通过https访问国密nginx报错的一些问题 #13
Comments
|
最近研究国密,也是这个问题,代码中有说明改下就行了,如下 |
多谢大佬,按照您的方案测试了一下,确实可以通过360浏览器访问了,不过通过https访问时error.log还是会输入一堆信息,这个有办法屏蔽和解决么,内容如下。 |
|
我遇到了一样的问题,注释代码后重新编译部署,没有得到解决 |
|
/tmp/nginx-gmsslv3/GmSSL/src/tls.c: 1681: tls_encrypt_send: recv all buffered data before send
|
环境清单 nginx-1.20.2,OpenSSL-Compatibility-Layer-main,GmSSL 3.1.2 Dev
按照步骤编译好nginx,并配置了国密证书。通过
gmssl tlcp_client -get / -host localhost -port 4443 -cacert rootcacert.pem进行访问时,可以正常显示nginx内容,但是nginx的error日志会打印出如下内容:
/root/gmssl/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
Connection Established!
/root/gmssl/GmSSL-master/src/tls.c: 1681: tls_encrypt_send: recv all buffered data before send
/root/gmssl/GmSSL-master/src/tls.c:1833:tls_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/gmssl/GmSSL-master/src/tls.c: 1681: tls_encrypt_send: recv all buffered data before send
/root/gmssl/GmSSL-master/src/tls.c:1833:tls_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
然后在奇安信浏览器,访问https时,浏览器显示 不受支持客户端和服务器不支持一般 SSL 协议版本或加密套件。然后在nginx error日志中显示
/root/gmssl/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/gmssl/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/gmssl/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/gmssl/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/gmssl/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/gmssl/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/gmssl/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/gmssl/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/gmssl/GmSSL-master/src/tls.c:1489:tls_record_send():
/root/gmssl/GmSSL-master/src/tls.c:1712:tls_encrypt_send():
/root/gmssl/GmSSL-master/src/tls.c:1833:tls_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
麻烦大佬抽空帮忙看下什么原因呢?
The text was updated successfully, but these errors were encountered: