Статус: Активный участник
Группы: Участники
Зарегистрирован: 12.04.2020(UTC) Сообщений: 32 Откуда: Moscow
|
Добрый день. Прислали сертификат в файле, в нем следующее:
Цитата:$ /opt/cprocsp/bin/amd64/certmgr -list -file /tmp/nbki_2side_auth_2021.cer Certmgr 1.1 (c) "Crypto-Pro", 2007-2019. program for managing certificates, CRLs and stores ============================================================================= 1------- Issuer : E=vpnca@cryptopro.ru, C=RU, L=Moscow, O="LLC ""Crypto-Pro""", CN=CryptoPro VPN CA GOST 2012 Subject : E=..., OU=..., O=..., S=..., C=RU, CN=... Serial : 0x02...2A SHA1 Hash : 48...a2 SubjKeyID : bd...a7 Signature Algorithm : ГОСТ Р 34.11-2012/34.10-2012 256 бит PublicKey Algorithm : ГОСТ Р 34.10-2012 (512 bits) Not valid before : 16/08/2021 12:07:29 UTC Not valid after : 16/08/2022 12:17:29 UTC PrivateKey Link : No CA cert URL : http://vpnca.cryptopro.r...c27dc50e70c7e06aa7d7.crtCDP : http://cdp.cryptopro.ru/...c27dc50e70c7e06aa7d7.crlCDP : http://vpnca.cryptopro.r...c27dc50e70c7e06aa7d7.crlExtended Key Usage : 1.3.6.1.5.5.7.3.2 1.3.6.1.5.5.8.2.2 ============================================================================= [ErrorCode: 0x00000000]
Пробую сделать запрос через curl: Цитата:$ /opt/cprocsp/bin/amd64/curl -X POST https://reports.nbki.ru/products/B2BRequestServlet -d @/tmp/request.xml -cert /tmp/nbki_2side_auth_2021.cer -H "Content-Type: text/xml; charset=windows-1251" --output /tmp/response.xml.sign % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (58) Problem with the local SSL certificate curl: (3) <url> malformed Что нужно поправить, чтобы запрос проходил? Само соединение вроде без ошибок устанавливается:
Цитата:$ /opt/cprocsp/bin/amd64/csptestf -tlsc -v -server reports.nbki.ru -file products/B2BRequestServlet -nosave -savecert /tmp/result_02_test_server_connect.p7b 11 algorithms supported: Aglid Class OID [00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89) [01] 0x6631 0x6000 1.2.643.7.1.1.5.2.1 (ГОСТ Р 34.12-2015 Кузнечик CTR-ACPKM) [02] 0x6630 0x6000 1.2.643.7.1.1.5.1.1 (ГОСТ Р 34.12-2015 Магма CTR-ACPKM) [03] 0x801e 0x8000 1.2.643.2.2.3 (ГОСТ Р 34.11/34.10-2001) [04] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит) [05] 0x801f 0x8000 [06] 0x803d 0x8000 [07] 0x803c 0x8000 [08] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001) [09] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012) [10] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012) Cipher strengths: 256..256 Supported protocols: 0xa80: Transport Layer Security 1.0 client side Transport Layer Security 1.1 client side Transport Layer Security 1.2 client side dwProtocolMask: 0x800e2aaa Protocol version: 3.3 ClientHello: RecordLayer: TLS, Len: 114 SessionId: (empty) Cipher Suites: (ff 85) (00 81) (00 3d) (00 3c) (00 35) (00 2f) (00 0a) 119 bytes of handshake data sent 2896 bytes of handshake data received Handshake extra buffer: 326 bytes 9888 bytes of handshake data received 1448 bytes of handshake data received 1448 bytes of handshake data received 2896 bytes of handshake data received 1448 bytes of handshake data received Handshake extra buffer: 1065 bytes 1448 bytes of handshake data received 1448 bytes of handshake data received 1448 bytes of handshake data received 1448 bytes of handshake data received 1448 bytes of handshake data received 1448 bytes of handshake data received 1448 bytes of handshake data received 5792 bytes of handshake data received Handshake extra buffer: 604 bytes 19626 bytes of handshake data received Server requested new credentials!
Trying to create new credential Issuer 0: E=vpnca@cryptopro.ru, C=RU, L=Moscow, O="LLC ""Crypto-Pro""", CN=CryptoPro VPN CA GOST 2012 Issuer 1: E=cpca@cryptopro.ru, C=RU, L=Москва, O=ООО КРИПТО-ПРО, CN=УЦ KPИПTO-ПPO Issuer 2: E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012) Issuer 3: OGRN=1086168002205, INN=006168022453, C=RU, S=61 Ростовская область, L=г. Ростов-на-Дону, STREET="ул. Мильчакова, 5/2", O="ООО ""Кордон""", CN=ООО Кордон Issuer 4: OGRN=1031100402332, INN=001101460616, C=RU, S=11 Республика Коми, L=Сыктывкар, STREET=ул. Интернациональная д. 108 А, O="ГАУ РК ""ЦИТ""", CN="ГАУ РК ""ЦИТ"""
...
Issuer 142: E=info@most-info.ru, OGRN=1069659052760, INN=006659140843, C=RU, S=66 Свердловская область, L=Екатеринбург, STREET="улица Первомайская, дом 15, офис 1204", OU=Удостоверяющий центр, O="Общество с ограниченной ответственностью ""Мостинфо-Екатеринбург""", CN="Общество с ограниченной ответственностью ""Мостинфо-Екатеринбург""" Issuer 143: E=uc@omskportal.ru, OGRN=1195543017405, INN=005501196025, C=RU, S=55 Омская область, L=Омск, STREET="улица Красный Путь, дом 89, помещение 14П", OU=Отдел сопровождения удостоверяющего центра, O=Казенное учреждение Омской области «Государственное учреждение информационных технологий и телекоммуникаций», CN=ГУИТ Омской области Issuers: 144, Length: 53223 bytes
Client certificate: Subject: E=support@nbki.ru, C=RU, S=Регион, L=Город, O=ПАО Тестбанк, OU=0101BB, CN=Тестовый НБКИ - 2021 Valid : 22.07.2021 09:07:51 - 22.07.2026 09:17:51 (UTC) Issuer : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012) PrivKey: 22.07.2021 09:07:51 - 22.07.2022 09:07:51 (UTC)
new schannel credential created 11 algorithms supported: Aglid Class OID [00] 0x661e 0x6000 1.2.643.2.2.21 (ГОСТ 28147-89) [01] 0x6631 0x6000 1.2.643.7.1.1.5.2.1 (ГОСТ Р 34.12-2015 Кузнечик CTR-ACPKM) [02] 0x6630 0x6000 1.2.643.7.1.1.5.1.1 (ГОСТ Р 34.12-2015 Магма CTR-ACPKM) [03] 0x801e 0x8000 1.2.643.2.2.3 (ГОСТ Р 34.11/34.10-2001) [04] 0x8021 0x8000 1.2.643.7.1.1.2.2 (ГОСТ Р 34.11-2012 256 бит) [05] 0x801f 0x8000 [06] 0x803d 0x8000 [07] 0x803c 0x8000 [08] 0x2e23 0x2000 1.2.643.2.2.19 (ГОСТ Р 34.10-2001) [09] 0x2e49 0x2000 1.2.643.7.1.1.1.1 (ГОСТ Р 34.10-2012) [10] 0x2e3d 0x2000 1.2.643.7.1.1.1.2 (ГОСТ Р 34.10-2012) Cipher strengths: 256..256 Supported protocols: 0xa80: Transport Layer Security 1.0 client side Transport Layer Security 1.1 client side Transport Layer Security 1.2 client side dwProtocolMask: 0x800e2aaa 1774 bytes of handshake data sent 1742 bytes of handshake data received Handshake was successful SECPKG_ATTR_SESSION_INFO: Reuse: 0, SessionId: SECPKG_ATTR_CONNECTION_INFO: Protocol: 800 SECPKG_ATTR_CIPHER_INFO: Protocol: 800, Suite: FF85 (TLS_GOSTR341112_256_WITH_28147_CNT_IMIT) SECPKG_ATTR_CIPHER_INFO: Cipher: (GOST 28147-89), Len: 256, BlockLen: 1 SECPKG_ATTR_CIPHER_INFO: Hash: (GR 34.11-2012 256), Len: 256 SECPKG_ATTR_CIPHER_INFO: Exchange: (GOST DH 34.10-2012 256), MinLen: 512, MaxLen: 512 SECPKG_ATTR_CIPHER_INFO: Certificate: (GR 34.10-2012 256), KeyType: 0 SECPKG_ATTR_NAMES: E=support@nbki.ru, C=RU, S=Moscow, L=Moscow, O=OJSC National Bureau of Credit Histories, OU=IT, CN=icrs.nbki.ru SECPKG_ATTR_PACKAGE_INFO# fCapabilities: 0x107B3 SECPKG_ATTR_PACKAGE_INFO# wVersion: 1 SECPKG_ATTR_PACKAGE_INFO# wRPCID: 65535 SECPKG_ATTR_PACKAGE_INFO# cbMaxToken: 16379 SECPKG_ATTR_PACKAGE_INFO# Name: CryptoPro SSP SECPKG_ATTR_PACKAGE_INFO# Comment: CryptoPro Security Package
Server certificate: Subject: E=support@nbki.ru, C=RU, S=Moscow, L=Moscow, O=OJSC National Bureau of Credit Histories, OU=IT, CN=icrs.nbki.ru Valid : 23.06.2021 07:36:10 - 23.06.2022 07:46:10 (UTC) Issuer : E=cpca@cryptopro.ru, C=RU, S=Москва, L=Москва, O="ООО ""КРИПТО-ПРО""", CN=УЦ КРИПТО-ПРО (ГОСТ 2012) PrivKey: 23.06.2021 07:36:09 - 23.06.2022 07:36:09 (UTC)
Protocol: TLS 1.2 Cipher: 0x661e Cipher strength: 256 Hash: 0x8021 Hash strength: 256 Key exchange: 0xaa47 Key exchange strength: 512 Supported signatures: (ee ee) (ef ef) (ed ed) (01 02)
Header: 5, Trailer: 4, MaxMessage: 16384
HTTP request: GET /products/B2BRequestServlet HTTP/1.1 User-Agent: Webclient Accept:*/* Host: reports.nbki.ru Connection: close
Sending plaintext: 121 bytes 139 bytes of application data sent 1448 bytes of (encrypted) application data received Decrypted data: 377 bytes Extra data: 1062 bytes 1195 bytes of (encrypted) application data received Decrypted data: 2223 bytes Extra data: 25 bytes Decrypted data: 2 bytes Extra data: 14 bytes Decrypted data: 5 bytes 11 bytes of (encrypted) application data received Context expired: OK if file is completely downloaded Reply status: HTTP/1.1 200 200 Sending Close Notify 11 bytes of handshake data sent 1 connections, 2607 bytes in 1.774 seconds; Total: SYS: 0,010 sec USR: 0,170 sec UTC: 1,880 sec [ErrorCode: 0x00000000]
И я не понимаю, как csptestf указать, какой клиентский сертификат использовать (для случая, когда сертификат в файле, а не установлен в контейнер)? В выводе команды csptestf указан клиентский тестовый сертификат. Команда его как-то выбрала. А я могу указать, с каким именно сертификатом проводить проверку соединения?
|