libhv
libhv copied to clipboard
ithewei
ADD : Read ssl certificate from chain file
It was necessary to deploy http server with ssl, but the certificate that was used was a chain of certificates. Libhv read only the first one. Added the ability to read a chain of certificates
Before:
> openssl s_client -connect 10.23.18.4:9092
CONNECTED(00000003)
Can't use SSL_get_servername
depth=0 C = US, ST = Florida, L = Jacksonville, O = SomeOrg, emailAddress = [email protected], CN = thedomain.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = Florida, L = Jacksonville, O = SomeOrg, emailAddress = [email protected], CN = thedomain.com
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 C = US, ST = Florida, L = Jacksonville, O = SomeOrg, emailAddress = [email protected], CN = thedomain.com
verify return:1
---
Certificate chain
0 s:C = US, ST = Florida, L = Jacksonville, O = SomeOrg, emailAddress = [email protected], CN = thedomain.com
i:CN = my.root
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 30 08:54:21 2024 GMT; NotAfter: Jan 12 08:54:21 2026 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDgzCCAmugAwIBAgIUe5uJWDlkUMS2wc+xsiHeI1M0sQMwDQYJKoZIhvcNAQEL
BQAwEjEQMA4GA1UEAwwHbXkucm9vdDAeFw0yNDA4MzAwODU0MjFaFw0yNjAxMTIw
ODU0MjFaMH8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRUwEwYDVQQH
DAxKYWNrc29udmlsbGUxEDAOBgNVBAoMB1NvbWVPcmcxHTAbBgkqhkiG9w0BCQEW
DnNvbWVAZW1haWwuY29tMRYwFAYDVQQDDA10aGVkb21haW4uY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08C64iNkZ0SljtuCQgqqAN7kZN3CqyMp
t4xQXsJXvIjlPlCr+Remjo2knnwBjQWutVzhQgzXbtZXNBfHh36yfYF9y/DBeetm
iSAa02Vkxi+NTlb9PzNExIiPR4UEHz1XZ+LZmvIkpPgT3x0irw+p7lali2wBRcgx
BN3PxUE3JAUefi1/AMXI2LnuYoA4l1ltZ6tnUezVX23Co/92KX4gOn8OCRdDrHlp
P15mCVgXtJVg4ieeFrKOZ/bAD1n+lRHahcfuSr/Pj/PTkizCNQs003rjENANbrKF
TMoUvjs6KtBd79Wmnp0IcobHVjTwO4iFWZMS2yRnovjS6h9LcYmk6wIDAQABo2Qw
YjAgBgNVHREEGTAXgg9vdGhlcmRvbWFpbi5jb22HBAECAwQwHQYDVR0OBBYEFNV2
0iqsF3OMXi9gbzEMNiLs88QLMB8GA1UdIwQYMBaAFPLdu4Vz8FkSzxhX11c8syQ0
YMN1MA0GCSqGSIb3DQEBCwUAA4IBAQB2EdKCnu0NrTw9CPszqO8eg1sHisKcXQBy
dSsc311iEyXhaTwWKvOKAsJ4yKGwXaLPBuIj7cBhYPOIOOnA1DJ2cGi6XnOsuNga
HOVGFEXiNTp7V2ibh13f7a0rk0TxnvuduLJ8zoUoB+g8qdI3y94CsgKQ+1gArQfS
hPd+rSwFM5PDXtLdSDBWGe6lJFzgsrXFWYDDN+rOQ180CK114X5EGQJpuy4LwelJ
z4eUpqqQ1wupvEgQgelMivA+yZsXV4mRijlVdh/pHrsDdc3zGf2qlkn8olQgPOBh
/P0q9XsP6rg4Aw74vucbGhj78KbMssPDWBvyh0F76kKdePOJ5J4S
-----END CERTIFICATE-----
subject=C = US, ST = Florida, L = Jacksonville, O = SomeOrg, emailAddress = [email protected], CN = thedomain.com
issuer=CN = my.root
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 1459 bytes and written 373 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 629C3064F349B59121DAD5600BD9762D5E5B68EA0D310EFBECA4AC356A74B549
Session-ID-ctx:
Resumption PSK: E05581C9B8AC52EFA0D092026A9FFE4907114B6DDDF9B704A44715572953EAD21A58A54D5D5BA775762D7A84CE829172
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 5b 79 fa c8 a2 ee 0c a8-60 f5 54 e3 b5 bb 3d 68 [y......`.T...=h
0010 - 97 e0 76 9e 1b 84 22 cd-f4 b4 21 e8 98 54 cc 62 ..v..."...!..T.b
0020 - b7 13 93 d5 f7 f5 62 fc-d5 74 0e c5 15 88 cf 33 ......b..t.....3
0030 - d7 78 80 98 0d 28 f1 1a-eb 6c e5 18 10 96 82 f6 .x...(...l......
0040 - e4 5d 2f fe 98 5c a8 c0-94 85 af e2 6b ee a5 b3 .]/..\......k...
0050 - 01 aa f3 2d 4b 7c b0 81-9e 4f bc 99 32 dd cb 10 ...-K|...O..2...
0060 - d6 f0 9c 24 32 98 5b 86-d9 65 cf 11 7f de 6f db ...$2.[..e....o.
0070 - 61 33 d8 16 0f 70 53 b9-db 29 e5 97 b1 16 aa 13 a3...pS..)......
0080 - 93 33 02 0b 0e fe 86 a2-cc 71 c1 1c fe 13 87 9a .3.......q......
0090 - 8b ec e9 45 5c 26 42 87-11 15 15 b2 6b 84 5d c1 ...E\&B.....k.].
00a0 - fd 60 9a 47 38 35 12 f2-4a 9c 6f 8d 62 96 60 41 .`.G85..J.o.b.`A
00b0 - 32 d1 c7 0a 13 ee a3 b4-2b 23 41 41 28 b9 56 25 2.......+#AA(.V%
00c0 - 52 08 2f 03 0d 40 3b 68-29 3c 21 20 ab b0 96 0f R./..@;h)<! ....
Start Time: 1725016271
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: D778D3ECDCCDBC8684998C689204B6E3D3EB037F6C07B53FBA85BBD0A9771044
Session-ID-ctx:
Resumption PSK: 543A0AF7EB25C799E92B1A071458E006B17BEA0DB5BCBB90AA610D5DE4DB2B168EFE1997EC4E214262CC147741C76578
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 5b 79 fa c8 a2 ee 0c a8-60 f5 54 e3 b5 bb 3d 68 [y......`.T...=h
0010 - 67 64 91 a1 69 34 bc 01-4d 61 16 5f 18 4a 02 37 gd..i4..Ma._.J.7
0020 - ac b4 f1 be 84 92 c3 36-4c 1e 42 5a 7d 66 8e 52 .......6L.BZ}f.R
0030 - 89 a2 eb c2 87 ab a5 32-2a a6 2b fc e9 6f 1e 7e .......2*.+..o.~
0040 - 55 bf db 20 af 38 a4 8b-fb a5 11 54 8c f6 44 7e U.. .8.....T..D~
0050 - 06 87 d6 e8 28 8a 0e f2-d2 a9 83 10 47 d6 e7 20 ....(.......G..
0060 - 69 23 11 39 16 7d 8e 9e-21 ea e7 38 a9 62 e2 05 i#.9.}..!..8.b..
0070 - b8 2c 50 04 19 28 6a 84-18 ac 9a 10 8a 16 da a8 .,P..(j.........
0080 - 0b 59 2b 74 54 12 36 b2-cc 31 ef 80 ad 23 fb 8b .Y+tT.6..1...#..
0090 - 5d ba 9b 3e bf a9 62 6f-75 58 59 27 21 86 9a 39 ]..>..bouXY'!..9
00a0 - 8d 92 e3 78 e3 60 a8 40-c9 14 a1 5d 32 1c 91 9d ...x.`.@...]2...
00b0 - 44 f0 32 c4 b4 d6 61 0f-cc ef 91 26 6a a2 e9 af D.2...a....&j...
00c0 - e4 13 f3 34 c4 15 6a be-79 67 09 d2 4b 17 81 6f ...4..j.yg..K..o
Start Time: 1725016272
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no
Max Early Data: 0
---
After:
openssl s_client -connect 10.23.18.4:19999
CONNECTED(00000003)
Can't use SSL_get_servername
depth=1 CN = my.root
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 CN = my.root
verify return:1
depth=0 C = US, ST = Florida, L = Jacksonville, O = SomeOrg, emailAddress = [email protected], CN = thedomain.com
verify return:1
---
Certificate chain
0 s:C = US, ST = Florida, L = Jacksonville, O = SomeOrg, emailAddress = [email protected], CN = thedomain.com
i:CN = my.root
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 30 08:54:21 2024 GMT; NotAfter: Jan 12 08:54:21 2026 GMT
1 s:CN = my.root
i:CN = my.root
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Aug 30 08:54:21 2024 GMT; NotAfter: Sep 29 08:54:21 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDgzCCAmugAwIBAgIUe5uJWDlkUMS2wc+xsiHeI1M0sQMwDQYJKoZIhvcNAQEL
BQAwEjEQMA4GA1UEAwwHbXkucm9vdDAeFw0yNDA4MzAwODU0MjFaFw0yNjAxMTIw
ODU0MjFaMH8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdGbG9yaWRhMRUwEwYDVQQH
DAxKYWNrc29udmlsbGUxEDAOBgNVBAoMB1NvbWVPcmcxHTAbBgkqhkiG9w0BCQEW
DnNvbWVAZW1haWwuY29tMRYwFAYDVQQDDA10aGVkb21haW4uY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08C64iNkZ0SljtuCQgqqAN7kZN3CqyMp
t4xQXsJXvIjlPlCr+Remjo2knnwBjQWutVzhQgzXbtZXNBfHh36yfYF9y/DBeetm
iSAa02Vkxi+NTlb9PzNExIiPR4UEHz1XZ+LZmvIkpPgT3x0irw+p7lali2wBRcgx
BN3PxUE3JAUefi1/AMXI2LnuYoA4l1ltZ6tnUezVX23Co/92KX4gOn8OCRdDrHlp
P15mCVgXtJVg4ieeFrKOZ/bAD1n+lRHahcfuSr/Pj/PTkizCNQs003rjENANbrKF
TMoUvjs6KtBd79Wmnp0IcobHVjTwO4iFWZMS2yRnovjS6h9LcYmk6wIDAQABo2Qw
YjAgBgNVHREEGTAXgg9vdGhlcmRvbWFpbi5jb22HBAECAwQwHQYDVR0OBBYEFNV2
0iqsF3OMXi9gbzEMNiLs88QLMB8GA1UdIwQYMBaAFPLdu4Vz8FkSzxhX11c8syQ0
YMN1MA0GCSqGSIb3DQEBCwUAA4IBAQB2EdKCnu0NrTw9CPszqO8eg1sHisKcXQBy
dSsc311iEyXhaTwWKvOKAsJ4yKGwXaLPBuIj7cBhYPOIOOnA1DJ2cGi6XnOsuNga
HOVGFEXiNTp7V2ibh13f7a0rk0TxnvuduLJ8zoUoB+g8qdI3y94CsgKQ+1gArQfS
hPd+rSwFM5PDXtLdSDBWGe6lJFzgsrXFWYDDN+rOQ180CK114X5EGQJpuy4LwelJ
z4eUpqqQ1wupvEgQgelMivA+yZsXV4mRijlVdh/pHrsDdc3zGf2qlkn8olQgPOBh
/P0q9XsP6rg4Aw74vucbGhj78KbMssPDWBvyh0F76kKdePOJ5J4S
-----END CERTIFICATE-----
subject=C = US, ST = Florida, L = Jacksonville, O = SomeOrg, emailAddress = [email protected], CN = thedomain.com
issuer=CN = my.root
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2241 bytes and written 373 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 19 (self-signed certificate in certificate chain)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: DC5712A2DC5A9448CC03F272BEB01ABB1BE1A0802013FC1D5991AEB6952B08D4
Session-ID-ctx:
Resumption PSK: DB6FC8EDB8B409D218DC10C2B1343955C3DB8D9200106FAC6DD373638D68EBEB716F65934AB834C17F836A9CC2A63238
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - ed cc a9 c8 1d 36 85 25-dd 43 0f 9b 8d 3d b2 5c .....6.%.C...=.\
0010 - 78 89 dd 1f 9c c2 b2 b1-fb fd 17 23 64 89 a5 6a x..........#d..j
0020 - 48 25 dd 99 c9 8a d6 96-76 66 57 15 9e 6d 1d 1a H%......vfW..m..
0030 - 9e 2c cd 71 dc 58 c4 76-8c c0 40 8d a7 f3 01 d9 .,.q.X.v..@.....
0040 - b5 46 20 53 6a ae 0f 05-66 24 0e c2 00 42 82 51 .F Sj...f$...B.Q
0050 - 7f b1 8f a5 f6 0d 2c 94-32 de ad a8 e5 a1 a3 8e ......,.2.......
0060 - 2c 21 bd 26 8b 8e 90 ea-bd c3 cc c4 aa 13 eb 25 ,!.&...........%
0070 - ca 9e 2c 95 93 db 05 99-5f 5b 46 74 16 19 89 9a ..,....._[Ft....
0080 - c3 61 20 c4 4e 27 f0 9f-48 e3 d2 3c 44 88 9b 0a .a .N'..H..<D...
0090 - 62 46 2f 1f b9 39 29 13-da a0 73 9f 9f d4 43 a9 bF/..9)...s...C.
00a0 - 63 a0 e2 7b ad e8 f3 3a-f8 a4 4b ec ab ec 47 b4 c..{...:..K...G.
00b0 - de ad df cb 0b 85 9d 1f-3d 14 79 d4 2d 2b 5f dd ........=.y.-+_.
00c0 - 2c d6 fc 39 fe 49 4a ca-27 c2 92 d3 66 58 29 54 ,..9.IJ.'...fX)T
Start Time: 1725016440
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: F9A7469D4C8F955C5F7F0153E53A1412E9A22BC234A74810DF401AF682DC97FD
Session-ID-ctx:
Resumption PSK: 38A585DD58BD951B8A174C601960BF9E3A4A13295FFBBC0C62490194C74B47552340D684B7355ABD9A8CC8100CCA68D6
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - ed cc a9 c8 1d 36 85 25-dd 43 0f 9b 8d 3d b2 5c .....6.%.C...=.\
0010 - cf 77 91 34 f2 81 93 eb-f3 73 3c 91 cd 77 ef 63 .w.4.....s<..w.c
0020 - e4 fa 7e fb 4a 8f 93 29-fa d4 31 1d d6 96 01 f4 ..~.J..)..1.....
0030 - e2 b4 f7 81 c5 fa e8 89-c4 fa 50 57 1b 52 24 b2 ..........PW.R$.
0040 - 5e 08 0e e4 fb 31 2a f8-bd 47 8e c3 b4 a2 1a e6 ^....1*..G......
0050 - 07 d6 3c 57 1f 37 d0 20-c5 ee 96 f2 ec 56 de 28 ..<W.7. .....V.(
0060 - 81 fb f2 97 0b 5b 09 00-35 82 a6 a1 9b cd 9d fd .....[..5.......
0070 - d3 54 d7 c5 86 c8 0c 26-f1 f9 82 35 cd 3d e2 11 .T.....&...5.=..
0080 - e2 07 50 82 c2 79 6b 56-c5 f7 65 c3 98 0f 18 6a ..P..ykV..e....j
0090 - 6b c8 34 5a cf a1 8f b1-e2 6f c9 b2 a1 72 ff f9 k.4Z.....o...r..
00a0 - cc 64 ff e9 8d 09 06 29-1d 1e 1d ae f7 48 5a b8 .d.....).....HZ.
00b0 - 23 a8 20 ec aa 4f 17 51-ce 99 76 55 06 e6 12 ba #. ..O.Q..vU....
00c0 - b1 ae 10 cf b8 99 b3 63-66 a9 17 36 ba d6 29 82 .......cf..6..).
Start Time: 1725016440
Timeout : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
Used certificates Cert.zip
