调试SSL握手 [英] Debugging SSL Handshake

问题描述

如何调试ssl握手，最好使用curl？

How to debug ssl handshake, preferably with curl?

我想使用客户端证书解决每个目录身份验证。

I would like to troubleshoot per directory authentication with client certificate. I would specially like to find out which acceptable client certificates does server send.

提前感谢

推荐答案

我已使用此命令排查客户端证书协商问题：

I have used this command to troubleshoot client certificate negotiation:

openssl s_client -connect www.test.com:443 -prexit

输出可能包含可接受的客户端证书CA名称来自服务器的CA证书，或者如果服务器不总是需要客户端证书，则可能是没有发送客户端证书CA名称。

The output will probably contain "Acceptable client certificate CA names" and a list of CA certificates from the server, or possibly "No client certificate CA names sent", if the server doesn't always require client certificates.

这篇关于调试SSL握手的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！