Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

请问 Config.Certificates 为啥需要两个秘钥对 #160

Open
CanYouGiveMeAName opened this issue May 19, 2022 · 2 comments
Open

请问 Config.Certificates 为啥需要两个秘钥对 #160

CanYouGiveMeAName opened this issue May 19, 2022 · 2 comments

Comments

@CanYouGiveMeAName
Copy link

CanYouGiveMeAName commented May 19, 2022
edited
Loading

go 的标准库只传一个秘钥对就行了,我看本工程的注释也是Certificates contains one or more certificate chains to present,但是我只放一个就报错说必须要两个以上。我想着跟之前的TLS兼容,尝试两个放一样的,但是报错tls: no cipher suite supported by both client and server,这两个秘钥对有什么要求么。没有看到相关的设计文档,所以想咨询一下,谢谢~

尝试运行测试用例credentials_test.go,也失败了,错误如下:

handshake error : x509: certificate has expired or is not yet valid
readHandshake error: remote error: tls: bad certificate
handshake error : remote error: tls: bad certificate
@czdsdo
Copy link
Collaborator

czdsdo commented May 23, 2022

国密TLS标准里要求要两对密钥,一对用于身份验证,一对用于加密解密信息。
标准库中的TLS只使用一对密钥,身份验证跟信息加解密用的同一对。

@CanYouGiveMeAName
Copy link
Author

国密TLS标准里要求要两对密钥,一对用于身份验证,一对用于加密解密信息。 标准库中的TLS只使用一对密钥,身份验证跟信息加解密用的同一对。

了解,多谢!那最近测试用例你们可以跑过么。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@czdsdo @CanYouGiveMeAName