abc/GmSSL
1
0
Fork 0
mirror of https://github.com/guanzhi/GmSSL.git synced 2026-06-19 19:33:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update TLS command tools

Browse Source
This commit is contained in:
Zhi Guan
2026-06-11 22:54:59 +08:00
parent 5c34316d3d
commit 0951d4c764
5 changed files with 126 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tools/tls12_client.c
View File

@@ -39,7 +39,7 @@ static const char *help =
" -key file Client's encrypted private key in PEM format\n"
" -pass str Password to decrypt private key\n"
" -client_cert_optional Allow client send empty Certificate\n"
" -server_name Send server_name (SNI) request\n"
" -server_name str Send server_name (SNI) request\n"
" -status_request Send status_request (OCSP Stapling) request\n"
"\n"
#include "tls12_help.h"
@@ -63,6 +63,7 @@ int tls12_client_main(int argc, char *argv[])
char *keyfile = NULL;
char *pass = NULL;
int client_cert_optional = 0;
char *server_name = NULL;
TLS_CTX ctx;
TLS_CONNECT conn;
struct hostent *hp;
@@ -151,6 +152,9 @@ int tls12_client_main(int argc, char *argv[])
} else if (!strcmp(*argv, "-pass")) {
if (--argc < 1) goto bad;
pass = *(++argv);
} else if (!strcmp(*argv, "-server_name")) {
if (--argc < 1) goto bad;
server_name = *(++argv);
} else if (!strcmp(*argv, "-client_cert_optional")) {
client_cert_optional = 1;
} else {
@@ -158,7 +162,7 @@ int tls12_client_main(int argc, char *argv[])
return 1;
bad:
fprintf(stderr, "%s: option '%s' argument required\n", prog, *argv);
return 0;
return 1;
}
argc--;
argv++;
@@ -230,6 +234,13 @@ bad:
goto end;
}
if (server_name) {
if (tls_set_server_name(&conn, (uint8_t *)server_name, strlen(server_name)) != 1) {
error_print();
goto end;
}
}
if (tls_socket_create(&sock, AF_INET, SOCK_STREAM, 0) != 1) {
fprintf(stderr, "%s: faild to open socket\n", prog);
goto end;

93
tools/tls12_help.h
View File

@@ -9,24 +9,85 @@
"Examples\n"
"\n"
" gmssl sm2keygen -pass 1234 -out rootcakey.pem\n"
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 \\\n"
" -key rootcakey.pem -pass 1234 -out rootcacert.pem \\\n"
"Build with TLS 1.2, AES, and P-256 enabled\n"
"\n"
" cmake -S . -B build -DENABLE_TLS=ON -DENABLE_AES=ON -DENABLE_SECP256R1=ON\n"
" cmake --build build\n"
"\n"
"Generate SM2 certificates for sm2.example.com\n"
"\n"
" gmssl sm2keygen -pass 1234 -out sm2rootcakey.pem\n"
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN SM2ROOTCA -days 3650 \\\n"
" -key sm2rootcakey.pem -pass 1234 -out sm2rootcacert.pem \\\n"
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
"\n"
" gmssl sm2keygen -pass 1234 -out cakey.pem\n"
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"Sub CA\" \\\n"
" -key cakey.pem -pass 1234 -out careq.pem\n"
" gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -cacert rootcacert.pem -key rootcakey.pem -pass 1234 \\\n"
" -out cacert.pem -ca -path_len_constraint 0\n"
" gmssl sm2keygen -pass 1234 -out sm2cakey.pem\n"
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"SM2 Sub CA\" \\\n"
" -key sm2cakey.pem -pass 1234 -out sm2careq.pem\n"
" gmssl reqsign -in sm2careq.pem -days 365 -key_usage keyCertSign \\\n"
" -cacert sm2rootcacert.pem -key sm2rootcakey.pem -pass 1234 \\\n"
" -ca -path_len_constraint 0 -out sm2cacert.pem\n"
"\n"
" gmssl sm2keygen -pass 1234 -out signkey.pem\n"
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem\n"
" gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem\n"
" gmssl sm2keygen -pass 1234 -out sm2signkey.pem\n"
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN sm2.example.com \\\n"
" -key sm2signkey.pem -pass 1234 -out sm2signreq.pem\n"
" gmssl reqsign -in sm2signreq.pem -days 365 -key_usage digitalSignature \\\n"
" -cacert sm2cacert.pem -key sm2cakey.pem -pass 1234 \\\n"
" -subject_dns_name sm2.example.com -out sm2signcert.pem\n"
"\n"
" cat signcert.pem > certs.pem\n"
" cat cacert.pem >> certs.pem\n"
" cat sm2signcert.pem > sm2certs.pem\n"
" cat sm2cacert.pem >> sm2certs.pem\n"
"\n"
"Generate P-256 certificates for p256.example.com\n"
"\n"
" gmssl p256keygen -pass 1234 -out p256rootcakey.pem -export p256rootcakey.exp\n"
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN P256ROOTCA -days 3650 \\\n"
" -key p256rootcakey.pem -pass 1234 -out p256rootcacert.pem \\\n"
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
"\n"
" gmssl p256keygen -pass 1234 -out p256cakey.pem -export p256cakey.exp\n"
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"P256 Sub CA\" \\\n"
" -key p256cakey.pem -pass 1234 -out p256careq.pem\n"
" gmssl reqsign -in p256careq.pem -days 365 -key_usage keyCertSign \\\n"
" -cacert p256rootcacert.pem -key p256rootcakey.pem -pass 1234 \\\n"
" -ca -path_len_constraint 0 -out p256cacert.pem\n"
"\n"
" gmssl p256keygen -pass 1234 -out p256signkey.pem -export p256signkey.exp\n"
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN p256.example.com \\\n"
" -key p256signkey.pem -pass 1234 -out p256signreq.pem\n"
" gmssl reqsign -in p256signreq.pem -days 365 -key_usage digitalSignature \\\n"
" -cacert p256cacert.pem -key p256cakey.pem -pass 1234 \\\n"
" -subject_dns_name p256.example.com -out p256signcert.pem\n"
"\n"
" cat p256signcert.pem > p256certs.pem\n"
" cat p256cacert.pem >> p256certs.pem\n"
"\n"
" cat sm2rootcacert.pem > rootcacerts.pem\n"
" cat p256rootcacert.pem >> rootcacerts.pem\n"
"\n"
"TLS 1.2 server with two certificate chains selected by SNI\n"
"\n"
" gmssl tls12_server -port 4430 \\\n"
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
" -supported_group sm2p256v1 -supported_group prime256v1 \\\n"
" -sig_alg sm2sig_sm3 -sig_alg ecdsa_secp256r1_sha256 \\\n"
" -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n"
" -cert p256certs.pem -key p256signkey.pem -pass 1234\n"
"\n"
"TLS 1.2 clients with SNI\n"
"\n"
" gmssl tls12_client -host 127.0.0.1 -port 4430 -server_name sm2.example.com \\\n"
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
" -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
" -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
" -cacert rootcacerts.pem\n"
"\n"
" gmssl tls12_client -host 127.0.0.1 -port 4430 -server_name p256.example.com \\\n"
" -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n"
" -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n"
" -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
" -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
" -cacert rootcacerts.pem\n"
"\n"
" gmssl tls12_server -port 4430 -cert certs.pem -key signkey.pem -pass 1234\n"
" gmssl tls12_client -host 127.0.0.1 -port 4430 -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 -cacert rootcacert.pem\n"

11
tools/tls13_client.c
View File

@@ -44,7 +44,7 @@ static const char *help =
" -cert file Client's certificate chain in PEM format\n"
" -key file Client's encrypted private key in PEM format\n"
" -pass str Password to decrypt private key\n"
" -server_name Send server_name (SNI) request\n"
" -server_name str Send server_name (SNI) request\n"
" -signature_algorithms_cert Send signature_algorithms_cert extension\n"
" -certificate_authorities Send certificate_authorities extension\n"
" -status_request Send status_request (OCSP Stapling) request\n"
@@ -112,7 +112,7 @@ int tls13_client_main(int argc, char *argv[])
size_t sig_algs_cnt = 0;
// server_name
int server_name = 0;
char *server_name = NULL;
// certificate_authorities
int certificate_authorities = 0;
@@ -213,7 +213,8 @@ int tls13_client_main(int argc, char *argv[])
if (--argc < 1) goto bad;
pass = *(++argv);
} else if (!strcmp(*argv, "-server_name")) {
server_name = 1;
if (--argc < 1) goto bad;
server_name = *(++argv);
} else if (!strcmp(*argv, "-signature_algorithms_cert")) {
signature_algorithms_cert = 1;
} else if (!strcmp(*argv, "-certificate_authorities")) {
@@ -326,7 +327,7 @@ int tls13_client_main(int argc, char *argv[])
return 1;
bad:
fprintf(stderr, "%s: option '%s' argument required\n", prog, *argv);
return 0;
return 1;
}
argc--;
argv++;
@@ -463,7 +464,7 @@ bad:
}
if (server_name) {
if (tls_set_server_name(&conn, (uint8_t *)host, strlen(host)) != 1) {
if (tls_set_server_name(&conn, (uint8_t *)server_name, strlen(server_name)) != 1) {
error_print();
goto end;
}

10
tools/tls13_help.h
View File

@@ -98,13 +98,13 @@
" gmssl tls13_server -port 4430 \\\n"
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
" -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n"
" -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256\n"
" -cert p256certs.pem -key p256signkey.pem -pass 1234 \\\n"
" -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
" -cert p256certs.pem -key p256signkey.pem -pass 1234\n"
"\n"
" gmssl tls13_client -host 127.0.0.1 -port 4430 -cacert rootcacerts.pem \\\n"
" -cipher_suite TLS_SM4_GCM_SM3 -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n"
" -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256\n"
" -server_name\n"
" -cipher_suite TLS_AES_128_GCM_SHA256 -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n"
" -server_name 127.0.0.1\n"
"\n"
"HelloRetryRequest\n"
"\n"
@@ -130,7 +130,7 @@
" -supported_group sm2p256v1 -supported_group prime256v1 \\\n"
" -sig_alg sm2sig_sm3 -sig_alg ecdsa_secp256r1_sha256 \\\n"
" -max_key_exchanges 2 \\\n"
" -server_name \\\n"
" -server_name 127.0.0.1 \\\n"
" -signature_algorithms_cert \\\n"
" -status_request \\\n"
" -post_handshake_auth \\\n"