本帖最后由 华尔兹兹 于 2016-2-2 16:16 编辑
错误如下:
SSL connect error.-188
ASN no signer error to confirm failure
解决方法:
CyaSSL takes a different approach to certificate verification than OpenSSL does. The default policy for the client is to verify the server, this means that if you don't load CAs to verify the server you'll get a connect error, no signer error to confirm failure (-188). If you want to mimic OpenSSL behavior of having SSL_connect succeed even if verifying the server fails and reducing security you can do this by calling:
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); 加载CA根证书去验证,可以从浏览器中导出你需要的证书格式,CyaSSL_CTX_load_verify_locations到程序里,只信任最高一级的根证书不足以验证通过。 目前在证书有效时间处理上还有些问题,我暂时注释掉了下面这段,处理好了再更新 /* if (badDate != 0)
return badDate;*/
补充有效时间的验证问题:校正下MCU的时间就可以了
|