Статус: Новичок
Группы: Участники
Зарегистрирован: 11.02.2021(UTC) Сообщений: 7 Сказал(а) «Спасибо»: 1 раз
|
Продолжил исследование, попробовал через tlss: server: Код:/opt/cprocsp/bin/amd64/csptest -tlss -u e540c66d7e9ae40d9287b3c893abe7548458143b -port 8443 -v
#0:
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.stageoffice.ru
Valid : 07.10.2019 00:00:00 - 31.10.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.stageoffice.ru
Valid : 07.10.2019 00:00:00 - 31.10.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
11 algorithms supported:
Aglid Class OID
[00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89)
[01] 0x6631 0x6000 1.2.643.7.1.1.5.2 (ГОСТ Р 34.12-2015 Кузнечик)
[02] 0x6630 0x6000 1.2.643.7.1.1.5.1 (ГОСТ Р 34.12-2015 Магма)
[03] 0x801e 0x8000 1.2.643.2.2.3 (ГОСТ Р 34.11/34.10-2001)
[04] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит)
[05] 0x801f 0x8000
[06] 0x803d 0x8000
[07] 0x803c 0x8000
[08] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001)
[09] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012)
[10] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012)
Cipher strengths: 256..256
Supported protocols: 0x540:
Transport Layer Security 1.0 server side
Transport Layer Security 1.1 server side
Transport Layer Security 1.2 server side
dwProtocolMask: 0x400d1555
Idle timeout: 0 ms
###после подключения клиента###
Accepting connection 1
Socket connection established
Received 149 (handshake) bytes from client
Send 4754 handshake bytes to client
recv failed: 2148073488
Couldn't connect
/dailybuildsbranches/CSP_5_0r2i/CSPbuild/CSP/samples/csptest/WebServer.c:1039:Handshake()
Error 0x80090010: Access denied.
7 bytes of handshake data sent
/dailybuildsbranches/CSP_5_0r2i/CSPbuild/CSP/samples/csptest/WebServer.c:2478:Socket shutdown(): 0x6b
Error 0x80090010: Access denied.
Error disconnecting from client
client: Код:/opt/cprocsp/bin/amd64/csptest -tlsc -u e540c66d7e9ae40d9287b3c893abe7548458143b -server test.stageoffice.ru -port 8443 -v
#0:
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.stageoffice.ru
Valid : 07.10.2019 00:00:00 - 31.10.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Client certificate:
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.stageoffice.ru
Valid : 07.10.2019 00:00:00 - 31.10.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
11 algorithms supported:
Aglid Class OID
[00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89)
[01] 0x6631 0x6000 1.2.643.7.1.1.5.2 (ГОСТ Р 34.12-2015 Кузнечик)
[02] 0x6630 0x6000 1.2.643.7.1.1.5.1 (ГОСТ Р 34.12-2015 Магма)
[03] 0x801e 0x8000 1.2.643.2.2.3 (ГОСТ Р 34.11/34.10-2001)
[04] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит)
[05] 0x801f 0x8000
[06] 0x803d 0x8000
[07] 0x803c 0x8000
[08] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001)
[09] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012)
[10] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012)
Cipher strengths: 256..256
Supported protocols: 0xa80:
Transport Layer Security 1.0 client side
Transport Layer Security 1.1 client side
Transport Layer Security 1.2 client side
dwProtocolMask: 0x800e2aaa
Protocol version: 3.3
ClientHello: RecordLayer: TLS, Len: 144
SessionId: (empty)
Cipher Suites: (c0 30) (c0 2f) (c0 28) (c0 27) (c0 14) (c0 13) (00 9d) (00 9c) (00 3d) (00 3c) (00 35) (00 2f) (00 0a)
149 bytes of handshake data sent
4754 bytes of handshake data received
**** Error 0xffffffff80091004 returned by InitializeSecurityContext (2)
/dailybuildsbranches/CSP_5_0r2i/CSPbuild/CSP/samples/csptest/WebClient.c:754:Error performing handshake.
Error 0x80091004: Invalid cryptographic message type.
Total: SYS: 0.040 sec USR: 0.070 sec UTC: 0.120 sec
[ErrorCode: 0x80091004]
Попробовал тот же сертификат RSA от sectigo *.stageoffice на Windows, работает: server: Код:PS C:\Program Files\Crypto Pro\CSP> .\csptest.exe -tlss -u e540c66d7e9ae40d9287b3c893abe7548458143b -port 8443
#0:
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.stageoffice.ru
Valid : 07.10.2019 00:00:00 - 31.10.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Try call SetCredentialsAttributes, 000000085EBBEB10
Idle timeout: 0 ms
###после подключения клиента###
SECPKG_ATTR_SESSION_INFO: Reuse: 0, SessionId: 5c140000d1cc766ab744a199fcf47b9b443e76b129d8baec5c9c7bb07b950e46
Connected, waiting for request...
CheckPolicyResult passed.
client: Код:.\csptest.exe -tlsc -u e540c66d7e9ae40d9287b3c893abe7548458143b -port 8443 -server test.stageoffice.ru
#0:
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.stageoffice.ru
Valid : 07.10.2019 00:00:00 - 31.10.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
DDEContext expired: OK if file is completely downloaded
Reply status: HTTP/1.0 200 OK
1 connections, 42 bytes in 0.015 seconds;
Total: SYS: 0,016 sec USR: 0,031 sec UTC: 0,093 sec
[ErrorCode: 0x00000000]
Более того, на linux взял RSA сертифкат от другого домена, *.myoffice-app.ru от тогоже sectigo, все работает! server-app.txt (7kb) загружен 2 раз(а).(так же пришлось добавить сам серт в доверенные, иначе выдавало The revocation process could not continue) Код: /opt/cprocsp/bin/amd64/certmgr -l -chain
Certmgr 1.1 (c) "Crypto-Pro", 2007-2020.
Program for managing certificates, CRLs and stores.
=============================================================================
1-------
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Subject : OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.myoffice-app.ru
Serial : 0x00A1F8C60738F31382378D548C771350A4
SHA1 Hash : d4ed8861cadd8fdf91bc659938219687964f26a5
SubjKeyID : 3eec2d45b538b7fa5bc6b932f4942d3b008ab2f6
Signature Algorithm : sha256RSA
PublicKey Algorithm : RSA (2048 bits)
Not valid before : 15/11/2019 00:00:00 UTC
Not valid after : 10/12/2021 23:59:59 UTC
PrivateKey Link : Yes
Container : HDIMAGE\\pfx-d42c.000\F387
Provider Name : Crypto-Pro Enhanced RSA and AES CSP
Provider Info : Provider Type: 24, Key Spec: 1, Flags: 0x0
CA cert URL : http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
OCSP URL : http://ocsp.sectigo.com
Extended Key Usage : 1.3.6.1.5.5.7.3.1 Проверка подлинности сервера
1.3.6.1.5.5.7.3.2 Проверка подлинности клиента
Certificate chain : Verified successfully.
#0:
Issuer : AAA Certificate Services
Subject : AAA Certificate Services
SHA1 Hash : d1eb23a46d17d68fd92564c2f1f1601764d8e349
#1:
Subject : USERTrust RSA Certification Authority
SHA1 Hash : d89e3bd43d5d909b47a18977aa9d5ce36cee184c
#2:
Subject : Sectigo RSA Domain Validation Secure Server CA
SHA1 Hash : 33e4e80807204c2b6182a3a14b591acd25b5f0db
#3:
Subject : *.myoffice-app.ru
SHA1 Hash : d4ed8861cadd8fdf91bc659938219687964f26a5
server: Код:/opt/cprocsp/bin/amd64/csptest -tlss -u d4ed8861cadd8fdf91bc659938219687964f26a5 -port 8443 -v
#0:
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.myoffice-app.ru
Valid : 15.11.2019 00:00:00 - 10.12.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.myoffice-app.ru
Valid : 15.11.2019 00:00:00 - 10.12.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
11 algorithms supported:
Aglid Class OID
[00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89)
[01] 0x6631 0x6000 1.2.643.7.1.1.5.2 (ГОСТ Р 34.12-2015 Кузнечик)
[02] 0x6630 0x6000 1.2.643.7.1.1.5.1 (ГОСТ Р 34.12-2015 Магма)
[03] 0x801e 0x8000 1.2.643.2.2.3 (ГОСТ Р 34.11/34.10-2001)
[04] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит)
[05] 0x801f 0x8000
[06] 0x803d 0x8000
[07] 0x803c 0x8000
[08] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001)
[09] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012)
[10] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012)
Cipher strengths: 256..256
Supported protocols: 0x540:
Transport Layer Security 1.0 server side
Transport Layer Security 1.1 server side
Transport Layer Security 1.2 server side
dwProtocolMask: 0x400d1555
Idle timeout: 0 ms
###после подключения клиента###
Accepting connection 1
Socket connection established
Received 150 (handshake) bytes from client
Send 5086 handshake bytes to client
Received 126 (handshake) bytes from client
Send 51 handshake bytes to client
SECPKG_ATTR_SESSION_INFO: Reuse: 0, SessionId: 9bc21161ddcd1ff5a07d4e7e4f4d194cccdf3f676141e770c9197c3b4e7511ca
Connected, waiting for request...
Received 158 (request) bytes from client
X
Message is: 'GET / HTTP/1.1
User-Agent: Webclient
Accept:*/*
Host: test.myoffice-app.ru
Connection: close
'
Send 67 header bytes to client
Send 34 data bytes to client
31 bytes of handshake data sent
client: Код:/opt/cprocsp/bin/amd64/csptest -tlsc -u e540c66d7e9ae40d9287b3c893abe7548458143b -port 8443 -server test.myoffice-app.ru -v
#0:
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.stageoffice.ru
Valid : 07.10.2019 00:00:00 - 31.10.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Client certificate:
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.stageoffice.ru
Valid : 07.10.2019 00:00:00 - 31.10.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
11 algorithms supported:
Aglid Class OID
[00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89)
[01] 0x6631 0x6000 1.2.643.7.1.1.5.2 (ГОСТ Р 34.12-2015 Кузнечик)
[02] 0x6630 0x6000 1.2.643.7.1.1.5.1 (ГОСТ Р 34.12-2015 Магма)
[03] 0x801e 0x8000 1.2.643.2.2.3 (ГОСТ Р 34.11/34.10-2001)
[04] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит)
[05] 0x801f 0x8000
[06] 0x803d 0x8000
[07] 0x803c 0x8000
[08] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001)
[09] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012)
[10] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012)
Cipher strengths: 256..256
Supported protocols: 0xa80:
Transport Layer Security 1.0 client side
Transport Layer Security 1.1 client side
Transport Layer Security 1.2 client side
dwProtocolMask: 0x800e2aaa
Protocol version: 3.3
ClientHello: RecordLayer: TLS, Len: 145
SessionId: (empty)
Cipher Suites: (c0 30) (c0 2f) (c0 28) (c0 27) (c0 14) (c0 13) (00 9d) (00 9c) (00 3d) (00 3c) (00 35) (00 2f) (00 0a)
150 bytes of handshake data sent
5086 bytes of handshake data received
126 bytes of handshake data sent
51 bytes of handshake data received
Handshake was successful
SECPKG_ATTR_SESSION_INFO: Reuse: 0, SessionId: 9bc21161ddcd1ff5a07d4e7e4f4d194cccdf3f676141e770c9197c3b4e7511ca
SECPKG_ATTR_CONNECTION_INFO: Protocol: FFFFFFFF
SECPKG_ATTR_CIPHER_INFO: Protocol: 800, Suite: C030 (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
SECPKG_ATTR_CIPHER_INFO: Cipher: (AES), Len: 256, BlockLen: 1
SECPKG_ATTR_CIPHER_INFO: Hash: (), Len: 0
SECPKG_ATTR_CIPHER_INFO: Exchange: (ECDH), MinLen: 256, MaxLen: 521
SECPKG_ATTR_CIPHER_INFO: Certificate: (RSA), KeyType: 0
SECPKG_ATTR_NAMES: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.myoffice-app.ru
SECPKG_ATTR_PACKAGE_INFO# fCapabilities: 0x107B3
SECPKG_ATTR_PACKAGE_INFO# wVersion: 1
SECPKG_ATTR_PACKAGE_INFO# wRPCID: 65535
SECPKG_ATTR_PACKAGE_INFO# cbMaxToken: 16379
SECPKG_ATTR_PACKAGE_INFO# Name: CryptoPro SSP
SECPKG_ATTR_PACKAGE_INFO# Comment: CryptoPro Security Package
Server certificate:
Subject: OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.myoffice-app.ru
Valid : 15.11.2019 00:00:00 - 10.12.2021 23:59:59 (UTC)
Issuer : C=GB, S=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
Protocol: 0xffffffff
Cipher: 0x6610
Cipher strength: 256
Hash: 0x0
Hash strength: 0
Key exchange: 0xae06
Key exchange strength: 256
Header: 13, Trailer: 16, MaxMessage: 16384
HTTP request: GET / HTTP/1.1
User-Agent: Webclient
Accept:*/*
Host: test.myoffice-app.ru
Connection: close
Sending plaintext: 100 bytes
158 bytes of application data sent
67 bytes of (encrypted) application data received
Decrypted data: 38 bytes
65 bytes of (encrypted) application data received
Decrypted data: 5 bytes
Extra data: 31 bytes
Context expired: OK if file is completely downloaded
Reply status: HTTP/1.0 200 OK
Sending Close Notify
31 bytes of handshake data sent
WARNING: ENOTCONN on socket shutdown (ungraceful shutdown)
1 connections, 43 bytes in 0.013 seconds;
Total: SYS: 0.040 sec USR: 0.080 sec UTC: 0.130 sec
[ErrorCode: 0x00000000]
Что может быть такого в RSA сертификате sectigo *.stageoffice.ru?
|