tongsuo-project / tongsuo-go-sdk Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
tongsuo-go-sdk's Issues
请问有没有具体发布计划?
近期有接入国密通信的需要,请问有没有具体的发布计划?方便的话可否告知?感激!感激!
支持macOS系统
增加macOS CI
编译不过
报错信息:
could not determine kind of name for C.SSL_CTX_use_enc_PrivateKey
could not determine kind of name for C.SSL_CTX_use_enc_certificate
could not determine kind of name for C.SSL_CTX_use_sign_PrivateKey
could not determine kind of name for C.SSL_CTX_use_sign_certificate
修改代码忽略这几个函数后报错:
shim.c:501:9: error: implicit declaration of function 'NTLS_method' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
shim.c:501:9: warning: incompatible integer to pointer conversion returning 'int' from a function with result type 'const SSL_METHOD *' (aka 'const struct ssl_method_st *') [-Wint-conversion]
shim.c:504:9: error: implicit declaration of function 'NTLS_client_method' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
shim.c:504:9: warning: incompatible integer to pointer conversion returning 'int' from a function with result type 'const SSL_METHOD *' (aka 'const struct ssl_method_st *') [-Wint-conversion]
shim.c:507:9: error: implicit declaration of function 'NTLS_server_method' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
shim.c:507:9: warning: incompatible integer to pointer conversion returning 'int' from a function with result type 'const SSL_METHOD *' (aka 'const struct ssl_method_st *') [-Wint-conversion]
shim.c:515:9: error: implicit declaration of function 'SSL_CTX_enable_ntls' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
shim.c:515:9: note: did you mean 'X_SSL_CTX_enable_ntls'?
shim.c:514:6: note: 'X_SSL_CTX_enable_ntls' declared here
shim.c:515:2: error: void function 'X_SSL_CTX_enable_ntls' should not return a value [-Wreturn-type]
使用的铜锁库版本:8.3.2
支持logger
这个库如何使用能否提供下示例?
支持SM2证书签发,包括签名证书和加密证书
是否支持 TLS1.3 单证书的服务端和客户端?
请问下,如果使用 Go,目前是否支持基于国密的 TLS_1.x ?看上去似乎可以启动服务端,但是客户端没法校验对端证书。
我尝试启动了一个 tls1.3 的 tcp 服务器
tsCtx, err := tongsuosdk.NewCtx()
if err != nil {
panic(errors.Wrap(err, "new ctx"))
}
cert, err := tscrypto.LoadCertificateFromPEM(certPem)
if err != nil {
panic(errors.Wrap(err, "load cert"))
}
if err = tsCtx.UseCertificate(cert); err != nil {
panic(errors.Wrap(err, "use cert"))
}
prikey, err := tscrypto.LoadPrivateKeyFromPEM(prikeyPem)
if err != nil {
panic(errors.Wrap(err, "load prikey"))
}
tsCtx.UsePrivateKey(prikey)
listener, err := tongsuosdk.Listen("tcp", "127.0.0.1:48271", tsCtx)使用命令行可以看到服务端的证书:
tongsuo s_client -connect 127.0.0.1:48271
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = CN, ST = Shanghai, L = Shanghai, O = BBT, OU = XSS, CN = Leaf Cert
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = CN, ST = Shanghai, L = Shanghai, O = BBT, OU = XSS, CN = Leaf Cert
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = CN, ST = Shanghai, L = Shanghai, O = BBT, OU = XSS, CN = Leaf Cert
verify return:1
---
Certificate chain
0 s:C = CN, ST = Shanghai, L = Shanghai, O = BBT, OU = XSS, CN = Leaf Cert
i:C = CN, ST = Shanghai, L = Shanghai, O = BBT, OU = XSS, CN = Root CA
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: SM2-SM3
v:NotBefore: Dec 20 07:03:25 2023 GMT; NotAfter: Dec 17 07:03:25 2033 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICOjCCAeCgAwIBAgIUK02vV3EIZ/a1LA3uhnPs3REdgFgwCgYIKoEcz1UBg3Uw
YTELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5naGFpMREwDwYDVQQHDAhTaGFu
Z2hhaTEMMAoGA1UECgwDQkJUMQwwCgYDVQQLDANYU1MxEDAOBgNVBAMMB1Jvb3Qg
Q0EwHhcNMjMxMjIwMDcwMzI1WhcNMzMxMjE3MDcwMzI1WjBjMQswCQYDVQQGEwJD
TjERMA8GA1UECAwIU2hhbmdoYWkxETAPBgNVBAcMCFNoYW5naGFpMQwwCgYDVQQK
DANCQlQxDDAKBgNVBAsMA1hTUzESMBAGA1UEAwwJTGVhZiBDZXJ0MFkwEwYHKoZI
zj0CAQYIKoEcz1UBgi0DQgAEP4EofNMJ6WriQBAgargp4hzV/ZgzJeUSlcKqKVkv
uUjd3DBQwagVpFOE/JTFRDvObrZR6Nf0Azyi30xSlMkFwqN0MHIwDAYDVR0TAQH/
BAIwADALBgNVHQ8EBAMCA/gwHQYDVR0OBBYEFOfFdG8+JaWaZC2Vywhm12Otyf+O
MB8GA1UdIwQYMBaAFOmm/EuVjwzYGt7RHxHHw7xFYp0gMBUGA1UdIAQOMAwwCgYI
KgMEBQYHCAEwCgYIKoEcz1UBg3UDSAAwRQIhAJ0nNc8qJSUgQadURpSYBxAoJeIw
SGO1g6O2HPkD0nmLAiAWZ35fO5q/bKum5oSDXFv+E6pUbJ99bTdIp8gavNNKug==
-----END CERTIFICATE-----
subject=C = CN, ST = Shanghai, L = Shanghai, O = BBT, OU = XSS, CN = Leaf Cert
issuer=C = CN, ST = Shanghai, L = Shanghai, O = BBT, OU = XSS, CN = Root CA
---
No client certificate CA names sent
Peer signing digest: SM3
Peer signature type: SM2
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 945 bytes and written 385 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 96C7121745F218C11EA8F723F8952088A635B8F5ACD5717CED7C3449F0151FE6
Session-ID-ctx:
Resumption PSK: E6E576FFFD20F88B3DC603D6BF61BBB63280382493ABF09485FF654DC2C6ADA09C3E6195644D93E30B3606B6674760B0
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - b6 de 28 5a 20 5d 0f e2-b4 71 14 d3 61 1c a5 cf ..(Z ]...q..a...
0010 - fe 3b 04 be 59 d4 c4 ab-cd 0e e4 41 da 29 70 c9 .;..Y......A.)p.
0020 - 86 ea 9c 65 b2 a0 7a 94-1f a7 fc 53 a8 0a 41 75 ...e..z....S..Au
0030 - e2 e6 54 c5 1b 73 5b 5b-72 83 86 39 97 ad e9 08 ..T..s[[r..9....
0040 - 00 50 fa b8 71 30 85 88-98 c0 e0 1a 96 f2 84 9e .P..q0..........
0050 - c4 8d 61 36 0d b8 df 14-37 d4 da 54 62 4c a5 4f ..a6....7..TbL.O
0060 - 40 d1 c8 df 85 ba a2 f4-f6 09 e6 c1 f0 7c 5c 59 @............|\Y
0070 - 1a 96 55 0a db 60 77 91-1c 68 b7 27 77 2c 00 7a ..U..`w..h.'w,.z
0080 - 5f d4 05 0e 7a 23 da cb-cd 83 dc 4a 3b 03 4b 79 _...z#.....J;.Ky
0090 - e7 94 17 94 c6 0e e8 6c-1c e6 de 01 45 25 5d 70 .......l....E%]p
00a0 - be eb c1 13 12 ea bc d3-5f f7 a0 46 29 97 24 57 ........_..F).$W
00b0 - 2c c2 6c 4b ff 3b 22 6b-44 39 1a ed f0 d1 5f 10 ,.lK.;"kD9...._.
00c0 - 5d 0e df 4b 89 f7 ae 26-a2 12 5e 19 94 1c 89 6e ]..K...&..^....n
Start Time: 1704962704
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
Max Early Data: 0
QUIC: no
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 4985BB19FC67A27F29C3008615215967227BB30E1DA679D3BDDBD85FB3AD6D77
Session-ID-ctx:
Resumption PSK: 39D6AD6679795830565B3EE5EA2E7B975516EDBC58C580882E90F47CC467153AE661C4CBD6200B14AD929195F0561B1F
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - b6 de 28 5a 20 5d 0f e2-b4 71 14 d3 61 1c a5 cf ..(Z ]...q..a...
0010 - 76 65 9d 0c e6 6e 27 3a-02 d9 b5 d1 de a4 b6 71 ve...n':.......q
0020 - a5 e2 6e d1 be 52 81 d5-79 4a da 4d 84 91 a7 ae ..n..R..yJ.M....
0030 - 1c 32 ee f0 8a 10 23 f7-e8 72 62 a3 b8 59 67 04 .2....#..rb..Yg.
0040 - be 30 65 93 f0 7e 3d 2a-25 c1 f3 c3 59 06 64 4a .0e..~=*%...Y.dJ
0050 - 19 7d d1 76 8b 25 e1 ac-20 d3 f2 51 cf 00 8a 25 .}.v.%.. ..Q...%
0060 - d7 13 ac f7 d4 63 88 e9-f4 71 a0 79 8e b2 a0 cf .....c...q.y....
0070 - 39 11 a3 05 80 7b 1d a7-c4 b7 56 e3 6c e2 7b 5a 9....{....V.l.{Z
0080 - 1f b0 eb 18 aa 7c ca 4d-d2 cf 79 d7 12 8c 17 63 .....|.M..y....c
0090 - 7e 5c 27 b9 cb 8f 8b a9-15 fc 59 42 9f 79 c5 0b ~\'.......YB.y..
00a0 - be ba 53 f3 1f df cc b4-c0 13 1c 7c 0d a0 ac 2c ..S........|...,
00b0 - 1a 8c b6 2e 60 ca dc 81-8f 01 b8 49 12 a2 06 d5 ....`......I....
00c0 - 82 97 c0 09 9e 89 f5 1a-6b de ef 82 c9 62 9f d3 ........k....b..
Start Time: 1704962704
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
Max Early Data: 0
QUIC: no但现在一个问题是,我没找到如何验证服务端证书的方式,客户端无论是否设置证书,都是可以连通服务端的
tsCtx, err := tongsuosdk.NewCtx()
if err != nil {
return errors.Wrap(err, "new ctx")
}
// 如果设置了这行,那么就无论如何都无法握手
// tsCtx.SetVerifyMode(tongsuosdk.VerifyPeer)
// 如果是否有这行,客户端都能握手成功
if err = tsCtx.GetCertificateStore().LoadCertificatesFromPEM(parentPem); err != nil {
return errors.Wrap(err, "add cert")
}
fmt.Println("try dial...")
conn, err := tongsuosdk.Dial("tcp", "127.0.0.1:48271",
tsCtx, tongsuosdk.InsecureSkipHostVerification)
if err != nil {
return errors.Wrap(err, "dial")
}目前是只支持sm3吧,后续会支持sm2和sm4么
CI增加检测代码覆盖率
支持windows系统
增加windows CI
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.