通过https访问国密nginx报错的一些问题

[aishang0139]

环境清单 nginx-1.20.2，OpenSSL-Compatibility-Layer-main，GmSSL 3.1.2 Dev
按照步骤编译好nginx，并配置了国密证书。通过
gmssl tlcp_client -get / -host localhost -port 4443 -cacert rootcacert.pem进行访问时，可以正常显示nginx内容，但是nginx的error日志会打印出如下内容：
/root/gmssl/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
Connection Established!
/root/gmssl/GmSSL-master/src/tls.c: 1681: tls_encrypt_send: recv all buffered data before send
/root/gmssl/GmSSL-master/src/tls.c:1833:tls_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/gmssl/GmSSL-master/src/tls.c: 1681: tls_encrypt_send: recv all buffered data before send
/root/gmssl/GmSSL-master/src/tls.c:1833:tls_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():

然后在奇安信浏览器，访问https时，浏览器显示 不受支持客户端和服务器不支持一般 SSL 协议版本或加密套件。然后在nginx error日志中显示
/root/gmssl/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/gmssl/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/gmssl/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/gmssl/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/gmssl/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/gmssl/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/gmssl/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/gmssl/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/gmssl/GmSSL-master/src/tls.c:1489:tls_record_send():
/root/gmssl/GmSSL-master/src/tls.c:1712:tls_encrypt_send():
/root/gmssl/GmSSL-master/src/tls.c:1833:tls_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():

麻烦大佬抽空帮忙看下什么原因呢？

[elizax]

最近研究国密，也是这个问题，代码中有说明改下就行了，如下
src/tlcp.c文件， tlcp_do_accept函数 676行，屏蔽掉错误就行了
if (exts) {
// 忽略客户端扩展错误可以兼容错误的TLCP客户端实现
// error_print();
// tls_send_alert(conn, TLS_alert_unexpected_message);
// goto end;
}

[aishang0139]

最近研究国密，也是这个问题，代码中有说明改下就行了，如下 src/tlcp.c文件， tlcp_do_accept函数 676行，屏蔽掉错误就行了 if (exts) { // 忽略客户端扩展错误可以兼容错误的TLCP客户端实现 // error_print(); // tls_send_alert(conn, TLS_alert_unexpected_message); // goto end; }

多谢大佬，按照您的方案测试了一下，确实可以通过360浏览器访问了，不过通过https访问时error.log还是会输入一堆信息，这个有办法屏蔽和解决么，内容如下。
/root/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/GmSSL-master/src/tls.c:647:tls_record_get_handshake():
/root/GmSSL-master/src/tls.c:1212:tls_record_get_handshake_client_key_exchange_pke():
/root/GmSSL-master/src/tlcp.c:815:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/GmSSL-master/src/tls.c:1489:tls_record_send():
/root/GmSSL-master/src/tls.c:1712:tls_encrypt_send():
/root/GmSSL-master/src/tls.c:1833:tls_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/GmSSL-master/src/tlcp.c:649:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/GmSSL-master/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/root/GmSSL-master/src/tls.c:647:tls_record_get_handshake():
/root/GmSSL-master/src/tls.c:1212:tls_record_get_handshake_client_key_exchange_pke():
/root/GmSSL-master/src/tlcp.c:815:tlcp_do_accept():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:516:SSL_do_handshake():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/GmSSL-master/src/tls.c:1489:tls_record_send():
/root/GmSSL-master/src/tls.c:1712:tls_encrypt_send():
/root/GmSSL-master/src/tls.c:1833:tls_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():
/root/OpenSSL-Compatibility-Layer-main/src/ssl.c:586:SSL_shutdown():

[xbwold]

我遇到了一样的问题，注释代码后重新编译部署，没有得到解决

[xbwold]

访问nginx error.log日志：
Connection Established!

/tmp/nginx-gmsslv3/GmSSL/src/tls.c: 1681: tls_encrypt_send: recv all buffered data before send
/tmp/nginx-gmsslv3/GmSSL/src/tls.c:1833:tls_shutdown():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/GmSSL/src/tls.c: 1681: tls_encrypt_send: recv all buffered data before send
/tmp/nginx-gmsslv3/GmSSL/src/tls.c:1833:tls_shutdown():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():

访问nginx error.log日志：
/tmp/nginx-gmsslv3/GmSSL/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/tmp/nginx-gmsslv3/GmSSL/src/tlcp.c:649:tlcp_do_accept():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:516:SSL_do_handshake():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/GmSSL/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/tmp/nginx-gmsslv3/GmSSL/src/tlcp.c:649:tlcp_do_accept():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:516:SSL_do_handshake():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/GmSSL/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/tmp/nginx-gmsslv3/GmSSL/src/tlcp.c:649:tlcp_do_accept():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:516:SSL_do_handshake():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/GmSSL/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/tmp/nginx-gmsslv3/GmSSL/src/tlcp.c:649:tlcp_do_accept():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:516:SSL_do_handshake():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/GmSSL/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/tmp/nginx-gmsslv3/GmSSL/src/tlcp.c:649:tlcp_do_accept():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:516:SSL_do_handshake():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/GmSSL/src/tls.c: 2336: tls_set_socket: socket in non-blocking mode
/tmp/nginx-gmsslv3/GmSSL/src/tlcp.c:649:tlcp_do_accept():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:516:SSL_do_handshake():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():
/tmp/nginx-gmsslv3/OpenSSL-Compatibility-Layer/src/ssl.c:586:SSL_shutdown():