【发布时间】:2016-01-27 15:03:11
【问题描述】:
我在嵌入式项目中使用带有 axTLS (http://sourceforge.net/projects/axtls/files/1.5.3/) 的 libCurl。
在编译 axTLS 时,我对 SSL 使用了以下配置:
#
# SSL Library
#
# CONFIG_SSL_SERVER_ONLY is not set
# CONFIG_SSL_CERT_VERIFICATION is not set
# CONFIG_SSL_ENABLE_CLIENT is not set
CONFIG_SSL_FULL_MODE=y
# CONFIG_SSL_SKELETON_MODE is not set
# CONFIG_SSL_PROT_LOW is not set
CONFIG_SSL_PROT_MEDIUM=y
# CONFIG_SSL_PROT_HIGH is not set
CONFIG_SSL_USE_DEFAULT_KEY=y
CONFIG_SSL_PRIVATE_KEY_LOCATION=""
CONFIG_SSL_PRIVATE_KEY_PASSWORD=""
CONFIG_SSL_X509_CERT_LOCATION=""
# CONFIG_SSL_GENERATE_X509_CERT is not set
CONFIG_SSL_X509_COMMON_NAME=""
CONFIG_SSL_X509_ORGANIZATION_NAME=""
CONFIG_SSL_X509_ORGANIZATION_UNIT_NAME=""
CONFIG_SSL_ENABLE_V23_HANDSHAKE=y
CONFIG_SSL_HAS_PEM=y
CONFIG_SSL_USE_PKCS12=y
CONFIG_SSL_EXPIRY_TIME=""
CONFIG_X509_MAX_CA_CERTS=""
CONFIG_SSL_MAX_CERTS=3
CONFIG_SSL_CTX_MUTEXING=y
CONFIG_USE_DEV_URANDOM=y
# CONFIG_WIN32_USE_CRYPTO_LIB is not set
CONFIG_OPENSSL_COMPATIBLE=y
# CONFIG_PERFORMANCE_TESTING is not set
# CONFIG_SSL_TEST is not set
CONFIG_AXTLSWRAP=y
CONFIG_AXHTTPD=y
当我尝试使用 HTTPS 下载文件时,我收到以下错误:
invalid digest: 2a 86 48 ce 3d 04 03 03
Error: Invalid X509 ASN.1 file (Unsupported digest)
invalid digest: 2a 86 48 ce 3d 04 03 03
Error: Invalid X509 ASN.1 file (Unsupported digest)
invalid digest: 2a 86 48 ce 3d 04 03 03
Error: Invalid X509 ASN.1 file (Unsupported digest)
invalid digest: 2a 86 48 ce 3d 04 03 03
Error: Invalid X509 ASN.1 file (Unsupported digest)
invalid digest: 2a 86 48 ce 3d 04 03 03
Error: Invalid X509 ASN.1 file (Unsupported digest)
invalid digest: 2a 86 48 ce 3d 04 03 03
Error: Invalid X509 ASN.1 file (Unsupported digest)
invalid digest: 2a 86 48 ce 3d 04 03 03
Error: Invalid X509 ASN.1 file (Unsupported digest)
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
Error: maximum number of CA certs added (150) - change of compile-time configuration required
为了初始化 Curl 的选项,我使用了以下代码:
curl_easy_setopt(curl_handle, CURLOPT_URL, MyURL);
curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0L);
curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYHOST, 0L);
curl_easy_setopt(curl_handle, CURLOPT_WRITEDATA, MyLocalFile);
curl_easy_setopt(curl_handle, CURLOPT_USERAGENT, "MyAgent");
curl_easy_perform(curl_handle);
这是非阻塞错误,但我的软件需要很长时间才能开始下载。但是当我使 CONFIG_SSL_GENERATE_X509_CERT=y 错误变成阻塞。
那么我该如何解决这个错误呢?
最好的问候,
【问题讨论】:
-
信息很清楚。
-
那么您能指导我解决问题吗?
-
更改 CONFIG_X509_MAX_CA_CERTS 看看会发生什么......