/* * Copyright 2014-2026 The GmSSL Project. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the License); you may * not use this file except in compliance with the License. * * http://www.apache.org/licenses/LICENSE-2.0 */ "Examples\n" "\n" "Build with TLS 1.2, AES, and P-256 enabled\n" "\n" " cmake -S . -B build -DENABLE_TLS=ON -DENABLE_AES=ON -DENABLE_SECP256R1=ON\n" " cmake --build build\n" "\n" "Generate SM2 certificates for sm2.example.com\n" "\n" " gmssl sm2keygen -pass 1234 -out sm2rootcakey.pem\n" " gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN SM2ROOTCA -days 3650 \\\n" " -key sm2rootcakey.pem -pass 1234 -out sm2rootcacert.pem \\\n" " -key_usage keyCertSign -key_usage cRLSign -ca\n" "\n" " gmssl sm2keygen -pass 1234 -out sm2cakey.pem\n" " gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"SM2 Sub CA\" \\\n" " -key sm2cakey.pem -pass 1234 -out sm2careq.pem\n" " gmssl reqsign -in sm2careq.pem -days 365 -key_usage keyCertSign \\\n" " -cacert sm2rootcacert.pem -key sm2rootcakey.pem -pass 1234 \\\n" " -ca -path_len_constraint 0 -out sm2cacert.pem\n" "\n" " gmssl sm2keygen -pass 1234 -out sm2signkey.pem\n" " gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN sm2.example.com \\\n" " -key sm2signkey.pem -pass 1234 -out sm2signreq.pem\n" " gmssl reqsign -in sm2signreq.pem -days 365 -key_usage digitalSignature \\\n" " -cacert sm2cacert.pem -key sm2cakey.pem -pass 1234 \\\n" " -subject_dns_name sm2.example.com -out sm2signcert.pem\n" "\n" " cat sm2signcert.pem > sm2certs.pem\n" " cat sm2cacert.pem >> sm2certs.pem\n" "\n" "Generate P-256 certificates for p256.example.com\n" "\n" " gmssl p256keygen -pass 1234 -out p256rootcakey.pem -export p256rootcakey.exp\n" " gmssl certgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN P256ROOTCA -days 3650 \\\n" " -key p256rootcakey.pem -pass 1234 -out p256rootcacert.pem \\\n" " -key_usage keyCertSign -key_usage cRLSign -ca\n" "\n" " gmssl p256keygen -pass 1234 -out p256cakey.pem -export p256cakey.exp\n" " gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN \"P256 Sub CA\" \\\n" " -key p256cakey.pem -pass 1234 -out p256careq.pem\n" " gmssl reqsign -in p256careq.pem -days 365 -key_usage keyCertSign \\\n" " -cacert p256rootcacert.pem -key p256rootcakey.pem -pass 1234 \\\n" " -ca -path_len_constraint 0 -out p256cacert.pem\n" "\n" " gmssl p256keygen -pass 1234 -out p256signkey.pem -export p256signkey.exp\n" " gmssl reqgen -C CN -ST Beijing -L Haidian -O PKU -OU CS -CN p256.example.com \\\n" " -key p256signkey.pem -pass 1234 -out p256signreq.pem\n" " gmssl reqsign -in p256signreq.pem -days 365 -key_usage digitalSignature \\\n" " -cacert p256cacert.pem -key p256cakey.pem -pass 1234 \\\n" " -subject_dns_name p256.example.com -out p256signcert.pem\n" "\n" " cat p256signcert.pem > p256certs.pem\n" " cat p256cacert.pem >> p256certs.pem\n" "\n" " cat sm2rootcacert.pem > rootcacerts.pem\n" " cat p256rootcacert.pem >> rootcacerts.pem\n" "\n" "TLS 1.2 server with two certificate chains selected by SNI\n" "\n" " gmssl tls12_server -port 4430 \\\n" " -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n" " -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n" " -supported_group sm2p256v1 -supported_group prime256v1 \\\n" " -sig_alg sm2sig_sm3 -sig_alg ecdsa_secp256r1_sha256 \\\n" " -cert sm2certs.pem -key sm2signkey.pem -pass 1234 \\\n" " -cert p256certs.pem -key p256signkey.pem -pass 1234\n" "\n" "TLS 1.2 clients with SNI\n" "\n" " gmssl tls12_client -host 127.0.0.1 -port 4430 -server_name sm2.example.com \\\n" " -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n" " -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n" " -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n" " -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n" " -cacert rootcacerts.pem\n" "\n" " gmssl tls12_client -host 127.0.0.1 -port 4430 -server_name p256.example.com \\\n" " -cipher_suite TLS_ECDHE_SM4_CBC_SM3 \\\n" " -cipher_suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \\\n" " -supported_group sm2p256v1 -sig_alg sm2sig_sm3 \\\n" " -supported_group prime256v1 -sig_alg ecdsa_secp256r1_sha256 \\\n" " -cacert rootcacerts.pem\n" "\n"