mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-05-06 16:36:16 +08:00
Update TLCP to state machine
This commit is contained in:
Zhi Guan
@@ -46,8 +46,32 @@ static const char *help =
|
||||
" gmssl tlcp_client -host www.pbc.gov.cn -get / -outcerts certs.pem\n"
|
||||
"\n"
|
||||
" gmssl tlcp_client -host www.pbc.gov.cn -port 443\n"
|
||||
"\n"
|
||||
"Examples\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out rootcakey.pem\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
" gmssl sm2keygen -pass 1234 -out cakey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"Sub CA\" -key cakey.pem -pass 1234 -out careq.pem\n"
|
||||
" gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out signkey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem\n"
|
||||
" gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out enckey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem\n"
|
||||
" gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem\n"
|
||||
"\n"
|
||||
" cat signcert.pem > double_certs.pem\n"
|
||||
" cat enccert.pem >> double_certs.pem\n"
|
||||
" cat cacert.pem >> double_certs.pem\n"
|
||||
"\n"
|
||||
" sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234\n"
|
||||
" gmssl tlcp_client -host 127.0.0.1 -cacert rootcacert.pem\n"
|
||||
"\n";
|
||||
|
||||
|
||||
int tlcp_client_main(int argc, char *argv[])
|
||||
{
|
||||
int ret = -1;
|
||||
|
||||
@@ -20,6 +20,40 @@
|
||||
|
||||
static const char *options = "[-port num] -cert file -key file [-pass str] -ex_key file [-ex_pass str] [-cacert file]";
|
||||
|
||||
|
||||
static const char *help =
|
||||
"Options\n"
|
||||
"\n"
|
||||
" -port num Listening port number, default 443\n"
|
||||
" -cert file Server's certificate chain in PEM format\n"
|
||||
" -key file Server's encrypted private key in PEM format\n"
|
||||
" -pass str Password to decrypt private key\n"
|
||||
" -cacert file CA certificate for client certificate verification\n"
|
||||
"\n"
|
||||
"Examples\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out rootcakey.pem\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 -key rootcakey.pem -pass 1234 -out rootcacert.pem -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
" gmssl sm2keygen -pass 1234 -out cakey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"Sub CA\" -key cakey.pem -pass 1234 -out careq.pem\n"
|
||||
" gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -ca -path_len_constraint 0 -cacert rootcacert.pem -key rootcakey.pem -pass 1234 -out cacert.pem\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out signkey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem\n"
|
||||
" gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out enckey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key enckey.pem -pass 1234 -out encreq.pem\n"
|
||||
" gmssl reqsign -in encreq.pem -days 365 -key_usage keyEncipherment -cacert cacert.pem -key cakey.pem -pass 1234 -out enccert.pem\n"
|
||||
"\n"
|
||||
" cat signcert.pem > double_certs.pem\n"
|
||||
" cat enccert.pem >> double_certs.pem\n"
|
||||
" cat cacert.pem >> double_certs.pem\n"
|
||||
"\n"
|
||||
" sudo gmssl tlcp_server -port 443 -cert double_certs.pem -key signkey.pem -pass 1234 -ex_key enckey.pem -ex_pass 1234\n"
|
||||
" gmssl tlcp_client -host 127.0.0.1 -cacert rootcacert.pem\n"
|
||||
"\n";
|
||||
|
||||
int tlcp_server_main(int argc , char **argv)
|
||||
{
|
||||
int ret = 1;
|
||||
@@ -55,6 +89,7 @@ int tlcp_server_main(int argc , char **argv)
|
||||
while (argc > 0) {
|
||||
if (!strcmp(*argv, "-help")) {
|
||||
printf("usage: %s %s\n", prog, options);
|
||||
printf("%s\n", help);
|
||||
return 0;
|
||||
} else if (!strcmp(*argv, "-port")) {
|
||||
if (--argc < 1) goto bad;
|
||||
|
||||
@@ -25,6 +25,40 @@ static const char *http_get =
|
||||
|
||||
static const char *options = "-host str [-port num] [-cacert file] [-cert file -key file -pass str]";
|
||||
|
||||
static const char *help =
|
||||
"Options\n"
|
||||
"\n"
|
||||
" -host str Server's hostname\n"
|
||||
" -port num Server's port number, default 443\n"
|
||||
" -cacert file Root CA certificate\n"
|
||||
" -cert file Client's certificate chain in PEM format\n"
|
||||
" -key file Client's encrypted private key in PEM format\n"
|
||||
" -pass str Password to decrypt private key\n"
|
||||
"\n"
|
||||
"Examples\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out rootcakey.pem\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 \\\n"
|
||||
" -key rootcakey.pem -pass 1234 -out rootcacert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out cakey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"Sub CA\" \\\n"
|
||||
" -key cakey.pem -pass 1234 -out careq.pem\n"
|
||||
" gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -cacert rootcacert.pem -key rootcakey.pem -pass 1234 \\\n"
|
||||
" -out cacert.pem -ca -path_len_constraint 0\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out signkey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem\n"
|
||||
" gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem\n"
|
||||
"\n"
|
||||
" cat signcert.pem > certs.pem\n"
|
||||
" cat cacert.pem >> certs.pem\n"
|
||||
"\n"
|
||||
" sudo gmssl tls12_server -port 4430 -cert certs.pem -key signkey.pem -pass 1234\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4430 -cacert rootcacert.pem\n"
|
||||
"\n";
|
||||
|
||||
int tls12_client_main(int argc, char *argv[])
|
||||
{
|
||||
int ret = -1;
|
||||
@@ -53,6 +87,7 @@ int tls12_client_main(int argc, char *argv[])
|
||||
while (argc >= 1) {
|
||||
if (!strcmp(*argv, "-help")) {
|
||||
printf("usage: %s %s\n", prog, options);
|
||||
printf("%s\n", help);
|
||||
return 0;
|
||||
} else if (!strcmp(*argv, "-host")) {
|
||||
if (--argc < 1) goto bad;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2014-2022 The GmSSL Project. All Rights Reserved.
|
||||
* Copyright 2014-2026 The GmSSL Project. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the License); you may
|
||||
* not use this file except in compliance with the License.
|
||||
@@ -20,6 +20,40 @@
|
||||
|
||||
static const char *options = "[-port num] -cert file -key file -pass str [-cacert file]";
|
||||
|
||||
static const char *help =
|
||||
"Options\n"
|
||||
"\n"
|
||||
" -port num Listening port number, default 443\n"
|
||||
" -cert file Server's certificate chain in PEM format\n"
|
||||
" -key file Server's encrypted private key in PEM format\n"
|
||||
" -pass str Password to decrypt private key\n"
|
||||
" -cacert file CA certificate for client certificate verification\n"
|
||||
"\n"
|
||||
"Examples\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out rootcakey.pem\n"
|
||||
" gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN ROOTCA -days 3650 \\\n"
|
||||
" -key rootcakey.pem -pass 1234 -out rootcacert.pem \\\n"
|
||||
" -key_usage keyCertSign -key_usage cRLSign -ca\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out cakey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"Sub CA\" \\\n"
|
||||
" -key cakey.pem -pass 1234 -out careq.pem\n"
|
||||
" gmssl reqsign -in careq.pem -days 365 -key_usage keyCertSign -cacert rootcacert.pem -key rootcakey.pem -pass 1234 \\\n"
|
||||
" -out cacert.pem -ca -path_len_constraint 0\n"
|
||||
"\n"
|
||||
" gmssl sm2keygen -pass 1234 -out signkey.pem\n"
|
||||
" gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN localhost -key signkey.pem -pass 1234 -out signreq.pem\n"
|
||||
" gmssl reqsign -in signreq.pem -days 365 -key_usage digitalSignature -cacert cacert.pem -key cakey.pem -pass 1234 -out signcert.pem\n"
|
||||
"\n"
|
||||
" cat signcert.pem > certs.pem\n"
|
||||
" cat cacert.pem >> certs.pem\n"
|
||||
"\n"
|
||||
" sudo gmssl tls12_server -port 4430 -cert certs.pem -key signkey.pem -pass 1234\n"
|
||||
" gmssl tls12_client -host 127.0.0.1 -port 4430 -cacert rootcacert.pem\n"
|
||||
"\n";
|
||||
|
||||
|
||||
int tls12_server_main(int argc , char **argv)
|
||||
{
|
||||
int ret = 1;
|
||||
@@ -52,6 +86,7 @@ int tls12_server_main(int argc , char **argv)
|
||||
while (argc > 0) {
|
||||
if (!strcmp(*argv, "-help")) {
|
||||
printf("usage: %s %s\n", prog, options);
|
||||
printf("%s\n", help);
|
||||
return 0;
|
||||
} else if (!strcmp(*argv, "-port")) {
|
||||
if (--argc < 1) goto bad;
|
||||
|
||||
Reference in New Issue
Block a user