:
Transport Layer Security 1.0 client side
Transport Layer Security 1.1 client side
Transport Layer Security 1.2 client side
dwProtocolMask: 0x800a0aaa
Protocol version: 3.3
ClientHello: RecordLayer: TLS, Len: 98
Cipher Suites: (ff 85) (00 81) (00 32) (00 31)
103 bytes of handshake data sent
554 bytes of handshake data received
CryptoPro CSP: Type password for container "le-34cf5944-0356-462f-8873-046bbb854049"
Password:
766 bytes of handshake data sent
31 bytes of handshake data received
Handshake was successful
SECPKG_ATTR_CIPHER_INFO: Protocol: 800, Suite: FF85 (TLS_GOSTR341112_256_WITH_28147_CNT_IMIT)
SECPKG_ATTR_CIPHER_INFO: Cipher: (GOST 28147-89), Len: 256, BlockLen: 1
SECPKG_ATTR_CIPHER_INFO: Hash: (GR 34.11-2012 256), Len: 256
SECPKG_ATTR_CIPHER_INFO: Exchange: (GOST DH 34.10-2012 256), MinLen: 512, MaxLen: 512
SECPKG_ATTR_CIPHER_INFO: Certificate: (GR 34.10-2012 256), KeyType: 0
SECPKG_ATTR_NAMES: CN=10.10.5.240
SECPKG_ATTR_PACKAGE_INFO not supported.
Server certificate:
Subject: CN=10.10.5.240
Valid : 30.08.2018 14:38:26 - 30.11.2025 14:38:26 (UTC)
Issuer : CN=HSM43-000280
Protocol: TLS 1.2
Cipher: 0x661e
Cipher strength: 256
Hash: 0x8021
Hash strength: 256
Key exchange: 0xaa47
Key exchange strength: 512
Header: 5, Trailer: 4, MaxMessage: 16384
HTTP request: GET / HTTP/1.1
User-Agent: Webclient
Accept:*/*
Host: 10.10.5.240
Connection: close
Sending plaintext: 91 bytes
109 bytes of application data sent
11 bytes of (encrypted) application data received
Context expired: OK if file is completely downloaded
*** Got no HTTP header with HTTP STATUS
HttpsGetFile: 0x0000000d
An error occurred in running the program.
/dailybuildsbranches/CSP_4_0/CSPbuild/CSP/samples/csptest/WebClient.c:789:Error fetching file from server.
Error number 0xd (13).
Total: SYS: 0,000 sec USR: 0,040 sec UTC: 3,250 sec
[ErrorCode: 0x0000000d]