双向认证时客户端证书验证报错

实验过程参考博客：https://blog.csdn.net/xiejianjun417/article/details/90768899

我按照步骤操作了一次，没有报你遇到的连接错误，下边是服务端接收到的前边部分数据：

root@3dc2c5b47628:/data/GmSSL/GmSSL-master/apps/demoCA# gmssl s_server -accept 443 -key Server.key -cert ServerCA.crt  -dkey Server.key -dcert ServerCA.crt -CAfile RootCA.crt -msg -debug -gmtls
Using default temp DH parameters
[GMTLS_DEBUG] set sm2 signing certificate
[GMTLS_DEBUG] set sm2 signing private key
[GMTLS_DEBUG] set sm2 signing certificate
[GMTLS_DEBUG] set sm2 signing private key
ACCEPT
read from 0x1a17070 [0x1a22693] (5 bytes => 5 (0x5))
0000 - 16 01 01 00 39                                    ....9
<<< ??? [length 0005]
    16 01 01 00 39
read from 0x1a17070 [0x1a22698] (57 bytes => 57 (0x39))
0000 - 01 00 00 35 01 01 eb 83-01 b3 21 40 fa 1d 0c 36   ...5......!@...6
0010 - ca 2f d6 3a da 11 54 7f-60 7f 71 6b 47 b2 89 31   ./.:..T.`.qkG..1
0020 - 29 a7 33 e3 3e ff 00 00-0e e0 17 e0 15 e0 13 e0   ).3.>...........
0030 - 11 e0 1a e0 19 00 ff 01-                          ........
0039 - <SPACES/NULS>
<<< GMTLS 1.1 [length 0039]
    01 00 00 35 01 01 eb 83 01 b3 21 40 fa 1d 0c 36
    ca 2f d6 3a da 11 54 7f 60 7f 71 6b 47 b2 89 31
    29 a7 33 e3 3e ff 00 00 0e e0 17 e0 15 e0 13 e0
    11 e0 1a e0 19 00 ff 01 00
ssl_get_algorithm2=0x08x
>>> ??? [length 0005]
    16 01 01 00 4a
>>> GMTLS 1.1 [length 004a]
    02 00 00 46 01 01 0a d3 58 bd c0 a2 c3 48 c3 18
    9a 8c 62 f1 50 9a ac 66 71 d6 3b 0b 2f bf 28 fd
    aa ea ab e3 d1 cb 20 4b 6c 24 4e 1a b0 76 d6 38
    61 8c e1 70 13 1c 5c 9b 20 03 a7 d5 1a 1d 64 1e
    53 0a 1a 73 e3 b7 6e e0 13 00
>>> ??? [length 0005]
    16 01 01 03 a0
>>> GMTLS 1.1 [length 03a0]
...
...
...

网上也有人遇到你这种错误，可能原因是：

本地计算机设有应用级或系统级防火墙
同一物理网络或上游网络中设有防火墙

guanzhi / GmSSL

双向认证时客户端证书验证报错 #960