如何使用cURL调试SSL握手？ [英] How to debug SSL handshake using cURL?

问题描述

我想对使用客户端证书的每个目录身份验证进行故障排除。我特别想找出服务器发送哪些可接受的客户端证书。

I would like to troubleshoot per directory authentication with client certificate. I would specially like to find out which acceptable client certificates does server send.

如何调试SSL握手，最好使用cURL？

How do I debug SSL handshake, preferably with cURL?

预先感谢

推荐答案

我已使用此命令对客户端证书协商进行故障排除：

I have used this command to troubleshoot client certificate negotiation:

openssl s_client -connect www.test.com:443 -prexit

输出可能包含可接受的客户端证书CA名称和来自服务器的CA证书列表，或者如果服务器未提供，则可能包含未发送客户端证书CA名称始终需要客户证书。

The output will probably contain "Acceptable client certificate CA names" and a list of CA certificates from the server, or possibly "No client certificate CA names sent", if the server doesn't always require client certificates.

这篇关于如何使用cURL调试SSL握手？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！