OpenSSL gen RSA-des 3-out host . key 2048

Generate authority key

OpenSSL req-new-x509-days 7305-key host . key-out host . CRT

Generate a certificate for issuance

Openssl genrsa -des3 -out application. pem 1024

The company requesting authentication generates the private key.

OpenSSL RSA-in applier . PEM-out applier . key

Generate the decryption key applier.key corresponding to applier.pem

OpenSSL req-new-key applier . PEM-out applier . CSR

Certificate application for requesting authentication

OpenSSL ca-policy policy _ any-days 1460-cert host . CRT-keyfile host . key-in applier . CSR-out applier . CRT

Ca signs applier.csr and issues the certificate applier.crt

//Authentication environment

mkdir -p CA/newcerts

Touch CA/index.txt

Touch CA/serial.

Echo "0 1 ">CA/ sequence

Configuration of 2 Nginx

Server {

Listen 443 ssl default _ server

Index index.html index.htm;

Location/{

Root directory/root directory

}

Ssl open

SSL _ certificate/path/applier . CRT？ # Provide certificate

SSL _ certificate _ key/path/applier . key？ # Provide decryption private key

}

When accessing localhost directly through https protocol, the browser will shake hands with the server and receive a certificate message. Since the self-signed certificate is used in the experiment, the browser will prompt that the certificate is not trustworthy, and you can access it by adding it to exception. The certificate message sent by the server to the client contains the public key of the server certificate; After receiving the message segment, the client reads the public key of the server certificate from the corresponding position of the message segment and stores it in the relevant variable according to the protocol.

Use https protocol when establishing SSL secure connection with the website, that is, use https://ip:port/ for access. There is a handshake process between the browser and the Web server to complete authentication and key exchange, thus establishing a secure connection. The specific process is as follows:

1 The user browser sends its SSL session number, encryption setting parameters, session-related data and other necessary information to the server.

The server sends its SSL version number, encryption setting parameters, session-related data and other necessary information to the browser, and also sends the server's certificate to the browser. If the SSL configuration of the server needs to verify the identity of the user, the browser will also be requested to provide the user certificate.

The client checks the server certificate, and if the check fails, it prompts that SSL connection cannot be established. If successful, then continue. The client browser generates a pre-master key for the session, encrypts it with the server public key, and sends it to the server. If the server requests to identify the client, the client will sign some other data and send it to the server together with the client certificate.

If the server requires authentication of the client, please check whether the CA that signed the client certificate is trustworthy. If it is not in the trust list, please end this session. If the check passes, the server decrypts the received pre-master secret with its own private key, and uses it to generate the master secret of this session through some algorithms.

Both the client and the server use this master key to generate the session key (symmetric key) of this session. This session key is used for any message passed after the SSL handshake between the two parties. The main reason is that the computational complexity of symmetric encryption is more than one order of magnitude lower than that of asymmetric encryption, which can significantly improve the operation speed of both parties. ? The client informs the server that all messages sent thereafter are encrypted with this session key. And inform the server that the client has completed this SSL handshake. The server informs the client that all messages sent thereafter are encrypted with this session key. And notify the client server that this SSL handshake has been completed.

Initialization function of certificate:

void mbed TLS _ x509 _ CRT _ init(mbed TLS _ x509 _ CRT * CRT){

memset( crt，0，sizeof(mbed TLS _ x509 _ CRT))； }

Space release function of certificate

void mbed TLS _ x509 _ CRT _ free(mbed TLS _ x509 _ CRT * CRT)

Certificate structure:

Typedef structure mbedtls_x509_crt

{

Mbedtls _ x509 _ buf raw random data

Mbedtls _ x509 _ buf tbs symbol

Int version; version

mbedtls _ x509 _ buf serial？ Unique serial number issued by CA.

Mbedtls _ x509 _ buf sig _ oid signature algorithm, such as sha 1RSA *

Mbedtls _ x509 _ time valid _ from certificate validity start time

Mbedtls _ x509 _ time valid _ to certificate expiration time

Mbedtls _ pk _ context pk public key container

int ext _ types？ /* * & lt； A bit string containing the detected and parsed extension */

Int max _ pathlen maximum path length

Mbedtls _ x509 _ buf sig signature encrypted with private key

The name of mbedtls _ md _ type _ t sig _ md information digest generation algorithm. mbed TLS _ MD _ sha 256 mbed TLS _ PK _ type _ tsig _ PK； Signature encryption algorithm set name MBEDTLS_PK_RSA */

Struct mbedtls _ x509 _ crt * next pointer to the next certificate.

}

Handshake in Mbedtls:

Client function

int mbed TLS _ SSL _ handshake _ client _ step(mbed TLS _ SSL _ context * SSL)

The input parameter is ssl_context, which is the configuration parameter of secure connection, including handshake status, handshake parameters, session data, client ID and related callback entries.

The following program is extracted from ssl_tls.c file, and it can be seen that mbed has implemented the server and client respectively according to the macro definition.

# If defined (MBEDTLS_SSL_CLI_C)

if(SSL-& gt； conf->； Endpoint == MBEDTLS_SSL_IS_CLIENT)

ret = mbed TLS _ SSL _ handshake _ client _ step(SSL)；

#endif

# If defined (MBEDTLS_SSL_SRV_C)

if(SSL-& gt； conf->； Endpoint == MBEDTLS_SSL_IS_SERVER)

ret = mbed TLS _ SSL _ handshake _ server _ step(SSL)；

#endif

Client logic:

After the client initiates the clienthello request, the server returns the serverhello package and certificate (if the client has authentication requirements, it will send a certificate request package to request the client's certificate), and then the client begins to analyze whether the server certificate is valid and legal:

First, confirm whether certificate verification is needed, and judge whether SSL-& gt；; transform _ negotiate->； Password Suite _ Information Field

MBEDTLS _ KEY _ EXCHANGE _ ECJPAKE，

MBEDTLS_KEY_EXCHANGE_PSK，

MBEDTLS_KEY_EXCHANGE_DHE_PSK，

MBEDTLS_KEY_EXCHANGE_ECDHE_PSK

The above four psk encryption suites do not need certificate interaction, and the encryption suites that need certificates are as follows:

MBEDTLS_KEY_EXCHANGE_ECDHE_RSA，

mbed TLS _ KEY _ EXCHANGE _ ECD he _ ECD sa，

MBEDTLS_KEY_EXCHANGE_ECDH_RSA，

mbed TLS _ KEY _ EXCHANGE _ ECDH _ ECD sa，

Secondly, verify the validity of the certificate: mbedtls _ x509 _ CRT _ verify _ with _ profile is the verification function in x509_crt.c, and its input parameters are peer certificate, certificate chain, trusted ca list, authentication profile and authentication parameters of the session.

1. Compare whether the CN fields match, and if not, return the CN _ mismatch error-x509 _ memcasecmp function.

2. Check whether the key size and type are correct according to the configuration file. If it is not correct, the BAD_KEY error -x509 _ profile _ check _ key function will be returned.

3. Judge whether the issuer and the parent issuer (issuing chain) of the CA are credible-x509 _ CRT _ check _ parent function.

After verification, it will be judged whether the certificate uses EC key. If so, the function mbedtls_ssl_check_curve will be used to verify whether the elliptic curve is correct.