1.curl是什么
? cURL(客户端URL)是一个开放源代码的命令行工具,用来请求 Web和其他各种类型的服务器。curl有着大量的参数,常用来测试/调试服务器的开发和排查等,堪称一个网络“神器”。
文章图片
2.国密curl是什么
文章图片
? curl自身不支持国密SSL协议(TLCP)。程序员说:要有国密版curl,于是就有了国密版curl,哈哈,程序员就是软件世界的上帝啊。国密版curl,简称gmcurl,由国密SSL实验室(www.gmssl.cn)移植,并提供免费下载和使用。
3.国密curl使用(单向国密SSL)
3.1 简单执行
[root@206test ~]# ./gmcurl
GM Version: 1.0.0 Ported by www.gmssl.cn
Options:
--gmssl, use TLCP protocol
--cert,use sm2 sig pem cert
--key,use sm2 sig pem key
--cert2, use sm2 enc pem cert
--key2,use sm2 enc pem key
curl: try 'curl --help' or 'curl --manual' for more information3.2 简单访问
[root@206test ~]# ./gmcurl --gmssl -k https://ebssec.boc.cn
GM Version: 1.0.0 Ported by www.gmssl.cn
Options:
--gmssl, use TLCP protocol
--cert,use sm2 sig pem cert
--key,use sm2 sig pem key
--cert2, use sm2 enc pem cert
--key2,use sm2 enc pem key注释:
1)--gmssl表示启用国密SSL
2)-k表示不验证服务端证书
3.3 验证证书
[root@206test ~]# ./gmcurl --gmssl --cacert boc.ca.pem https://ebssec.boc.cn
GM Version: 1.0.0 Ported by www.gmssl.cn
Options:
--gmssl, use TLCP protocol
--cert,use sm2 sig pem cert
--key,use sm2 sig pem key
--cert2, use sm2 enc pem cert
--key2,use sm2 enc pem key注释:
1)--cacert表示加载本地可信证书链
2)boc.ca.pem下载地址为https://www.gmssl.cn/gmssl/do...
3.4 简单调试
[root@206test ~]# ./gmcurl --gmssl -k --verbose https://ebssec.boc.cn
GM Version: 1.0.0 Ported by www.gmssl.cn
Options:
--gmssl, use TLCP protocol
--cert,use sm2 sig pem cert
--key,use sm2 sig pem key
--cert2, use sm2 enc pem cert
--key2,use sm2 enc pem key
*Trying 123.124.191.183:443...
* Connected to ebssec.boc.cn (123.124.191.183) port 443 (#0)
* ALPN, offering http/1.1
* (101) (OUT), , Unknown (1):
* (101) (IN), , Unknown (2):
* (101) (IN), , Unknown (11):
* (101) (IN), , Unknown (12):
* (101) (IN), , Unknown (14):
* (101) (OUT), , Unknown (16):
* (101) (OUT), , Change cipher spec (1):
* (101) (OUT), , Unknown (20):
* (101) (IN), , Unknown (20):
* SSL connection using GMSSLv1.1 / ECC-SM4-CBC-SM3
* ALPN, server did not agree to a protocol
* Server certificate:
*subject: C=CN;
ST=\U5317\U4EAC;
L=\U5317\U4EAC;
O=\U4E2D\U56FD\U94F6\U884C\U80A1\U4EFD\U6709\U9650\U516C\U53F8;
OU=Local RA;
OU=SSL;
CN=ebssec.boc.cn
*start date: Jun 11 09:05:20 2021 GMT
*expire date: Jun 19 08:16:56 2026 GMT
*issuer: C=CN;
O=CFCA SM2 OCA1
*SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> Host: ebssec.boc.cn
> User-Agent: curl/7.82.0
> Accept: \*/*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Sun, 17 Jul 2022 04:06:39 GMT
< Last-Modified: Sat, 27 Jun 2015 16:48:38 GMT
< Accept-Ranges: bytes
< Content-Length: 156
< Cache-Control: max-age=300
< Expires: Sun, 17 Jul 2022 04:11:39 GMT
< Vary: Accept-Encoding,User-Agent
< Content-Type: text/html
<
* Connection #0 to host ebssec.boc.cn left intact
注释:
1) 可以看到协议GMSSLv1.1和算法ECC-SM4-CBC-SM3
2) 可以看到服务器证书信息
3) 可以看到HTTPS请求头和应答头
4) -–verbose可以简写为-v,即./gmcurl --gmssl -k -v https://ebssec.boc.cn
3.5 深度调试(包含SSL过程)
[root@206test ~]# ./gmcurl --gmssl -k --trace - https://ebssec.boc.cn
GM Version: 1.0.0 Ported by www.gmssl.cn
Options:
--gmssl, use TLCP protocol
--cert,use sm2 sig pem cert
--key,use sm2 sig pem key
--cert2, use sm2 enc pem cert
--key2,use sm2 enc pem key
== Info:Trying 123.124.191.183:443...
== Info: Connected to ebssec.boc.cn (123.124.191.183) port 443 (#0)
== Info: ALPN, offering http/1.1
=> Send SSL data, 5 bytes (0x5)
0000: 16 01 01 00 80.....
== Info: (101) (OUT), , Unknown (1):
=> Send SSL data, 128 bytes (0x80)
0000: 01 00 00 7c 01 01 04 8c 21 8f c5 fc d8 1e 9b 15 ...|....!.......
0010: 54 11 1b 7b cc 4f de bf 56 46 f7 30 85 b6 32 46 T..{.O..VF.0..2F
0020: 28 b5 03 7a 80 17 00 00 0e e0 53 e0 51 e0 13 e0 (..z......S.Q...
0030: 11 e0 03 e0 01 00 ff 01 00 00 45 00 00 00 12 00 ..........E.....
0040: 10 00 00 0d 65 62 73 73 65 63 2e 62 6f 63 2e 63 ....ebssec.boc.c
0050: 6e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 n...............
0060: 1d 00 17 00 1e 00 19 00 18 33 74 00 00 00 10 00 .........3t.....
0070: 0b 00 09 08 68 74 74 70 2f 31 2e 31 00 16 00 00 ....http/1.1....
<= Recv SSL data, 5 bytes (0x5)
0000: 16 01 01 00 39....9
== Info: (101) (IN), , Unknown (2):
<= Recv SSL data, 57 bytes (0x39)
0000: 02 00 00 35 01 01 62 d3 8c 34 7c a3 f0 aa e3 da ...5..b..4|.....
0010: 61 85 fd 8e 05 77 98 f0 9e 3e f0 82 3d 57 70 cf a....w...>..=Wp.
0020: e1 74 dc 19 54 44 00 e0 13 00 00 0d ff 01 00 01 .t..TD..........
0030: 00 00 0b 00 04 03 00 01 02.........
<= Recv SSL data, 5 bytes (0x5)
0000: 16 01 01 05 b2.....
== Info: (101) (IN), , Unknown (11):
<= Recv SSL data, 1458 bytes (0x5b2)
0000: 0b 00 05 ae 00 05 ab 00 02 d3 30 82 02 cf 30 82 ..........0...0.
0010: 02 72 a0 03 02 01 02 02 05 13 36 39 33 70 30 0c .r........693p0.
0020: 06 08 2a 81 1c cf 55 01 83 75 05 00 30 25 31 0b ..\*...U..u..0%1.
0030: 30 09 06 03 55 04 06 13 02 43 4e 31 16 30 14 06 0...U....CN1.0..
0040: 03 55 04 0a 0c 0d 43 46 43 41 20 53 4d 32 20 4f .U....CFCA SM2 O
0050: 43 41 31 30 1e 17 0d 32 31 30 36 31 31 30 39 30 CA10...210611090
0060: 35 32 30 5a 17 0d 32 36 30 36 31 39 30 38 31 36 520Z..2606190816
0070: 35 36 5a 30 81 91 31 0b 30 09 06 03 55 04 06 13 56Z0..1.0...U...
0080: 02 43 4e 31 0f 30 0d 06 03 55 04 08 0c 06 e5 8c .CN1.0...U......
0090: 97 e4 ba ac 31 0f 30 0d 06 03 55 04 07 0c 06 e5 ....1.0...U.....
00a0: 8c 97 e4 ba ac 31 27 30 25 06 03 55 04 0a 0c 1e .....1'0%..U....
00b0: e4 b8 ad e5 9b bd e9 93 b6 e8 a1 8c e8 82 a1 e4 ................
00c0: bb bd e6 9c 89 e9 99 90 e5 85 ac e5 8f b8 31 11 ..............1.
00d0: 30 0f 06 03 55 04 0b 0c 08 4c 6f 63 61 6c 20 52 0...U....Local R
00e0: 41 31 0c 30 0a 06 03 55 04 0b 0c 03 53 53 4c 31 A1.0...U....SSL1
00f0: 16 30 14 06 03 55 04 03 0c 0d 65 62 73 73 65 63 .0...U....ebssec
0100: 2e 62 6f 63 2e 63 6e 30 59 30 13 06 07 2a 86 48 .boc.cn0Y0...\*.H
0110: ce 3d 02 01 06 08 2a 81 1c cf 55 01 82 2d 03 42 .=....\*...U..-.B
0120: 00 04 fb 0d 52 7a 19 40 cf 42 4a 7b c2 e7 b4 db ....Rz.@.BJ{....
0130: bd d7 f2 39 30 ae 3c e4 a5 66 63 c0 cb 10 4a 16 ...90.<..fc...J.
0140: 3f 98 d5 01 ff c6 5b 9b 1d d5 5f e5 7a 87 ac ed ?.....[..._.z...
0150: 63 08 34 62 ed a3 79 20 a1 97 40 5d 78 f7 67 3c c.4b..y ..@]x.g<
0160: d3 73 a3 82 01 1e 30 82 01 1a 30 1f 06 03 55 1d .s....0...0...U.
0170: 23 04 18 30 16 80 14 5c 93 58 20 5a 24 73 56 10 #..0...\.X Z$sV.
0180: 1b 64 50 10 ec e9 a7 ca 07 41 11 30 0c 06 03 55 .dP......A.0...U
0190: 1d 13 01 01 ff 04 02 30 00 30 48 06 03 55 1d 20 .......0.0H..U.
01a0: 04 41 30 3f 30 3d 06 08 60 81 1c 86 ef 2a 01 01 .A0?0=..`....\*..
01b0: 30 31 30 2f 06 08 2b 06 01 05 05 07 02 01 16 23 010/..+........#
01c0: 68 74 74 70 3a 2f 2f 77 77 77 2e 63 66 63 61 2e http://www.cfca.
01d0: 63 6f 6d 2e 63 6e 2f 75 73 2f 75 73 2d 31 34 2e com.cn/us/us-14.
01e0: 68 74 6d 30 37 06 03 55 1d 1f 04 30 30 2e 30 2c htm07..U...00.0,
01f0: a0 2a a0 28 86 26 68 74 74 70 3a 2f 2f 63 72 6c .\*.(.&http://crl
0200: 2e 63 66 63 61 2e 63 6f 6d 2e 63 6e 2f 53 4d 32 .cfca.com.cn/SM2
0210: 2f 63 72 6c 35 36 31 38 2e 63 72 6c 30 18 06 03 /crl5618.crl0...
0220: 55 1d 11 04 11 30 0f 82 0d 65 62 73 73 65 63 2e U....0...ebssec.
0230: 62 6f 63 2e 63 6e 30 0e 06 03 55 1d 0f 01 01 ff boc.cn0...U.....
0240: 04 04 03 02 06 c0 30 1d 06 03 55 1d 0e 04 16 04 ......0...U.....
0250: 14 9e a8 16 8f ce ac a8 03 84 71 4e 46 96 aa d3 ..........qNF...
0260: 89 17 ed 3d 4a 30 1d 06 03 55 1d 25 04 16 30 14 ...=J0...U.%..0.
0270: 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 ..+.........+...
0280: 05 07 03 01 30 0c 06 08 2a 81 1c cf 55 01 83 75 ....0...\*...U..u
0290: 05 00 03 49 00 30 46 02 21 00 af 85 2b db bf 98 ...I.0F.!...+...
02a0: 7a 11 19 75 61 c0 8b 83 e7 f3 f5 49 5e 41 b6 8f z..ua......I^A..
02b0: 7c 16 30 52 35 03 d9 d0 07 55 02 21 00 c4 42 e2 |.0R5....U.!..B.
02c0: 4f 52 fe 64 82 d1 4a 54 bc 2a a1 fc 34 02 d9 48 OR.d..JT.\*..4..H
02d0: bc 4d c7 1d e4 6d 88 81 84 ac 72 75 0d 00 02 d2 .M...m....ru....
02e0: 30 82 02 ce 30 82 02 72 a0 03 02 01 02 02 05 13 0...0..r........
02f0: 36 39 33 71 30 0c 06 08 2a 81 1c cf 55 01 83 75 693q0...\*...U..u
0300: 05 00 30 25 31 0b 30 09 06 03 55 04 06 13 02 43 ..0%1.0...U....C
0310: 4e 31 16 30 14 06 03 55 04 0a 0c 0d 43 46 43 41 N1.0...U....CFCA
0320: 20 53 4d 32 20 4f 43 41 31 30 1e 17 0d 32 31 30SM2 OCA10...210
0330: 36 31 31 30 39 30 35 32 30 5a 17 0d 32 36 30 36 611090520Z..2606
0340: 31 39 30 38 31 36 35 36 5a 30 81 91 31 0b 30 09 19081656Z0..1.0.
0350: 06 03 55 04 06 13 02 43 4e 31 0f 30 0d 06 03 55 ..U....CN1.0...U
0360: 04 08 0c 06 e5 8c 97 e4 ba ac 31 0f 30 0d 06 03 ..........1.0...
0370: 55 04 07 0c 06 e5 8c 97 e4 ba ac 31 27 30 25 06 U..........1'0%.
0380: 03 55 04 0a 0c 1e e4 b8 ad e5 9b bd e9 93 b6 e8 .U..............
0390: a1 8c e8 82 a1 e4 bb bd e6 9c 89 e9 99 90 e5 85 ................
03a0: ac e5 8f b8 31 11 30 0f 06 03 55 04 0b 0c 08 4c ....1.0...U....L
03b0: 6f 63 61 6c 20 52 41 31 0c 30 0a 06 03 55 04 0b ocal RA1.0...U..
03c0: 0c 03 53 53 4c 31 16 30 14 06 03 55 04 03 0c 0d ..SSL1.0...U....
03d0: 65 62 73 73 65 63 2e 62 6f 63 2e 63 6e 30 59 30 ebssec.boc.cn0Y0
03e0: 13 06 07 2a 86 48 ce 3d 02 01 06 08 2a 81 1c cf ...\*.H.=....\*...
03f0: 55 01 82 2d 03 42 00 04 c9 f5 ab e8 5b 57 48 b5 U..-.B......[WH.
0400: aa 72 80 cb b4 1e 67 76 5f 00 3f a0 a8 75 f8 17 .r....gv_.?..u..
0410: 93 2a 22 1b 1a ac e0 e5 5a c6 af 7f f7 5c a6 b0 .\*".....Z...\..
0420: b4 17 6e fb cd ce 38 69 80 41 ff 7b 9c cb 83 c5 ..n...8i.A.{....
0430: a9 76 91 1d 0a 7c 3c 4c a3 82 01 1e 30 82 01 1a .v...|***
0440: 30 1f 06 03 55 1d 23 04 18 30 16 80 14 5c 93 58 0...U.#..0...\.X
0450: 20 5a 24 73 56 10 1b 64 50 10 ec e9 a7 ca 07 41Z$sV..dP......A
0460: 11 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 .0...U.......0.0
0470: 48 06 03 55 1d 20 04 41 30 3f 30 3d 06 08 60 81 H..U. .A0?0=..`.
0480: 1c 86 ef 2a 01 01 30 31 30 2f 06 08 2b 06 01 05 ...\*..010/..+...
0490: 05 07 02 01 16 23 68 74 74 70 3a 2f 2f 77 77 77 .....#http://www
04a0: 2e 63 66 63 61 2e 63 6f 6d 2e 63 6e 2f 75 73 2f .cfca.com.cn/us/
04b0: 75 73 2d 31 34 2e 68 74 6d 30 37 06 03 55 1d 1f us-14.htm07..U..
04c0: 04 30 30 2e 30 2c a0 2a a0 28 86 26 68 74 74 70 .00.0,.\*.(.&http
04d0: 3a 2f 2f 63 72 6c 2e 63 66 63 61 2e 63 6f 6d 2e ://crl.cfca.com.
04e0: 63 6e 2f 53 4d 32 2f 63 72 6c 35 36 31 38 2e 63 cn/SM2/crl5618.c
04f0: 72 6c 30 18 06 03 55 1d 11 04 11 30 0f 82 0d 65 rl0...U....0...e
0500: 62 73 73 65 63 2e 62 6f 63 2e 63 6e 30 0e 06 03 bssec.boc.cn0...
0510: 55 1d 0f 01 01 ff 04 04 03 02 03 38 30 1d 06 03 U..........80...
0520: 55 1d 0e 04 16 04 14 5f da d4 91 ef cc bc db a4 U......_........
0530: 56 c1 96 35 fb 84 dc 51 a6 3f f6 30 1d 06 03 55 V..5...Q.?.0...U
0540: 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 .%..0...+.......
0550: 06 08 2b 06 01 05 05 07 03 01 30 0c 06 08 2a 81 ..+.......0...\*.
0560: 1c cf 55 01 83 75 05 00 03 48 00 30 45 02 21 00 ..U..u...H.0E.!.
0570: c2 38 58 b5 79 97 20 88 de ad fa 1e a5 c4 bc 12 .8X.y. .........
0580: 82 b0 21 dc 96 a5 97 e6 72 03 67 8f c3 ac 5c 8f ..!.....r.g...\.
0590: 02 20 37 20 ef a3 be b5 76 9c 09 85 cc 96 7f 25 . 7 ....v.....%
05a0: 42 02 76 93 7f 45 5f e0 32 d6 23 52 be 4b ba 68 B.v.E_.2.#R.K.h
05b0: 52 bfR.
<= Recv SSL data, 5 bytes (0x5)
0000: 16 01 01 00 4d....M
== Info: (101) (IN), , Unknown (12):
<= Recv SSL data, 77 bytes (0x4d)
0000: 0c 00 00 49 00 47 30 45 02 20 07 bb 5c f7 90 d0 ...I.G0E. ..\...
0010: c0 91 fd 80 69 0f c7 78 27 7b b4 fd 55 5b 59 1b ....i..x'{..U[Y.
0020: 35 e8 14 b7 b1 72 3c 0b 04 93 02 21 00 fd 4c d7 5....r<....!..L.
0030: 5c 16 87 5f 6b 63 f3 7e a9 73 75 8b cc 56 7e fa \.._kc.~.su..V~.
0040: bc 78 bf 7a 2d cb 30 0d 3b 78 06 91 6f.x.z-.0.;
x..o
<= Recv SSL data, 5 bytes (0x5)
0000: 16 01 01 00 04.....
== Info: (101) (IN), , Unknown (14):
<= Recv SSL data, 4 bytes (0x4)
0000: 0e 00 00 00....
=> Send SSL data, 5 bytes (0x5)
0000: 16 01 01 00 a3.....
== Info: (101) (OUT), , Unknown (16):
=> Send SSL data, 163 bytes (0xa3)
0000: 10 00 00 9f 00 9d 30 81 99 02 21 00 ad db a9 b8 ......0...!.....
0010: af 6f be 9e d4 78 8a d5 f6 83 e8 45 90 42 db ad .o...x.....E.B..
0020: cb 9f a0 29 2c e5 66 88 8d 27 8b 27 02 20 3d b4 ...),.f..'.'. =.
0030: dc f9 40 84 c4 02 60 96 95 a6 da f3 76 f9 d1 06 ..@...`.....v...
0040: b0 18 f5 da c6 30 2f dd da 69 d5 97 17 7f 04 20 .....0/..i....*
0050: bf 2c 65 24 97 50 7b a6 62 df 27 db 34 8f 65 bf .,e$.P{.b.'.4.e.
0060: 90 3f b9 e2 2d f0 e4 b8 17 98 c9 cf 8f 4e 78 db .?..-........Nx.
0070: 04 30 48 d8 08 d9 1e 86 31 16 82 e8 f8 bd e5 23 .0H.....1......#
0080: 0e ae 95 06 77 4f 20 ca 75 1a 43 57 05 d2 2b d6 ....wO .u.CW..+.
0090: 81 fc a5 88 b4 6e 72 6b 22 8d 87 3d 0a cd de b1 .....nrk"..=....
00a0: 6f 84 00o..
=> Send SSL data, 5 bytes (0x5)
0000: 14 01 01 00 01.....
== Info: (101) (OUT), , Change cipher spec (1):
=> Send SSL data, 1 bytes (0x1)
0000: 01.
=> Send SSL data, 5 bytes (0x5)
0000: 16 01 01 00 50....P
== Info: (101) (OUT), , Unknown (20):
=> Send SSL data, 16 bytes (0x10)
0000: 14 00 00 0c c1 5f 9d fc 52 8d 3a 99 12 8b 4e fa ....._..R.:...N.
<= Recv SSL data, 5 bytes (0x5)
0000: 14 01 01 00 01.....
<= Recv SSL data, 5 bytes (0x5)
0000: 16 01 01 00 50....P
== Info: (101) (IN), , Unknown (20):
<= Recv SSL data, 16 bytes (0x10)
0000: 14 00 00 0c 40 7b 25 ad a3 46 d9 8a a2 d0 27 a0 ....@{%..F....'.
== Info: SSL connection using GMSSLv1.1 / ECC-SM4-CBC-SM3
== Info: ALPN, server did not agree to a protocol
== Info: Server certificate:
== Info:subject: C=CN;
ST=\U5317\U4EAC;
L=\U5317\U4EAC;
O=\U4E2D\U56FD\U94F6\U884C\U80A1\U4EFD\U6709\U9650\U516C\U53F8;
OU=Local RA;
OU=SSL;
CN=ebssec.boc.cn
== Info:start date: Jun 11 09:05:20 2021 GMT
== Info:expire date: Jun 19 08:16:56 2026 GMT
== Info:issuer: C=CN;
O=CFCA SM2 OCA1
== Info:SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
=> Send SSL data, 5 bytes (0x5)
0000: 17 01 01 00 80.....
=> Send header, 77 bytes (0x4d)
0000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a GET / HTTP/1.1..
0010: 48 6f 73 74 3a 20 65 62 73 73 65 63 2e 62 6f 63 Host: ebssec.boc
0020: 2e 63 6e 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a .cn..User-Agent:
0030: 20 63 75 72 6c 2f 37 2e 38 32 2e 30 0d 0a 41 63curl/7.82.0..Ac
0040: 63 65 70 74 3a 20 2a 2f 2a 0d 0a 0d 0acept: \*/\*....
<= Recv SSL data, 5 bytes (0x5)
0000: 17 01 01 01 e0.....
== Info: Mark bundle as not supporting multiuse
<= Recv header, 17 bytes (0x11)
0000: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK.
0010: 0a.
<= Recv header, 37 bytes (0x25)
0000: 44 61 74 65 3a 20 53 75 6e 2c 20 31 37 20 4a 75 Date: Sun, 17 Ju
0010: 6c 20 32 30 32 32 20 30 34 3a 31 32 3a 33 36 20 l 2022 04:12:36
0020: 47 4d 54 0d 0aGMT..
<= Recv header, 46 bytes (0x2e)
0000: 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 53 Last-Modified: S
0010: 61 74 2c 20 32 37 20 4a 75 6e 20 32 30 31 35 20 at, 27 Jun 2015
0020: 31 36 3a 34 38 3a 33 38 20 47 4d 54 0d 0a16:48:38 GMT..
<= Recv header, 22 bytes (0x16)
0000: 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 Accept-Ranges: b
0010: 79 74 65 73 0d 0aytes..
<= Recv header, 21 bytes (0x15)
0000: 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 Content-Length:
0010: 31 35 36 0d 0a156..
<= Recv header, 28 bytes (0x1c)
0000: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d Cache-Control: m
0010: 61 78 2d 61 67 65 3d 33 30 30 0d 0aax-age=300..
<= Recv header, 40 bytes (0x28)
0000: 45 78 70 69 72 65 73 3a 20 53 75 6e 2c 20 31 37 Expires: Sun, 17
0010: 20 4a 75 6c 20 32 30 32 32 20 30 34 3a 31 37 3aJul 2022 04:17:
0020: 33 36 20 47 4d 54 0d 0a36 GMT..
<= Recv header, 34 bytes (0x22)
0000: 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 Vary: Accept-Enc
0010: 6f 64 69 6e 67 2c 55 73 65 72 2d 41 67 65 6e 74 oding,User-Agent
0020: 0d 0a..
<= Recv header, 25 bytes (0x19)
0000: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 Content-Type: te
0010: 78 74 2f 68 74 6d 6c 0d 0axt/html..
<= Recv header, 2 bytes (0x2)
0000: 0d 0a..
<= Recv data, 156 bytes (0x9c)
0000: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c <
0010: 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 html>
== Info: Connection #0 to host ebssec.boc.cn left intact注释:
1)可以看到国密SSL国产的完整数据
2)可以把日志输出到文件
即./gmcurl --gmssl -k --trace ssl.log https://ebssec.boc.cn
4.国密curl使用(双向国密SSL) 4.1 生成用户国密双证书
文章图片
4.2 使用用户国密双证书访问
[root@206test ~]# ./gmcurl --gmssl -k --cert ./sm2.user1.sig.crt.pem --key ./sm2.user1.sig.key.pem --cert2 ./sm2.user1.enc.crt.pem --key2 ./sm2.user1.enc.key.pem https://demo.gmssl.cn:1443
GM Version: 1.0.0 Ported by www.gmssl.cn
Options:
--gmssl, use TLCP protocol
--cert,use sm2 sig pem cert
--key,use sm2 sig pem key
--cert2, use sm2 enc pem cert
--key2,use sm2 enc pem key恭喜
.style1
{
font-family: Consolas,monospace;
font-size: 14px;
white-space: nowrap;
}
成功访问了受HTTPS保护的页面。
SSL信息:GMSSLv1.1,ECC-SM4-GCM-SM3
证书信息
[0]
Version:
3
SerialNumber:
1658039001384
IssuerDN:
C=CN,O=GMSSL,OU=PKI/SM2,CN=MiddleCA
for
Test
Start
Date:
Sun
Jul
17
00:00:00
CST
2022
Final
Date:
Mon
Jul
17
00:00:00
CST
2023
SubjectDN:
C=CN,CN=user1
Public
Key:
EC
Public
Key
X:
97c5e022cd46ff344da14c59c97d1d71d67b4daf2c5b1c6687adde3fd3e3d051
Y:
97015282f9dc49ea209aebc5b0c1b4f81b8018b391d5195438bdab9251fe1341
Signature
Algorithm:
1.2.156.10197.1.501
Signature:
3045022100f7937695e82f349cc00fe94cc07988
0ecd5ff1b36bcf25b144f1a150889bd89b022075
f9cae85fdcd0ad30e6b4cd2cbd95686ee1310f89
56605827f6501148800988
Extensions:
critical(false)
2.5.29.35
value
=
Sequence
Tagged
[0]
IMPLICIT
DER
Octet
String[16]
critical(false)
2.5.29.14
value
=
DER
Octet
String[16]
critical(false)
BasicConstraints:
isCa(false)
critical(true)
KeyUsage:
0xc0
证书PEM
-----BEGIN
CERTIFICATE-----
MIIBuTCCAV2gAwIBAgIGAYIK02EoMAwGCCqBHM9VAYN1BQAwSzELMAkGA1UEBhMC
Q04xDjAMBgNVBAoTBUdNU1NMMRAwDgYDVQQLEwdQS0kvU00yMRowGAYDVQQDExFN
aWRkbGVDQSBmb3IgVGVzdDAiGA8yMDIyMDcxNjE2MDAwMFoYDzIwMjMwNzE2MTYw
MDAwWjAdMQswCQYDVQQGEwJDTjEOMAwGA1UEAxMFdXNlcjEwWTATBgcqhkjOPQIB
BggqgRzPVQGCLQNCAASXxeAizUb/NE2hTFnJfR1x1ntNryxbHGaHrd4/0+PQUZcB
UoL53EnqIJrrxbDBtPgbgBizkdUZVDi9q5JR/hNBo1UwUzAbBgNVHSMEFDASgBD5
f1W0J5QzYqZWym/MXRr/MBkGA1UdDgQSBBBTZ9eBZ4tYvhe+Sj2oeI4xMAkGA1Ud
EwQCMAAwDgYDVR0PAQH/BAQDAgDAMAwGCCqBHM9VAYN1BQADSAAwRQIhAPeTdpXo
LzScwA/pTMB5iA7NX/Gza88lsUTxoVCIm9ibAiB1+croX9zQrTDmtM0svZVobuEx
D4lWYFgn9lARSIAJiA==
-----END
CERTIFICATE-----
注释:
1)https://demo.gmssl.cn:1443同时也支持单向国密SSL,不带客户端证书也可以访问,但页面不显示客户端证书信息
5.国密curl下载 【国密curl的用法指南】1) XP/Win7/Win10
https://www.gmssl.cn/gmssl/do...
2) CentOS7/8
https://www.gmssl.cn/gmssl/do...
3) MacOS x86_64
https://www.gmssl.cn/gmssl/do...
