Краткое описание использования stunnel:
Емеем: комплекс станицй, состоящий из сервера и клиентов, Центр сертификации.
Необходимо со станций подключатсья к серверу через канал, созданный при использовании cpro_stunnel для передачи данных.
Контейнеры и сертификаты сгененированы на своём Центре сертификации с использованием ГОСТ 2012 года. (Ранее использовался ГОСТ 2001 года и cpro 3.6). В связи с переходом на ГОСТ 2012 возникла необходимость обновления cpro до версии 4. Ставлю 9963.
С родным банарником не работает, приходиться подкладывать бинарник и билиотеки из весрии 3.6 (как писал в предыдущем посте).
Конфиг stunnel_client.conf на станции клиента.
cert = /etc/opt/cprocsp/PAK-7574.cer
setuid=cpro
setgid=cpro
pid = /var/opt/cprocsp/tmp/stunnel_client.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
verify = 3
debug = 7
output = /var/opt/cprocsp/tmp/stunnel_client.log
client = yes
accept=localhost:7441
connect=mask:7441
iptables на станции клиента
-A OUTPUT -d mask -p tcp -m tcp --dport 7440 -j DNAT --to-destination 127.0.0.1:7441
Конфиг stunnel_server.conf на станции сервера
cert = /etc/opt/cprocsp/mask.cer
setuid=cpro
setgid=cpro
pid = /var/opt/cprocsp/tmp/stunnel_server.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
verify = 3
debug = 7
output = /var/opt/cprocsp/tmp/stunnel_server.log
client = no
accept = 192.168.57.87:7441
connect = 127.0.0.1:7440
Журанл с ошибкой (с stunnel от 4.0):
[root@pak-7574 sysconfig]# /opt/cprocsp/sbin/ia32/stunnel_thread -version
stunnel 4.18 on i686-pc-linux-gnu
Threading:PTHREAD Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /opt/cprocsp/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
for_hsm = yes|no HSM mode with unix socket auth
Service-level options
cert = /etc/opt/cprocsp/stunnel/stunnel.pem
key = /etc/opt/cprocsp/stunnel/stunnel.pem
session = 300 seconds
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
nc mask 7440
Клиент:
2019.03.29 17:23:32 LOG7[24243:3060025040]: p7synchro_redir accepted FD=8 from 192.168.57.88:57057
2019.03.29 17:23:32 LOG7[24243:3051953008]: client start
2019.03.29 17:23:32 LOG7[24243:3051953008]: p7synchro_redir started
2019.03.29 17:23:32 LOG7[24243:3051953008]: FD 8 in non-blocking mode
2019.03.29 17:23:32 LOG7[24243:3051953008]: TCP_NODELAY option set on local socket
2019.03.29 17:23:32 LOG7[24243:3051953008]: FD 9 in non-blocking mode
2019.03.29 17:23:32 LOG7[24243:3051953008]: FD 10 in non-blocking mode
2019.03.29 17:23:32 LOG7[24243:3051953008]: Connection from 192.168.57.88:57057 permitted by libwrap
2019.03.29 17:23:32 LOG5[24243:3051953008]: p7synchro_redir connected from 192.168.57.88:57057
2019.03.29 17:23:32 LOG7[24243:3060025040]: Cleaning up the signal pipe
2019.03.29 17:23:32 LOG6[24243:3060025040]: Child process 25586 finished with code 0
2019.03.29 17:23:32 LOG7[24243:3051953008]: FD 13 in non-blocking mode
2019.03.29 17:23:32 LOG7[24243:3051953008]: p7synchro_redir connecting
2019.03.29 17:23:32 LOG7[24243:3051953008]: connect_wait: waiting 10 seconds
2019.03.29 17:23:32 LOG7[24243:3051953008]: connect_wait: connected
2019.03.29 17:23:32 LOG7[24243:3051953008]: Remote FD=13 initialized
2019.03.29 17:23:32 LOG7[24243:3051953008]: TCP_NODELAY option set on remote socket
2019.03.29 17:23:32 LOG7[24243:3051953008]: start SSPI connect
2019.03.29 17:23:32 LOG5[24243:3051953008]: try to read the client certificate
2019.03.29 17:23:32 LOG7[24243:3051953008]: open file /etc/opt/cprocsp/PAK-7574.cer with certificate
2019.03.29 17:23:32 LOG3[24243:3051953008]: Credentials complete
2019.03.29 17:23:32 LOG7[24243:3051953008]: 101 bytes of handshake data sent
2019.03.29 17:23:32 LOG5[24243:3051953008]: 861 bytes of handshake(in handshake loop) data received.
2019.03.29 17:23:32 LOG5[24243:3051953008]: 1016 bytes of handshake data sent
2019.03.29 17:23:32 LOG5[24243:3051953008]: 11 bytes of handshake(in handshake loop) data received.
2019.03.29 17:23:32 LOG3[24243:3051953008]: **** Error 0x80090308 returned by InitializeSecurityContext (2)
2019.03.29 17:23:32 LOG3[24243:3051953008]: Error performing handshake
2019.03.29 17:23:32 LOG5[24243:3051953008]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2019.03.29 17:23:32 LOG7[24243:3051953008]: free Buffers
2019.03.29 17:23:32 LOG7[24243:3051953008]: delete c->hClientCreds
2019.03.29 17:23:32 LOG5[24243:3051953008]: incomp_mess = 0, extra_data = 0
2019.03.29 17:23:32 LOG7[24243:3051953008]: p7synchro_redir finished (0 left)
Сервер:
2019.03.29 17:23:36 LOG7[25503:140054580586304]: p8_2 accepted FD=10 from 192.168.57.88:38641
2019.03.29 17:23:36 LOG7[25503:140054488999680]: client start
2019.03.29 17:23:36 LOG7[25503:140054488999680]: p8_2 started
2019.03.29 17:23:36 LOG7[25503:140054488999680]: FD 10 in non-blocking mode
2019.03.29 17:23:36 LOG7[25503:140054488999680]: TCP_NODELAY option set on local socket
2019.03.29 17:23:36 LOG7[25503:140054488999680]: FD 11 in non-blocking mode
2019.03.29 17:23:36 LOG7[25503:140054488999680]: FD 12 in non-blocking mode
2019.03.29 17:23:36 LOG7[25503:140054488999680]: Connection from 192.168.57.88:38641 permitted by libwrap
2019.03.29 17:23:36 LOG5[25503:140054488999680]: p8_2 connected from 192.168.57.88:38641
2019.03.29 17:23:36 LOG7[25503:140054488999680]: accept_handshake start
2019.03.29 17:23:36 LOG7[25503:140054488999680]: SSPINegotiate start
2019.03.29 17:23:36 LOG7[25503:140054580586304]: Cleaning up the signal pipe
2019.03.29 17:23:36 LOG6[25503:140054580586304]: Child process 25512 finished with code 0
2019.03.29 17:23:36 LOG7[25503:140054488999680]: reading in SSPINeg recv return = 101, errno=4
2019.03.29 17:23:36 LOG7[25503:140054488999680]: Recieve 101 bytes from client on SSPINegotiateLoop
2019.03.29 17:23:36 LOG7[25503:140054488999680]: AcceptSecurityContext finish, scRet = 590610
2019.03.29 17:23:36 LOG5[25503:140054488999680]: Send 861 handshake bytes to client
2019.03.29 17:23:36 LOG7[25503:140054488999680]: reading in SSPINeg recv return = 1016, errno=-1
2019.03.29 17:23:36 LOG7[25503:140054488999680]: Recieve 1016 bytes from client on SSPINegotiateLoop
2019.03.29 17:23:36 LOG7[25503:140054488999680]: AcceptSecurityContext finish, scRet = 0
2019.03.29 17:23:36 LOG5[25503:140054488999680]: Client subject: CN=PAK-7574
2019.03.29 17:23:36 LOG5[25503:140054488999680]: Client issuer: CN=ROOT3 CA 2012
2019.03.29 17:23:36 LOG3[25503:140054488999680]: Error 0x40 ((unknown)) returned by CertVerifyCertificateChainPolicy!
2019.03.29 17:23:36 LOG3[25503:140054488999680]: Error 0x40 when validate certificate
2019.03.29 17:23:36 LOG3[25503:140054488999680]: Error 0x8009030e returned by VerifyCertChain (ssl_verify_by_level)
2019.03.29 17:23:36 LOG5[25503:140054488999680]: User not authorized for connect
2019.03.29 17:23:36 LOG5[25503:140054488999680]: 11 bytes of close_notify data sent
2019.03.29 17:23:36 LOG5[25503:140054488999680]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2019.03.29 17:23:36 LOG7[25503:140054488999680]: free Buffers
2019.03.29 17:23:36 LOG7[25503:140054488999680]: delete c->hContext
2019.03.29 17:23:36 LOG5[25503:140054488999680]: incomp_mess = 0, extra_data = 0
2019.03.29 17:23:36 LOG7[25503:140054488999680]: p8_2 finished (0 left)ILER]
[cpro@pak-7574 ~]$ /opt/cprocsp/bin/ia32/csptestf -tlsc -server mask -port 7440 -v -v -v
8 algorithms supported:
Aglid Class OID
[00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89)
[01] 0x801e 0x8000 1.2.643.2.2.3 (ГОСТ Р 34.11/34.10-2001)
[02] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит)
[03] 0x801f 0x8000
[04] 0x2e1e 0x2000 1.2.643.2.2.20 (ГОСТ Р 34.10-94)
[05] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001)
[06] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012)
[07] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012)
Cipher strengths: 256..256
Supported protocols: 0xa80:
Transport Layer Security 1.0 client side
Transport Layer Security 1.1 client side
Transport Layer Security 1.2 client side
dwProtocolMask: 0x800a0aaa
Protocol version: 3.3
ClientHello: RecordLayer: TLS, Len: 91
Cipher Suites: (ff 85) (00 81) (00 32) (00 31)
96 bytes of handshake data sent
0000 16 03 01 00 5b 01 00 00 57 03 03 5c 9e 0f 07 c8 ....[...W..\....
0010 35 83 4d fa 4a b1 a8 6a 31 6f fb ee 93 8d 52 34 5.M.J..j1o....R4
0020 2c 32 8b ae d9 d1 66 96 5c ed 58 00 00 08 ff 85 ,2....f.\.X.....
0030 00 81 00 32 00 31 01 00 00 26 ff 01 00 01 00 00 ...2.1...&......
0040 23 00 00 00 00 00 09 00 07 00 00 04 6d 61 73 6b #...........mask
0050 00 17 00 00 00 0d 00 08 00 06 ee ee ef ef ed ed ................
**** Error 104 reading data from server
An error occurred in running the program.
/dailybuildsbranches/CSP_4_0/CSPbuild/CSP/samples/csptest/WebClient.c:628:Error performing handshake.
Error number 0x80090304 (-2146893052).
Внутренняя ошибка пакета безопасности
WARNING: ENOTCONN on socket shutdown (ungraceful shutdown)
Total: SYS: 0,000 sec USR: 0,090 sec UTC: 0,160 sec
[ErrorCode: 0x80090304]
Журнал с успехом (с stunnel от 3.6)
[root@pak-7574 ia32]# /opt/cprocsp/sbin/ia32/stunnel_thread -version
stunnel 4.18 on i686-pc-linux-gnu
Threading:PTHREAD Sockets:POLL,IPv4 Auth:LIBWRAP
Global options
debug = 5
pid = /opt/cprocsp/var/run/stunnel/stunnel.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
for_hsm = yes|no HSM mode with unix socket auth
Service-level options
cert = /etc/opt/cprocsp/stunnel/stunnel.pem
key = /etc/opt/cprocsp/stunnel/stunnel.pem
session = 300 seconds
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
nc mask 7440
Клиент:
2019.03.29 17:34:29 LOG7[14876:3053180640]: p7synchro_redir accepted FD=8 from 192.168.57.88:57068
2019.03.29 17:34:29 LOG7[14876:3045108592]: client start
2019.03.29 17:34:29 LOG7[14876:3045108592]: p7synchro_redir started
2019.03.29 17:34:29 LOG7[14876:3045108592]: FD 8 in non-blocking mode
2019.03.29 17:34:29 LOG7[14876:3045108592]: TCP_NODELAY option set on local socket
2019.03.29 17:34:29 LOG7[14876:3045108592]: FD 9 in non-blocking mode
2019.03.29 17:34:29 LOG7[14876:3045108592]: FD 10 in non-blocking mode
2019.03.29 17:34:29 LOG7[14876:3045108592]: Connection from 192.168.57.88:57068 permitted by libwrap
2019.03.29 17:34:29 LOG5[14876:3045108592]: p7synchro_redir connected from 192.168.57.88:57068
2019.03.29 17:34:29 LOG7[14876:3053180640]: Cleaning up the signal pipe
2019.03.29 17:34:29 LOG6[14876:3053180640]: Child process 15549 finished with code 0
2019.03.29 17:34:29 LOG7[14876:3045108592]: FD 13 in non-blocking mode
2019.03.29 17:34:29 LOG7[14876:3045108592]: p7synchro_redir connecting
2019.03.29 17:34:29 LOG7[14876:3045108592]: connect_wait: waiting 10 seconds
2019.03.29 17:34:29 LOG7[14876:3045108592]: connect_wait: connected
2019.03.29 17:34:29 LOG7[14876:3045108592]: Remote FD=13 initialized
2019.03.29 17:34:29 LOG7[14876:3045108592]: TCP_NODELAY option set on remote socket
2019.03.29 17:34:29 LOG7[14876:3045108592]: start SSPI connect
2019.03.29 17:34:29 LOG5[14876:3045108592]: try to read the client certificate
2019.03.29 17:34:29 LOG7[14876:3045108592]: open file /etc/opt/cprocsp/PAK-7574.cer with certificate
2019.03.29 17:34:29 LOG3[14876:3045108592]: Credentials complete
2019.03.29 17:34:29 LOG7[14876:3045108592]: 101 bytes of handshake data sent
2019.03.29 17:34:29 LOG5[14876:3045108592]: 861 bytes of handshake(in handshake loop) data received.
2019.03.29 17:34:29 LOG5[14876:3045108592]: 1016 bytes of handshake data sent
2019.03.29 17:34:29 LOG5[14876:3045108592]: 31 bytes of handshake(in handshake loop) data received.
2019.03.29 17:34:29 LOG5[14876:3045108592]: Handshake was successful
2019.03.29 17:34:29 LOG5[14876:3045108592]: PerformClientHandshake finish
2019.03.29 17:34:29 LOG5[14876:3045108592]: Server subject: CN=mask
2019.03.29 17:34:29 LOG5[14876:3045108592]: Server issuer: CN=ROOT3 CA 2012
2019.03.29 17:34:29 LOG5[14876:3045108592]: Protocol: 0x800
2019.03.29 17:34:29 LOG5[14876:3045108592]: Cipher: Gost 28147-89
2019.03.29 17:34:29 LOG5[14876:3045108592]: Cipher strength: 256
2019.03.29 17:34:29 LOG5[14876:3045108592]: Hash: 0x8021
2019.03.29 17:34:29 LOG5[14876:3045108592]: Hash strength: 256
2019.03.29 17:34:29 LOG5[14876:3045108592]: Key exchange: 0xaa47
2019.03.29 17:34:29 LOG5[14876:3045108592]: Key exchange strength: 512
2019.03.29 17:34:29 LOG7[14876:3045108592]: Handshake_done
2019.03.29 17:34:29 LOG7[14876:3045108592]: add ssl read socket to pool
2019.03.29 17:34:29 LOG7[14876:3045108592]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2019.03.29 17:34:29 LOG7[14876:3045108592]: Enter pool section on transfer
2019.03.29 17:34:29 LOG7[14876:3045108592]: SSPI_read start
2019.03.29 17:34:29 LOG7[14876:3045108592]: recv ok on SSPI_read err= 25
2019.03.29 17:34:29 LOG5[14876:3045108592]: Received 25 bytes from ssl socket
2019.03.29 17:34:29 LOG7[14876:3045108592]: SSPI_read data in ssl_buff is 77be
2019.03.29 17:34:29 LOG7[14876:3045108592]: data read from ssl_sock =16
2019.03.29 17:34:29 LOG7[14876:3045108592]: add ssl read socket to pool
2019.03.29 17:34:29 LOG7[14876:3045108592]: ssl_rd = 1, c->ssl_ptr = 16,c->sock_ptr=0,want_rd = 0
2019.03.29 17:34:29 LOG7[14876:3045108592]: add write socket to poll
2019.03.29 17:34:29 LOG7[14876:3045108592]: Enter pool section on transfer
2019.03.29 17:34:29 LOG7[14876:3045108592]: data send to socket = 16
2019.03.29 17:34:29 LOG7[14876:3045108592]: add ssl read socket to pool
2019.03.29 17:34:29 LOG7[14876:3045108592]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2019.03.29 17:34:29 LOG7[14876:3045108592]: Enter pool section on transfer
Сервер:
2019.03.29 17:34:33 LOG7[25689:140697865049984]: p8_2 accepted FD=10 from 192.168.57.88:38652
2019.03.29 17:34:33 LOG7[25689:140697864853248]: client start
2019.03.29 17:34:33 LOG7[25689:140697864853248]: p8_2 started
2019.03.29 17:34:33 LOG7[25689:140697864853248]: FD 10 in non-blocking mode
2019.03.29 17:34:33 LOG7[25689:140697864853248]: TCP_NODELAY option set on local socket
2019.03.29 17:34:33 LOG7[25689:140697864853248]: FD 11 in non-blocking mode
2019.03.29 17:34:33 LOG7[25689:140697864853248]: FD 12 in non-blocking mode
2019.03.29 17:34:33 LOG7[25689:140697864853248]: Connection from 192.168.57.88:38652 permitted by libwrap
2019.03.29 17:34:33 LOG5[25689:140697864853248]: p8_2 connected from 192.168.57.88:38652
2019.03.29 17:34:33 LOG7[25689:140697864853248]: accept_handshake start
2019.03.29 17:34:33 LOG7[25689:140697864853248]: SSPINegotiate start
2019.03.29 17:34:33 LOG7[25689:140697865049984]: Cleaning up the signal pipe
2019.03.29 17:34:33 LOG6[25689:140697865049984]: Child process 25698 finished with code 0
2019.03.29 17:34:33 LOG7[25689:140697864853248]: reading in SSPINeg err = 101
2019.03.29 17:34:33 LOG7[25689:140697864853248]: Recieve 101 bytes from client on SSPINegotiateLoop
2019.03.29 17:34:33 LOG7[25689:140697864853248]: AcceptSecurityContext finish, scRet = 590610
2019.03.29 17:34:33 LOG5[25689:140697864853248]: Send 861 handshake bytes to client
2019.03.29 17:34:33 LOG7[25689:140697864853248]: reading in SSPINeg err = 1016
2019.03.29 17:34:33 LOG7[25689:140697864853248]: Recieve 1016 bytes from client on SSPINegotiateLoop
2019.03.29 17:34:33 LOG7[25689:140697864853248]: AcceptSecurityContext finish, scRet = 0
2019.03.29 17:34:33 LOG5[25689:140697864853248]: Client subject: CN=PAK-7574
2019.03.29 17:34:33 LOG5[25689:140697864853248]: Client issuer: CN=ROOT3 CA 2012
2019.03.29 17:34:33 LOG5[25689:140697864853248]: No error on CertGetCertificateChain
2019.03.29 17:34:33 LOG5[25689:140697864853248]: No error on CertVerifyCertificateChainPolicy
2019.03.29 17:34:33 LOG7[25689:140697864853248]: validate_connect finish
2019.03.29 17:34:33 LOG5[25689:140697864853248]: Send 31 handshake bytes to client
2019.03.29 17:34:33 LOG5[25689:140697864853248]: User validation finish ExLen = 0
2019.03.29 17:34:33 LOG7[25689:140697864853248]: FD 11 in non-blocking mode
2019.03.29 17:34:33 LOG7[25689:140697864853248]: p8_2 connecting
2019.03.29 17:34:33 LOG7[25689:140697864853248]: connect_wait: waiting 10 seconds
2019.03.29 17:34:33 LOG7[25689:140697864853248]: connect_wait: connected
2019.03.29 17:34:33 LOG7[25689:140697864853248]: Remote FD=11 initialized
2019.03.29 17:34:33 LOG7[25689:140697864853248]: TCP_NODELAY option set on remote socket
2019.03.29 17:34:33 LOG7[25689:140697864853248]: add ssl read socket to pool
2019.03.29 17:34:33 LOG7[25689:140697864853248]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2019.03.29 17:34:33 LOG7[25689:140697864853248]: Enter pool section on transfer
2019.03.29 17:34:33 LOG7[25689:140697864853248]: data reciev from socket = 16
2019.03.29 17:34:33 LOG7[25689:140697864853248]: add ssl read socket to pool
2019.03.29 17:34:33 LOG7[25689:140697864853248]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=16,want_rd = 0
2019.03.29 17:34:33 LOG7[25689:140697864853248]: Enter pool section on transfer
2019.03.29 17:34:33 LOG5[25689:140697864853248]: SSPI_write start
2019.03.29 17:34:33 LOG7[25689:140697864853248]: SSPI_write data is 77be
2019.03.29 17:34:33 LOG7[25689:140697864853248]: send all data after encrypt
2019.03.29 17:34:33 LOG7[25689:140697864853248]: data send to ssl_socket =16
2019.03.29 17:34:33 LOG7[25689:140697864853248]: add ssl read socket to pool
2019.03.29 17:34:33 LOG7[25689:140697864853248]: ssl_rd = 1, c->ssl_ptr = 0,c->sock_ptr=0,want_rd = 0
2019.03.29 17:34:33 LOG7[25689:140697864853248]: Enter pool section on transfer
[cpro@pak-7574 ~]$ /opt/cprocsp/bin/ia32/csptestf -tlsc -server mask -port 7440 -v -v -v
8 algorithms supported:
Aglid Class OID
[00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89)
[01] 0x801e 0x8000 1.2.643.2.2.3 (ГОСТ Р 34.11/34.10-2001)
[02] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит)
[03] 0x801f 0x8000
[04] 0x2e1e 0x2000 1.2.643.2.2.20 (ГОСТ Р 34.10-94)
[05] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001)
[06] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012)
[07] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012)
Cipher strengths: 256..256
Supported protocols: 0xa80:
Transport Layer Security 1.0 client side
Transport Layer Security 1.1 client side
Transport Layer Security 1.2 client side
dwProtocolMask: 0x800a0aaa
Protocol version: 3.3
ClientHello: RecordLayer: TLS, Len: 91
Cipher Suites: (ff 85) (00 81) (00 32) (00 31)
96 bytes of handshake data sent
0000 16 03 01 00 5b 01 00 00 57 03 03 5c 9e 11 48 7d ....[...W..\..H}
0010 39 6b 76 8b d8 3e 7c c0 8d 85 83 0a 79 cb f4 00 9kv..>|.....y...
0020 44 57 ec c7 41 17 4d 05 4a b0 b8 00 00 08 ff 85 DW..A.M.J.......
0030 00 81 00 32 00 31 01 00 00 26 ff 01 00 01 00 00 ...2.1...&......
0040 23 00 00 00 00 00 09 00 07 00 00 04 6d 61 73 6b #...........mask
0050 00 17 00 00 00 0d 00 08 00 06 ee ee ef ef ed ed ................
16 bytes of handshake data received
0000 39 32 62 38 30 32 63 64 20 72 65 61 64 79 3a 20 92b802cd ready:
**** Error 0x80090308 returned by InitializeSecurityContext (2)
An error occurred in running the program.
/dailybuildsbranches/CSP_4_0/CSPbuild/CSP/samples/csptest/WebClient.c:628:Error performing handshake.
Error number 0x80090308 (-2146893048).
Предоставленный функции маркер неправилен
Total: SYS: 0,010 sec USR: 0,080 sec UTC: 0,120 sec
[ErrorCode: 0x80090308]
п.с.
Заменил хэш чз команду, полученную от Вас, после чека бинарник переименовался в .corrupted всеравно.
Автор: Русев Андрей Было бы здорово получить:
- конфиг stunnel
- краткое описание использования stunnel
- журнал с ошибкой (с stunnel от 4.0)
- журнал с успехом (с stunnel от 3.6)
Бинарники переименовываются нашей системой контроля целостности. Запустить проверку целостности с руки можно так:
Код:/etc/init.d/cprocsp check
В тестовых (!) целях можно пересчитать хэш соответствующего файла и положить его в таблицу для проверок:
Код:[user@test-x64-centos72 ~]$ /opt/cprocsp/bin/amd64/cpverify -mk -alg GR3411_2012_256 /opt/cprocsp/sbin/amd64/stunnel_thread
96A23255F1DD7A620AAEF04CCE50B586045396C29E4DD049E5F3D2EEA96E79A8
[user@test-x64-centos72 ~]$ grep -F stunnel_thread /opt/cprocsp/lib/hashes/cprocsp-stunnel-64
//opt/cprocsp/sbin/amd64/stunnel_thread 96A23255F1DD7A620AAEF04CCE50B586045396C29E4DD049E5F3D2EEA96E79A8