如何使用 cURL 调试 SSL 握手? [英] How to debug SSL handshake using cURL?

问题描述

我想使用客户端证书对每个目录的身份验证进行故障排除.我特别想知道服务器发送了哪些可接受的客户端证书.

I would like to troubleshoot per directory authentication with client certificate. I would specially like to find out which acceptable client certificates does server send.

如何调试 SSL 握手，最好使用 cURL?

How do I debug SSL handshake, preferably with cURL?

推荐答案

我已经使用这个命令来解决客户端证书协商问题:

I have used this command to troubleshoot client certificate negotiation:

openssl s_client -connect www.test.com:443 -prexit

如果服务器并不总是需要客户端证书，输出可能会包含可接受的客户端证书 CA 名称"和来自服务器的 CA 证书列表，或者可能包含未发送客户端证书 CA 名称".

The output will probably contain "Acceptable client certificate CA names" and a list of CA certificates from the server, or possibly "No client certificate CA names sent", if the server doesn't always require client certificates.

这篇关于如何使用 cURL 调试 SSL 握手?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！