STM32Cube_FW_F7 SSL 客户端 mbedTLS FATAL_ALERT

Posted

技术标签:

【中文标题】STM32Cube_FW_F7 SSL 客户端 mbedTLS FATAL_ALERT【英文标题】:STM32Cube_FW_F7 SSL client mbedTLS FATAL_ALERT 【发布时间】:2021-07-23 14:17:21 【问题描述】:

我正在尝试在我的 IoT 项目中实现 SSL 客户端。我已将在 STM32Cube_FW_F7_V1.15.0 中找到的 SSL_Client 示例复制到我的项目中,并且能够成功编译。但是 SSL 握手失败并显示 -0x7780 MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE。我附上控制台调试输出:

    . Seeding the random number generator... ok
    . Loading the CA root certificate ... ok (1 skipped)
    . Connecting to tcp/www.google.de/443... ok
    . Setting up the SSL/TLS structure... ok
    . Performing the SSL/TLS handshake...=> handshake
  client state: 0
  => flush output
  <= flush output
  client state: 1
  => flush output
  <= flush output
  => write client hello
  client hello, max version: [3:3]
  dumping 'client hello, random bytes' (32 bytes)
  0000:  88 d9 c4 b1 4f 82 ef a2 74 80 5c 6e 3f c4 29 ca  ....O...t.\n?.).
  0010:  a4 8d 61 2b f6 37 ec 93 39 cb 7d d0 39 5a 67 9b  ..a+.7..9..9Zg.
  client hello, session id len.: 0
  dumping 'client hello, session id' (0 bytes)
  client hello, add ciphersuite: c02b
  client hello, add ciphersuite: c031
  client hello, add ciphersuite: c02d
  client hello, add ciphersuite: 00a8
  client hello, got 4 ciphersuites (excluding SCSVs)
  adding EMPTY_RENEGOTIATION_INFO_SCSV
  client hello, compress len.: 1
  client hello, compress alg.: 0
  client hello, adding server name extension: mbed TLS Server 1
  client hello, adding signature_algorithms extension
  client hello, adding supported_elliptic_curves extension
  client hello, adding supported_point_formats extension
  client hello, adding encrypt_then_mac extension
  client hello, adding extended_master_secret extension
  client hello, total extension length: 62
  => write handshake message
  => write record
  output record: msgtype = 22, version = [3:3], msglen = 117
  dumping 'output record sent to network' (122 bytes)
  0000:  16 03 03 00 75 01 00 00 71 03 03 88 d9 c4 b1 4f  ....u...q......O
  0010:  82 ef a2 74 80 5c 6e 3f c4 29 ca a4 8d 61 2b f6  ...t.\n?.)...a+.
  0020:  37 ec 93 39 cb 7d d0 39 5a 67 9b 00 00 0a c0 2b  7..9..9Zg.....+
  0030:  c0 31 c0 2d 00 a8 00 ff 01 00 00 3e 00 00 00 16  .1.-.......>....
  0040:  00 14 00 00 11 6d 62 65 64 20 54 4c 53 20 53 65  .....mbed TLS Se
  0050:  72 76 65 72 20 31 00 0d 00 0a 00 08 04 03 04 01  rver 1..........
  0060:  03 03 03 01 00 0a 00 04 00 02 00 17 00 0b 00 02  ................
  0070:  01 00 00 16 00 00 00 17 00 00                    ..........
  => flush output
  message length: 122, out_left: 122
  ssl->f_send() returned 122 (-0xffffff86)
  <= flush output
  <= write record
  <= write handshake message
  <= write client hello
  client state: 2
  => flush output
  <= flush output
  => parse server hello
  => read record
  => fetch input
  in_left: 0, nb_want: 5
  in_left: 0, nb_want: 5
  ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
  <= fetch input
  dumping 'input record header' (5 bytes)
  0000:  15 03 03 00 02                                   .....
  input record: msgtype = 21, version = [3:3], msglen = 2
  => fetch input
  in_left: 5, nb_want: 7
  in_left: 5, nb_want: 7
  ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)
  <= fetch input
  dumping 'input record from network' (7 bytes)
  0000:  15 03 03 00 02 02 28                             ......(
  got an alert message, type: [2:40]
  is a fatal alert message (msg 40)
  mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
  mbedtls_ssl_read_record() returned -30592 (-0x7780)
  <= handshake
   failed
    ! mbedtls_ssl_handshake returned -0x7780

感谢每一个正确方向的提示。

【问题讨论】:

【参考方案1】:

客户端你好,添加服务器扩展名:mbed TLS Server 1

客户端使用SNI 扩展来表示它想与mbed TLS Server 1 交谈。 www.google.de 的 443 端口上的服务器可以响应为 www.google.degoogle.de 和一堆其他 Google 控制的名称,但它确实知道 mbed TLS Server 1,因此它发送一个致命警报,表明它无法完成握手。

您可以按原样使用示例客户端与源代码应位于其旁边的示例服务器通信。要联系其他服务器,您需要更改或删除对mbedtls_ssl_set_hostname 的调用。

【讨论】:

谢谢!我能够继续前进,但现在有一个新问题***.com/questions/68112910/…

以上是关于STM32Cube_FW_F7 SSL 客户端 mbedTLS FATAL_ALERT的主要内容,如果未能解决你的问题,请参考以下文章

STM32Cube_FW_F4_V1.16.0固件库文件配置

STM32 CubeMX 学习:001-GPIO的使用

STM32CubeIDE 中的 CMSIS DSP

浅析STM32之usbh_def.H

STM32CubeMX第八篇之DMA

STM32CubeMX第八篇之DMA