Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

测试rt-thread网站找不到CA #3

Open
flyranchao opened this issue Jun 17, 2020 · 7 comments
Open

测试rt-thread网站找不到CA #3

flyranchao opened this issue Jun 17, 2020 · 7 comments

Comments

@flyranchao
Copy link

msh />curl --verbose --capath ./ https://www.rt-thread.com/service/rt-thread.txt

  • timeout on name lookup is not supported
  • Trying 118.31.15.152:443...
  • TCP_NODELAY set
  • Connected to www.rt-thread.com () port 443 (#0)
  • Error reading ca cert path ./ - mbedTLS: (-0x2900) X509 - Read/write of file failed
  • Closing connection 0
    curl: (77) Error reading ca cert path ./ - mbedTLS: (-0x2900) X509 - Read/write of file failed
    msh />qemu: terminating on signal 2
@liu2guang
Copy link
Owner

curl -v -k https://xxx.xxxx.xxx/xx
-k 忽略证书

还有就是你./没有证书

@flyranchao
Copy link
Author

你好.首先感谢你的恢复.

这个./目录是我的编译pc的./
还是mbedtls/certs目录

@liu2guang
Copy link
Owner

./是你板子上文件系统的路径

@flyranchao
Copy link
Author

谢谢.
-k跳过证书执行是正常的.
但是我是在pc上用的ENV工具测试的.
另外我按照文档已经把rt-thread的证书获取加到/mbedtls/certs目录下了.可还是不行.

@liu2guang
Copy link
Owner

mbedtls配置不太清楚,RTT论坛问下把,把文件证书放到你板子的这个路径也是可以的,不一定与内核编译到一起
image

@flyranchao
Copy link
Author

你好,十分感谢你的及时回复:
下午我将该包移植到板子上后执行出现如下问题:
1.dns服务开启不了.而我ping www.baidu.com又是正常的.
请问该包也需要单独开dns服务吗?
2.采用加密的方式,我将证书已经放到了对应路径下.还是过不了.
不加密执行(-k参数)是正常的.

3.另外想咨询一下这个包有没有详细一点儿的文档介绍啊.不如移植,使用,api等?
msh />curl --verbose --cacert ./data/USER_ROOT_CA.cer https://118.31.15.152/service/rt-thread.txt

  • timeout on name lookup is not supported
  • Trying 118.31.15.152:443...
  • TCP_NODELAY set
  • Connected to 118.31.15.152 () port 443 (#0)
  • mbedTLS: Connecting to 118.31.15.152:443
  • mbedTLS: Set min SSL version to TLS 1.0
  • mbedTLS: Handshake complete, cipher is TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
  • Cert verify failed: BADCERT_CN_MISMATCH
  • Closing connection 0
    curl: (60) Cert verify failed: BADCERT_CN_MISMATCH
    More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

@flyranchao
Copy link
Author

dns服务总是过不了,直接ping www.rt-thread.com都能通.是哪里没有配置吗?
msh />curl --verbose -k --capath ./ https://www.rt-thread.com/service/rt-thread.txt

  • timeout on name lookup is not supported
  • Curl_ipv4_resolve_r failed for www.rt-thread.com
  • Couldn't resolve host 'www.rt-thread.com'
  • Closing connection 0
    curl: (6) Couldn't resolve host 'www.rt-thread.com'

msh />ping www.rt-thread.com
60 bytes from 118.31.15.152 icmp_seq=0 ttl=49 time=60 ms
60 bytes from 118.31.15.152 icmp_seq=1 ttl=49 time=30 ms
60 bytes from 118.31.15.152 icmp_seq=2 ttl=49 time=30 ms
60 bytes from 118.31.15.152 icmp_seq=3 ttl=49 time=30 ms

@flyranchao flyranchao mentioned this issue Jun 30, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@liu2guang @flyranchao