Closed ghost closed 2 years ago
sftcd
commented
2 years ago Hiya,
I'm guessing you just need to set an environment variable. If you look into the echcli.sh script, you'll see that you need to set $CODETOP to your build directory, e.g.
$ CODETOP=$HOME/openssl ./echcli.sh
ghost
commented
2 years ago Hello, I tried that but unfortunately it is still the same.
-------- Original Message -------- On Oct. 15, 2021, 13:24, sftcd wrote:
Hiya, I'm guessing you just need to set an environment variable. If you look into the echcli.sh script, you'll see that you need to set $CODETOP to your build directory, e.g.
$ CODETOP=$HOME/openssl ./echcli.sh
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
sftcd
commented
2 years ago Could it be that you built the master branch maybe? (Rather than the ECH-draft-13a branch)
ghost
commented
2 years ago No. I ran git status and it says
"On branch ECH-draft-13a"
I am absolutely sure I didn't build the wrong branch
Maybe some upstream changes were made but I don't know
-------- Original Message -------- On Oct. 15, 2021, 13:34, sftcd wrote:
Could it be that you built the master branch maybe? (Rather than the ECH-draft-13a branch)
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
sftcd
commented
2 years ago odd, I just built a version here in $HOME/openssl and it worked fine
sftcd
commented
2 years ago ah, I've reproduced it here, lemme check
sftcd
commented
2 years ago Looks like you're not getting the HTTPS RR for cloudflare - the script uses dig for that so maybe you don't have that installed or something?
sftcd
commented
2 years ago To check the above try see do you get the same as this:
$ dig TYPE65 crypto.cloudflare.com
; <<>> DiG 9.16.8-Ubuntu <<>> TYPE65 crypto.cloudflare.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52497
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;crypto.cloudflare.com. IN TYPE65
;; ANSWER SECTION:
crypto.cloudflare.com. 82 IN TYPE65 \# 134 0001000001000302683200040008A29F874FA29F884F000500480046 FE0D0042BE0020002039959AD0058B86C2FB71B0E03B072A6D73E6C2 DDBE6F2613B392D6D85F1687690004000100010013636C6F7564666C 6172652D65736E692E636F6D00000006002026064700000700000000 0000A29F874F260647000007000000000000A29F884F
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 15 21:49:15 IST 2021
;; MSG SIZE rcvd: 196Yes, I got the same
-------- Original Message -------- On Oct. 15, 2021, 13:50, sftcd wrote:
To check the above try see do you get the same as this:
$ dig TYPE65 crypto.cloudflare.com
; <<>> DiG 9.16.8-Ubuntu <<>> TYPE65 crypto.cloudflare.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52497 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;crypto.cloudflare.com. IN TYPE65
;; ANSWER SECTION: crypto.cloudflare.com. 82 IN TYPE65 # 134 0001000001000302683200040008A29F874FA29F884F000500480046 FE0D0042BE0020002039959AD0058B86C2FB71B0E03B072A6D73E6C2 DDBE6F2613B392D6D85F1687690004000100010013636C6F7564666C 6172652D65736E692E636F6D00000006002026064700000700000000 0000A29F874F260647000007000000000000A29F884F
;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Oct 15 21:49:15 IST 2021 ;; MSG SIZE rcvd: 196
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
sftcd
commented
2 years ago hmm, maybe uncomment the set -x at the top echcli.sh and the post the output of $ CODETOP=$HOME/openssl ./echcli.sh -d
ghost
commented
2 years ago + : /Users/david/openssl
+ export LD_LIBRARY_PATH=/Users/david/openssl
+ LD_LIBRARY_PATH=/Users/david/openssl
+ : /Users/david/code/openssl
+ VG=no
+ DEBUG=no
+ NOECH=no
+ GREASE=no
+ GSUITE=0x20,1,1
+ GSUITESET=no
+ GTYPE=65037
+ DEFALPNVAL='-alpn inner,secret,http/1.1 -alpn-outer outer,public,h2'
+ DOALPN=yes
+ PORT=443
+ SUPPLIEDPORT=
+ HTTPPATH=
+ SUPPLIEDSERVER=
+ SUPPLIEDHIDDEN=
+ SUPPLIEDPNO=
+ SUPPLIEDECH=
+ SUPPLIEDCADIR=
+ SUPPLIEDSESSION=
+ REUSINGSESSION=no
+ HIDDEN=crypto.cloudflare.com
+ DEFFRAG=/cdn-cgi/trace
+ PNO=
+ CAPATH=/etc/ssl/certs/
+ CAFILE=./cadir/oe.csr
+ REALCERT=no
+ CIPHERSUITES=
+ SELECTED=
+ IGNORE_CID=no
+ EARLY_DATA=no
++ whenisitagain
++ /bin/date -u +%Y%m%d-%H%M%S
+ NOW=20211015-205924
+ echo 'Running ./echcli.sh at 20211015-205924'
Running ./echcli.sh at 20211015-205924
++ /usr/bin/getopt -s bash -o C:c:def:gGhH:IjnNp:P:rs:S:t:v -l choose:,clear_sni:,debug,early,filepath:,grease,greasesuite,help,hidden:,ignore_cid,just,noech,noalpn,port:,echpub:,realcert,server:,session:,gtype:,valgrind --
+ options=' -- bash -o C:c:def:gGhH:IjnNp:P:rs:S:t:v -l choose:,clear_sni:,debug,early,filepath:,grease,greasesuite,help,hidden:,ignore_cid,just,noech,noalpn,port:,echpub:,realcert,server:,session:,gtype:,valgrind --'
+ eval set -- ' -- bash -o C:c:def:gGhH:IjnNp:P:rs:S:t:v -l choose:,clear_sni:,debug,early,filepath:,grease,greasesuite,help,hidden:,ignore_cid,just,noech,noalpn,port:,echpub:,realcert,server:,session:,gtype:,valgrind --'
++ set -- -- bash -o C:c:def:gGhH:IjnNp:P:rs:S:t:v -l choose:,clear_sni:,debug,early,filepath:,grease,greasesuite,help,hidden:,ignore_cid,just,noech,noalpn,port:,echpub:,realcert,server:,session:,gtype:,valgrind --
+ '[' 7 -gt 0 ']'
+ case "$1" in
+ shift
+ break
+ hidden=crypto.cloudflare.com
+ [[ '' != '' ]]
+ TRACING=
++ mktemp
+ tmpf=/var/folders/4x/rsx335ks4gs8xfw9mr4f1ff80000gn/T/tmp.XyLyF3wf
+ /Users/david/openssl/apps/openssl s_client -help
++ grep -c 'trace output of protocol messages' /var/folders/4x/rsx335ks4gs8xfw9mr4f1ff80000gn/T/tmp.XyLyF3wf
+ tcount=1
+ [[ 1 == \1 ]]
+ TRACING='-trace '
+ rm -f /var/folders/4x/rsx335ks4gs8xfw9mr4f1ff80000gn/T/tmp.XyLyF3wf
+ dbgstr=' '
+ [[ no == \y\e\s ]]
+ vgcmd=
+ [[ no == \y\e\s ]]
+ [[ '' != '' ]]
+ snioutercmd=' '
+ [[ '' != '' ]]
+ [[ '' != '' ]]
+ target=' -connect crypto.cloudflare.com:443 '
+ server=crypto.cloudflare.com
+ [[ '' != '' ]]
+ selstr=
+ [[ '' != '' ]]
+ ciphers=
+ [[ no == \n\o ]]
+ [[ no == \n\o ]]
+ [[ '' != '' ]]
+ qname=crypto.cloudflare.com
+ [[ 443 != '' ]]
+ [[ 443 != \4\4\3 ]]
++ dig +short -t TYPE65 crypto.cloudflare.com
++ cut -f 3- '-d '
++ tail -1
++ sed -e 's/ //g'
++ sed -e 'N;s/\n//'
+ ECH=' -svcb '
+ [[ -svcb == '' ]]
+ [[ no == \n\o ]]
+ [[ no == \n\o ]]
+ [[ -svcb == '' ]]
+ grease_str=' -ech_grease -ech_grease_type=65037'
+ [[ no == \y\e\s ]]
+ ignore_str=' '
+ [[ no == \y\e\s ]]
+ echstr='-servername crypto.cloudflare.com -svcb '
+ [[ no == \y\e\s ]]
+ [[ no == \y\e\s ]]
+ [[ no == \y\e\s ]]
+ [[ no == \n\o ]]
+ [[ crypto.cloudflare.com != \N\O\N\E ]]
+ echstr=' -servername crypto.cloudflare.com -svcb '
+ [[ '' == \y\e\s ]]
+ httphost=crypto.cloudflare.com
+ [[ no == \y\e\s ]]
+ httpreq='GET / HTTP/1.1\r\nConnection: close\r\nHost: crypto.cloudflare.com\r\n\r\n'
+ [[ crypto.cloudflare.com != \l\o\c\a\l\h\o\s\t ]]
+ certsdb=' -CApath /etc/ssl/certs/'
+ force13='-no_ssl3 -no_tls1 -no_tls1_1 -no_tls1_2'
+ session=
+ [[ '' != '' ]]
+ alpn=
+ [[ no == \n\o ]]
+ [[ yes == \y\e\s ]]
+ [[ no == \n\o ]]
+ alpn='-alpn inner,secret,http/1.1 -alpn-outer outer,public,h2'
++ mktemp /tmp/echtestXXXX
+ TMPF=/tmp/echtesttUJx
+ earlystr=
+ [[ no == \y\e\s ]]
+ [[ no == \y\e\s ]]
+ sleepaftr=2
+ [[ no == \y\e\s ]]
+ [[ no == \y\e\s ]]
+ [[ no == \y\e\s ]]
+ echo -e 'GET / HTTP/1.1\r\nConnection: close\r\nHost: crypto.cloudflare.com\r\n\r\n'
+ sleep 2
+ /Users/david/openssl/apps/openssl s_client -CApath /etc/ssl/certs/ -no_ssl3 -no_tls1 -no_tls1_1 -no_tls1_2 -connect crypto.cloudflare.com:443 -servername crypto.cloudflare.com -svcb -alpn inner,secret,http/1.1 -alpn-outer outer,public,h2
++ grep -c '200 OK' /tmp/echtesttUJx
+ c200=0
++ grep -c 'ECH: success' /tmp/echtesttUJx
+ csucc=0
++ grep -ce '^HTTP/1.1 4[0-9][0-9] ' /tmp/echtesttUJx
+ c4xx=0
+ [[ no == \y\e\s ]]
+ [[ no == \y\e\s ]]
++ grep -c 'ECH: success' /tmp/echtesttUJx
+ goodresult=0
+ echo './echcli.sh Summary: '
./echcli.sh Summary:
++ grep 'ECH: ' /tmp/echtesttUJx
+ allresult=
+ rm -f /tmp/echtesttUJx
+ (( 0 > 0 ))
+ [[ no != \y\e\s ]]
+ [[ no != \y\e\s ]]
+ echo 'Bummer - probably didn'\''t work'
Bummer - probably didn't work
+ res=1
+ echo
+ exit 1Thanks. Looks like there's no output from dig when run from within the script. Not sure why that might be. You should see something like:
++ dig +short -t TYPE65 crypto.cloudflare.com
++ tail -1
++ cut -f 3- '-d '
++ sed -e 's/ //g'
++ sed -e 'N;s/\n//'
+ ECH=' -svcb 0001000001000302683200040008A29F874FA29F884F000500480046FE0D00428A0020002041B972673F20CC4FF510046DCD91A7A36D428408FEBAD6FD9AFEAF07CDEAEC0D0004000100010013636C6F7564666C6172652D65736E692E636F6D000000060020260647000007000000000000A29F874F260647000007000000000000A29F884F'
+ [[ -svcb 0001000001000302683200040008A29F874FA29F884F000500480046FE0D00428A0020002041B972673F20CC4FF510046DCD91A7A36D428408FEBAD6FD9AFEAF07CDEAEC0D0004000100010013636C6F7564666C6172652D65736E692E636F6D000000060020260647000007000000000000A29F874F260647000007000000000000A29F884F == '' ]]
(btw - I'll add a check for this to the script once we figure it out)
ghost
commented
2 years ago I found the problem - I tried the commands together by using pipe
like dig +short -t TYPE65 crypto.cloudflare.com | tail -1 | cut -f 3- '-d ' | sed -e 's/ //g' | sed -e 'N;s/\n//'
However after running this
sed -e 'N;s/\n//'
And I removed that
the output was 0001000001000302683200040008A29F874FA29F884F000500480046FE0D00428A0020002041B972673F20CC4FF510046DCD91A7A36D428408FEBAD6FD9AFEAF07CDEAEC0D0004000100010013636C6F7564666C6172652D65736E692E636F6D000000060020260647000007000000000000A29F874F260647000007000000000000A29F884F
The output suddenly becomes nothing!
sftcd
commented
2 years ago yay! maybe different versions of sed or something?
$ sed --version
sed (GNU sed) 4.7
...TBH - I forget how I even figured out those sed params;-) But we can probably find something that works.
ghost
commented
2 years ago yay! maybe different versions of sed or something?
$ sed --version sed (GNU sed) 4.7 ...TBH - I forget how I even figured out those sed params;-) But we can probably find something that works.
That is the problem!
I am not using GNU sed. I am using macOS built in sed
and sed --version only outputs invalid option
sftcd
commented
2 years ago I think you should get away with just not doing that last sed command in most cases (or maybe all, who knows;-) that works here anyway for cloudflare and my servers. I'd have to think a bit to figure out what it's even needed for
ghost
commented
2 years ago To make sure, I will test with the Homebrew version of sed if it works then we can only blame Apple for shipping outdated software
sftcd
commented
2 years ago I think I can omit that last call to sed actually given the tail -1 there. I have that change pushed up if that's easier for you than homebrewing
That's https://github.com/sftcd/openssl/commit/c19dd93ad413fde25f73480c8ab33beca31494f3
ghost
commented
2 years ago @sftcd Good news! It changed to the correct sed output with Homebrew sed
However the result changed to
Bummer - probably did not work
ECH: Worked but bad nameReally strange!
sftcd
commented
2 years ago good wrt sed ; the 2nd one's different - if you can send the output from $ CODETOP=$HOME/openssl ./echcli.sh -d I'll see what I see
ghost
commented
2 years ago Running ./echcli.sh at 20211016-003916
Running: /Users/david/openssl/apps/openssl s_client -msg -debug -trace -tlsextdebug -keylogfile keys.cli -CApath /etc/ssl/certs/ -no_ssl3 -no_tls1 -no_tls1_1 -no_tls1_2 -connect crypto.cloudflare.com:443 -servername crypto.cloudflare.com -svcb 0001000001000302683200040008A29F874FA29F884F000500480046FE0D0042DD00200020675672013745723E0EF1D243DE36FC01F60C923670D9E25D0DA22F52CBE3672B0004000100010013636C6F7564666C6172652D65736E692E636F6D000000060020260647000007000000000000A29F874F260647000007000000000000A29F884F -alpn inner,secret,http/1.1 -alpn-outer outer,public,h2
./echcli.sh All output
Setting new_session_cb
CONNECTED(00000007)
Sent Record
Header:
Version = TLS 1.0 (0x301)
Content Type = Handshake (22)
Length = 588
ClientHello, Length=584
client_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x64BA75D1
random_bytes (len=28): 97BBDF111115F89E9C438B4AF8F73A4F90017F03D9C65913671CAAAF
session_id (len=32): B6C76D3BAC1A8572DB144D08CDC18F247A7F8C39119EBBBB94760F502F156768
cipher_suites (len=8)
{0x13, 0x02} TLS_AES_256_GCM_SHA384
{0x13, 0x03} TLS_CHACHA20_POLY1305_SHA256
{0x13, 0x01} TLS_AES_128_GCM_SHA256
{0x00, 0xFF} TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression_methods (len=1)
No Compression (0x00)
extensions, length = 503
extension_type=ec_point_formats(11), length=4
uncompressed (0)
ansiX962_compressed_prime (1)
ansiX962_compressed_char2 (2)
extension_type=supported_groups(10), length=22
ecdh_x25519 (29)
secp256r1 (P-256) (23)
ecdh_x448 (30)
secp521r1 (P-521) (25)
secp384r1 (P-384) (24)
ffdhe2048 (256)
ffdhe3072 (257)
ffdhe4096 (258)
ffdhe6144 (259)
ffdhe8192 (260)
extension_type=session_ticket(35), length=0
extension_type=encrypt_then_mac(22), length=0
extension_type=extended_master_secret(23), length=0
extension_type=signature_algorithms(13), length=30
ecdsa_secp256r1_sha256 (0x0403)
ecdsa_secp384r1_sha384 (0x0503)
ecdsa_secp521r1_sha512 (0x0603)
ed25519 (0x0807)
ed448 (0x0808)
rsa_pss_pss_sha256 (0x0809)
rsa_pss_pss_sha384 (0x080a)
rsa_pss_pss_sha512 (0x080b)
rsa_pss_rsae_sha256 (0x0804)
rsa_pss_rsae_sha384 (0x0805)
rsa_pss_rsae_sha512 (0x0806)
rsa_pkcs1_sha256 (0x0401)
rsa_pkcs1_sha384 (0x0501)
rsa_pkcs1_sha512 (0x0601)
extension_type=supported_versions(43), length=3
TLS 1.3 (772)
extension_type=server_name(0), length=24
0000 - 00 16 00 00 13 63 6c 6f-75 64 66 6c 61 72 65 .....cloudflare
000f - 2d 65 73 6e 69 2e 63 6f-6d -esni.com
extension_type=application_layer_protocol_negotiation(16), length=18
outer
public
h2
extension_type=psk_key_exchange_modes(45), length=2
psk_dhe_ke (1)
extension_type=key_share(51), length=38
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): 60DA7616E23D049FCA884F54ABEFF4E5EA8E548ED56933A8B7DFF5C4CE115B10
extension_type=encrypted_client_hello(draft-13)(65037), length=314
ECH-type is outer
kdf 1, aead: 1, config_id: 0xdd
enc (len=32): 0BBFFA0A94325220FCAA7F662D076FAA35E6EC1E692E226872E08D1F31EBE10D
payload (len=272): CE4A0B14B9EF73CCE431DE4AE8F404EB5F34361A6DAE2B6792DE568F082A58073B10DD70BA2BDA571DB5E04A21F3F70EEA98AB6E85B598FA9B6629D57F11A63E415DB19F6463648D6D777084CFE8F2632B17B41544327535FEE2344C95D0678F59DC2E1EEF8762FA382290F01DF9E9D0D0BB6A0054D2917DEDC2DD0535329A2A1FB9F3E1CB3871DB40D8E3ABC0A5C9C7A466533D128FB771C7FD9E58C7A3D3A414271FA71C10D4B4DADA64728E82D3F991F559D82DAF63B1E832EF608551DB5A21001061E918A5DCEB41CF6FDA44D9B2FC5534B48AFE4374AB3440DC6CD06671E8A1891D974ACE0018E211AF9639A4623816AECC5202E97C28A9A93B3A935B4B54DD6B1EA995B3140A319F4C287F2BD7
write to 0x6000005ec360 [0x14a01b400] (593 bytes => 593 (0x251))
0000 - 16 03 01 02 4c 01 00 02-48 03 03 64 ba 75 d1 97 ....L...H..d.u..
0010 - bb df 11 11 15 f8 9e 9c-43 8b 4a f8 f7 3a 4f 90 ........C.J..:O.
0020 - 01 7f 03 d9 c6 59 13 67-1c aa af 20 b6 c7 6d 3b .....Y.g... ..m;
0030 - ac 1a 85 72 db 14 4d 08-cd c1 8f 24 7a 7f 8c 39 ...r..M....$z..9
0040 - 11 9e bb bb 94 76 0f 50-2f 15 67 68 00 08 13 02 .....v.P/.gh....
0050 - 13 03 13 01 00 ff 01 00-01 f7 00 0b 00 04 03 00 ................
0060 - 01 02 00 0a 00 16 00 14-00 1d 00 17 00 1e 00 19 ................
0070 - 00 18 01 00 01 01 01 02-01 03 01 04 00 23 00 00 .............#..
0080 - 00 16 00 00 00 17 00 00-00 0d 00 1e 00 1c 04 03 ................
0090 - 05 03 06 03 08 07 08 08-08 09 08 0a 08 0b 08 04 ................
00a0 - 08 05 08 06 04 01 05 01-06 01 00 2b 00 03 02 03 ...........+....
00b0 - 04 00 00 00 18 00 16 00-00 13 63 6c 6f 75 64 66 ..........cloudf
00c0 - 6c 61 72 65 2d 65 73 6e-69 2e 63 6f 6d 00 10 00 lare-esni.com...
00d0 - 12 00 10 05 6f 75 74 65-72 06 70 75 62 6c 69 63 ....outer.public
00e0 - 02 68 32 00 2d 00 02 01-01 00 33 00 26 00 24 00 .h2.-.....3.&.$.
00f0 - 1d 00 20 60 da 76 16 e2-3d 04 9f ca 88 4f 54 ab .. `.v..=....OT.
0100 - ef f4 e5 ea 8e 54 8e d5-69 33 a8 b7 df f5 c4 ce .....T..i3......
0110 - 11 5b 10 fe 0d 01 3a 00-00 01 00 01 dd 00 20 0b .[....:....... .
0120 - bf fa 0a 94 32 52 20 fc-aa 7f 66 2d 07 6f aa 35 ....2R ...f-.o.5
0130 - e6 ec 1e 69 2e 22 68 72-e0 8d 1f 31 eb e1 0d 01 ...i."hr...1....
0140 - 10 ce 4a 0b 14 b9 ef 73-cc e4 31 de 4a e8 f4 04 ..J....s..1.J...
0150 - eb 5f 34 36 1a 6d ae 2b-67 92 de 56 8f 08 2a 58 ._46.m.+g..V..*X
0160 - 07 3b 10 dd 70 ba 2b da-57 1d b5 e0 4a 21 f3 f7 .;..p.+.W...J!..
0170 - 0e ea 98 ab 6e 85 b5 98-fa 9b 66 29 d5 7f 11 a6 ....n.....f)....
0180 - 3e 41 5d b1 9f 64 63 64-8d 6d 77 70 84 cf e8 f2 >A]..dcd.mwp....
0190 - 63 2b 17 b4 15 44 32 75-35 fe e2 34 4c 95 d0 67 c+...D2u5..4L..g
01a0 - 8f 59 dc 2e 1e ef 87 62-fa 38 22 90 f0 1d f9 e9 .Y.....b.8".....
01b0 - d0 d0 bb 6a 00 54 d2 91-7d ed c2 dd 05 35 32 9a ...j.T..}....52.
01c0 - 2a 1f b9 f3 e1 cb 38 71-db 40 d8 e3 ab c0 a5 c9 *.....8q.@......
01d0 - c7 a4 66 53 3d 12 8f b7-71 c7 fd 9e 58 c7 a3 d3 ..fS=...q...X...
01e0 - a4 14 27 1f a7 1c 10 d4-b4 da da 64 72 8e 82 d3 ..'........dr...
01f0 - f9 91 f5 59 d8 2d af 63-b1 e8 32 ef 60 85 51 db ...Y.-.c..2.`.Q.
0200 - 5a 21 00 10 61 e9 18 a5-dc eb 41 cf 6f da 44 d9 Z!..a.....A.o.D.
0210 - b2 fc 55 34 b4 8a fe 43-74 ab 34 40 dc 6c d0 66 ..U4...Ct.4@.l.f
0220 - 71 e8 a1 89 1d 97 4a ce-00 18 e2 11 af 96 39 a4 q.....J.......9.
0230 - 62 38 16 ae cc 52 02 e9-7c 28 a9 a9 3b 3a 93 5b b8...R..|(..;:.[
0240 - 4b 54 dd 6b 1e a9 95 b3-14 0a 31 9f 4c 28 7f 2b KT.k......1.L(.+
0250 - d7 .
read from 0x6000005ec360 [0x14a012003] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 7a ....z
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = Handshake (22)
Length = 122
read from 0x6000005ec360 [0x14a012008] (122 bytes => 122 (0x7A))
0000 - 02 00 00 76 03 03 9f e1-1e 5b 33 bc cc 54 d1 e7 ...v.....[3..T..
0010 - 68 d6 0b 92 a1 9d a8 49-7a 12 a5 eb 41 9c 89 c0 h......Iz...A...
0020 - 73 49 60 e5 bb 9c 20 b6-c7 6d 3b ac 1a 85 72 db sI`... ..m;...r.
0030 - 14 4d 08 cd c1 8f 24 7a-7f 8c 39 11 9e bb bb 94 .M....$z..9.....
0040 - 76 0f 50 2f 15 67 68 13-01 00 00 2e 00 2b 00 02 v.P/.gh......+..
0050 - 03 04 00 33 00 24 00 1d-00 20 9c f3 d3 bf f1 30 ...3.$... .....0
0060 - 9c 70 7d a5 e9 9e 22 83-88 b8 89 f4 15 28 b4 5f .p}..."......(._
0070 - d0 b8 c7 bb 83 3c a2 09-2a 7d .....<..*}
ServerHello, Length=118
server_version=0x303 (TLS 1.2)
Random:
gmt_unix_time=0x9FE11E5B
random_bytes (len=28): 33BCCC54D1E768D60B92A19DA8497A12A5EB419C89C0734960E5BB9C
session_id (len=32): B6C76D3BAC1A8572DB144D08CDC18F247A7F8C39119EBBBB94760F502F156768
cipher_suite {0x13, 0x01} TLS_AES_128_GCM_SHA256
compression_method: No Compression (0x00)
extensions, length = 46
extension_type=supported_versions(43), length=2
TLS 1.3 (772)
extension_type=key_share(51), length=36
NamedGroup: ecdh_x25519 (29)
key_exchange: (len=32): 9CF3D3BFF1309C707DA5E99E228388B889F41528B45FD0B8C7BB833CA2092A7D
TLS server extension "supported versions" (id=43), len=2
0000 - 03 04 ..
TLS server extension "key share" (id=51), len=36
0000 - 00 1d 00 20 9c f3 d3 bf-f1 30 9c 70 7d a5 e9 9e ... .....0.p}...
0010 - 22 83 88 b8 89 f4 15 28-b4 5f d0 b8 c7 bb 83 3c "......(._.....<
0020 - a2 09 2a 7d ..*}
read from 0x6000005ec360 [0x14a012003] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01 .....
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
read from 0x6000005ec360 [0x14a012008] (1 bytes => 1 (0x1))
0000 - 01 .
read from 0x6000005ec360 [0x14a012003] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 26 ....&
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 38
read from 0x6000005ec360 [0x14a012008] (38 bytes => 38 (0x26))
0000 - 37 a2 b6 fb 0d 9d ef c2-76 19 1f 00 b3 c3 fc 39 7.......v......9
0010 - 79 d7 4e 0e 9c 19 94 ac-4e 3f d1 52 d4 b1 ef fb y.N.....N?.R....
0020 - 31 64 39 ec 90 b9 1d9...
Inner Content Type = Handshake (22)
EncryptedExtensions, Length=17
extensions, length = 15
extension_type=application_layer_protocol_negotiation(16), length=11
http/1.1
TLS server extension "application layer protocol negotiation" (id=16), len=11
0000 - 00 09 08 68 74 74 70 2f-31 2e 31 ...http/1.1
read from 0x6000005ec360 [0x14a012003] (5 bytes => 5 (0x5))
0000 - 17 03 03 09 3f ....?
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 2367
read from 0x6000005ec360 [0x14a012008] (2367 bytes => 2367 (0x93F))
0000 - e5 4f 90 de a2 aa 59 d5-e4 6b 6d e9 5c 56 bd b6 .O....Y..km.\V..
0010 - 42 b9 e1 1c 74 61 ff c7-50 56 48 28 75 b8 b5 68 B...ta..PVH(u..h
0020 - a3 8f 35 aa f6 35 93 c3-38 e4 fd 7c f0 cd d6 23 ..5..5..8..|...#
0030 - 7c 28 36 42 4b f9 5e 9d-cb 0f 0d 0a 7c d6 f8 43 |(6BK.^.....|..C
0040 - f8 3a 5d 6a 17 85 19 c2-2b 74 32 d1 74 15 d8 09 .:]j....+t2.t...
0050 - 41 df 36 6d 58 6c 5b fe-a5 82 82 c0 f9 c5 4b 7a A.6mXl[.......Kz
0060 - 83 2b 73 36 1a 72 ae 15-f2 6e 10 e3 8b ca 09 bb .+s6.r...n......
0070 - fa da 32 53 73 40 40 cb-cc 94 69 19 17 06 a3 3d ..2Ss@@...i....=
0080 - 99 4d 14 c9 e7 c8 79 a2-ce 49 29 b7 f2 a7 21 0f .M....y..I)...!.
0090 - 46 ac d6 51 7a f4 59 58-83 db 51 4a a7 9e ad a0 F..Qz.YX..QJ....
00a0 - 6e 49 95 bd 47 d6 2f 7f-71 91 04 d5 66 bb b0 b1 nI..G./.q...f...
00b0 - b1 4e 6b f6 59 4d 8c 66-a7 8b 07 38 09 44 67 d9 .Nk.YM.f...8.Dg.
00c0 - fb d0 16 7c 47 6f 00 3c-61 b9 25 e4 80 26 db 53 ...|Go.<a.%..&.S
00d0 - 13 06 4a 5e c4 df 4b 7d-e6 ff 6f 0e e5 25 25 a7 ..J^..K}..o..%%.
00e0 - 59 8b 47 48 d3 bd 43 40-bc c4 93 5b 9a 2b 6a 97 Y.GH..C@...[.+j.
00f0 - 3a eb 14 c5 14 50 53 cb-82 97 29 0c 9b f6 5a c7 :....PS...)...Z.
0100 - de dc 1f f4 7d 08 d6 b9-1c 80 4f f2 59 cc 63 b7 ....}.....O.Y.c.
0110 - 1f 71 48 71 e8 8b 60 e0-f7 df 50 27 aa c0 dd 90 .qHq..`...P'....
0120 - 8a 88 4c 7c 7c f5 01 58-aa 62 fc e1 a7 c4 e4 d5 ..L||..X.b......
0130 - f4 59 33 c5 75 a5 c6 1b-05 e3 1f f1 25 fa de 4c .Y3.u.......%..L
0140 - 1b 48 fa 24 63 05 7f 86-c3 fe 37 85 1f 48 9a 4f .H.$c.....7..H.O
0150 - 82 8f 5e b5 0d 14 3b 67-07 ce 1e 62 ca 45 97 24 ..^...;g...b.E.$
0160 - fb c4 04 e3 ab 0e 72 3e-bd ec 9b 40 98 de 6c 30 ......r>...@..l0
0170 - 46 96 5f 48 7d 45 fa 6b-cc f6 75 03 3a 0d 58 f9 F._H}E.k..u.:.X.
0180 - d0 aa 84 bf 9d 49 c2 06-ad 5d f0 48 30 42 16 fc .....I...].H0B..
0190 - 89 f7 9d 5b 03 71 f4 6f-98 5f bd 7f 15 c0 af ff ...[.q.o._......
01a0 - f9 68 74 d0 c0 ea 65 50-a3 90 a7 90 e2 56 ce e1 .ht...eP.....V..
01b0 - 72 28 e1 05 3a 36 76 53-f4 f7 3c 79 6f 08 65 19 r(..:6vS..<yo.e.
01c0 - d2 c8 6a a2 80 61 fd 65-e4 d5 d3 9b 98 17 18 0f ..j..a.e........
01d0 - f2 b3 71 03 39 9b 0e bb-5a e8 65 a3 67 8f 3d f0 ..q.9...Z.e.g.=.
01e0 - bc d3 23 d5 15 ac 70 f3-81 2f 75 68 8f 69 bb e2 ..#...p../uh.i..
01f0 - 39 73 36 b8 32 49 5d 32-8c 6c 6c da 7d ad 99 93 9s6.2I]2.ll.}...
0200 - a1 b0 fa 5f b3 34 05 5a-ef d0 90 f0 4d a0 9d d0 ..._.4.Z....M...
0210 - 14 1d 15 6e b0 3f 35 be-ff 53 36 1a 21 6f 74 47 ...n.?5..S6.!otG
0220 - 58 eb 9e a5 dc af 2a 6b-c4 a1 5c 0c f6 28 a3 8d X.....*k..\..(..
0230 - 93 83 b1 d3 2a e7 03 1d-62 14 c9 cf 98 db 0d ba ....*...b.......
0240 - f2 d5 f8 ee 14 d2 21 d5-ee c0 d9 99 8d eb ca 0a ......!.........
0250 - 1f dc 74 53 ea 01 12 81-8c f4 ac 04 fb 16 4a 89 ..tS..........J.
0260 - d5 2f 34 9e 42 7d 14 6e-11 ce a5 c4 64 c3 c7 75 ./4.B}.n....d..u
0270 - 45 89 2a 99 37 4f ef fb-e8 34 13 c0 0e 7e d3 91 E.*.7O...4...~..
0280 - e0 fe 28 a7 91 c0 ee 31-93 17 b8 d7 15 c5 2d 74 ..(....1......-t
0290 - 5d 01 5d 96 e6 75 e7 3b-31 46 73 f4 6f b1 c8 97 ].]..u.;1Fs.o...
02a0 - 5c 61 42 c5 c6 d7 9b 09-81 26 44 fa ec a8 02 07 \aB......&D.....
02b0 - cd 36 0b ed d2 4c 17 38-f4 40 f8 2d 4a cd 14 c4 .6...L.8.@.-J...
02c0 - c5 10 29 06 c6 15 85 4d-46 71 e2 42 20 29 b9 f5 ..)....MFq.B )..
02d0 - fc 56 dd e2 e6 c3 30 c8-b5 f0 54 a7 c5 4f ad 0b .V....0...T..O..
02e0 - f0 b4 85 47 0c e4 f7 c9-25 ad cd e0 aa e8 95 16 ...G....%.......
02f0 - 4e 6c 39 9e dc 6e fe 57-6b d5 8d 99 a5 2c 5c 76 Nl9..n.Wk....,\v
0300 - d9 f8 4a 34 bd 44 42 af-af 7d 20 1a be ca b9 63 ..J4.DB..} ....c
0310 - e4 11 b4 be cd b3 50 f1-b3 80 85 ce 45 b2 5c 4a ......P.....E.\J
0320 - 66 19 37 32 7a 37 60 09-d7 89 17 17 4c ef b3 22 f.72z7`.....L.."
0330 - 13 95 82 90 b1 b1 61 40-2d 15 49 19 63 66 1b 4f ......a@-.I.cf.O
0340 - 86 91 7c fc f1 14 6c d3-02 93 a0 7d 1c 76 e2 0c ..|...l....}.v..
0350 - a6 2f bd a7 e5 19 1f b6-ad d8 2c 37 4c a7 b1 0b ./........,7L...
0360 - ed db 3d 12 30 56 79 f4-a0 fb 4d 54 67 c8 b4 a9 ..=.0Vy...MTg...
0370 - 31 49 b0 61 0a 7a c0 c9-1e 67 ba a7 1e e9 99 74 1I.a.z...g.....t
0380 - 9f a4 39 8f 8e 66 25 17-e2 54 20 20 54 b2 2c 41 ..9..f%..T T.,A
0390 - b5 1f f3 0d 41 c7 1c 6f-4e f9 fb 1c ae 4e 85 68 ....A..oN....N.h
03a0 - 96 fd 1b e1 35 62 c1 9c-fb d0 ce 37 a5 7f 81 33 ....5b.....7...3
03b0 - 85 fe 79 24 ea d9 77 36-72 b9 9b 9b 2e b1 e6 14 ..y$..w6r.......
03c0 - a6 de 9b 89 a8 5c f8 cc-26 52 00 bb 00 46 f3 df .....\..&R...F..
03d0 - 42 5c eb 38 6d bd 2a f3-1d 97 8e 29 a4 bf 16 58 B\.8m.*....)...X
03e0 - fe 89 6a 3a 17 31 1f d9-e1 91 fd 10 9d 3d dc 26 ..j:.1.......=.&
03f0 - 64 1f 59 81 13 fe c2 27-36 84 43 ed 18 60 ed 48 d.Y....'6.C..`.H
0400 - 3b 10 6c 30 9d a2 76 6a-c2 1b 6c b7 3d 63 be eb ;.l0..vj..l.=c..
0410 - ed e3 87 b2 cc a4 b3 6e-2e b0 cd 51 63 88 85 1c .......n...Qc...
0420 - 20 63 b8 b5 2f cf b1 c2-7b 53 71 46 b8 63 01 28 c../...{SqF.c.(
0430 - 24 b8 5f 79 a9 e0 d3 0d-16 2e f3 f9 d2 84 a9 f3 $._y............
0440 - ad 04 e9 7e 9a d6 08 5c-f6 da b4 5e 94 1f 4e 72 ...~...\...^..Nr
0450 - 60 63 75 33 df 57 d7 9c-1a 65 ac 7e e1 0f f8 13 `cu3.W...e.~....
0460 - 5b bf 6c 60 fe 65 a9 47-34 bc 2d 57 bb d1 cf 21 [.l`.e.G4.-W...!
0470 - ae 23 4f ea 19 3d 25 3b-78 06 93 1b 7b aa 02 a6 .#O..=%;x...{...
0480 - 14 d9 2e fb 99 3d c4 00-ef 24 ea 5e c1 60 02 9f .....=...$.^.`..
0490 - a6 92 b2 d4 9f 8c 44 ef-56 42 39 d1 be 0c 57 f7 ......D.VB9...W.
04a0 - 07 37 47 81 dd e4 47 2d-d0 e8 52 13 bd a0 48 60 .7G...G-..R...H`
04b0 - 49 f1 c6 0e 30 78 d2 ec-dc 20 ce d2 57 d5 dd 87 I...0x... ..W...
04c0 - 99 7b 0e 34 43 45 42 bc-b5 c1 da a0 f3 a0 0c 8a .{.4CEB.........
04d0 - d9 65 8c cc 4c b6 4e 65-02 42 28 13 a0 62 da a6 .e..L.Ne.B(..b..
04e0 - 0c 22 e8 30 19 e0 9f a6-0e c9 56 fc e0 f7 75 b3 .".0......V...u.
04f0 - 9f 7c 1b 12 71 2f 7a 29-28 a4 c7 72 fa 05 2f 53 .|..q/z)(..r../S
0500 - 62 a0 13 c9 1c fe 57 a2-6e e2 cb ad 31 2a f2 e2 b.....W.n...1*..
0510 - 0f 67 3d 43 a2 19 45 67-56 9c 1a 55 df 0e 59 0c .g=C..EgV..U..Y.
0520 - 90 41 c9 eb fb f8 89 e7-12 22 25 be f9 10 5c d2 .A......."%...\.
0530 - f0 d3 26 c8 4d 68 fc c7-e0 4e 98 c0 27 28 0f 8d ..&.Mh...N..'(..
0540 - 4a d3 2f 19 6c 65 d2 01-1e 49 7a 0e 1e c4 c4 ef J./.le...Iz.....
0550 - e9 d9 f0 98 5f 6b ee 97-70 60 72 56 6f e5 ba 48 ...._k..p`rVo..H
0560 - 00 00 e4 25 f8 a2 45 92-9b 60 42 a6 31 8b 88 c9 ...%..E..`B.1...
0570 - f2 04 9a ef 74 2d b2 dd-18 8f f6 4d 1a ee 79 89 ....t-.....M..y.
0580 - 9d f5 16 4d bb b3 d4 fd-39 03 e4 02 22 af b1 0c ...M....9..."...
0590 - 70 02 4c e4 98 8c 9e 2a-78 a0 a5 81 fb 32 75 e7 p.L....*x....2u.
05a0 - 35 02 48 25 31 8d 7c 11-f1 40 fd 39 91 ea f3 88 5.H%1.|..@.9....
05b0 - f9 4d ff a6 43 04 37 a4-ab 4e 25 55 21 f6 0c 9b .M..C.7..N%U!...
05c0 - 68 25 57 f3 a5 d7 34 c8-ba c5 93 df 75 01 94 d8 h%W...4.....u...
05d0 - ac 94 34 a8 fa a9 67 b4-1e c8 bf fa 5e 85 28 fd ..4...g.....^.(.
05e0 - 3e 74 62 af ef 55 cf e5-be aa 8d 40 c8 9b 81 6e >tb..U.....@...n
05f0 - 4e 02 b0 97 6f 9c 60 56-f5 df 81 29 91 82 d0 3a N...o.`V...)...:
0600 - 90 5e 50 18 b9 dc 3c 65-26 90 53 09 79 df a6 1e .^P...<e&.S.y...
0610 - c1 25 58 f6 c8 23 c9 73-e1 2a d0 10 c8 44 e7 3c .%X..#.s.*...D.<
0620 - 8f 74 8a 27 c5 89 e8 31-7f d9 68 5f a4 9c 4f a5 .t.'...1..h_..O.
0630 - d9 db 5c 2d d3 4e e2 ac-4c 3d 4d 64 8f ba 2b cb ..\-.N..L=Md..+.
0640 - 51 e0 11 c6 9a d2 d5 62-54 50 28 81 30 e4 63 00 Q......bTP(.0.c.
0650 - e2 32 04 03 d3 90 9a 6f-c0 2c 6f e6 ed 7b 86 02 .2.....o.,o..{..
0660 - 41 a5 05 8b a2 aa 83 43-0a 8c ea 15 aa e3 50 84 A......C......P.
0670 - 30 8a 0d 2b 68 9f bb 87-2b 5a 68 35 94 7d 8b 9f 0..+h...+Zh5.}..
0680 - 2b 4b c7 4c ff c8 d7 1c-82 74 f4 ca 14 99 49 7c +K.L.....t....I|
0690 - cf f6 60 ad a3 2a 86 01-69 95 6a 4b a1 e9 31 82 ..`..*..i.jK..1.
06a0 - 71 f9 6a d4 a0 1f 66 ea-c4 a2 35 b6 30 0e 9e 5d q.j...f...5.0..]
06b0 - 19 a5 5e d4 86 c1 84 55-81 6b 1f d6 b8 0b 27 cc ..^....U.k....'.
06c0 - 60 f9 6e a3 31 e6 50 79-f4 4a 40 71 33 84 be d4 `.n.1.Py.J@q3...
06d0 - e7 f4 8c cf ee ba 86 df-cc a9 ff de a2 18 74 4b ..............tK
06e0 - 62 3c 7b fc 44 55 1f ca-dc 85 78 49 0d 08 88 12 b<{.DU....xI....
06f0 - 6b f2 35 48 4d 6a 3f e6-78 a7 eb 0b cb cb 57 c8 k.5HMj?.x.....W.
0700 - 01 de 31 f0 d9 78 9c 47-bc 5e 8b 7a 6f bf d0 88 ..1..x.G.^.zo...
0710 - 51 63 4a d5 29 d5 b8 31-d6 7d f1 7f 47 29 36 c3 QcJ.)..1.}..G)6.
0720 - a3 37 d3 49 02 9c e9 c4-cf 7e 89 f2 99 b0 e0 af .7.I.....~......
0730 - b5 7a 73 04 87 63 bc 43-cc 15 c1 e3 a6 e8 b0 bb .zs..c.C........
0740 - 8e 95 49 cf 74 dd 8b ea-a6 bc 7d b4 02 51 80 14 ..I.t.....}..Q..
0750 - 36 5e f5 d6 da 08 b0 56-36 ce ef 04 c1 0c 9b c6 6^.....V6.......
0760 - 82 6e 2d 45 42 f2 b9 ee-1c a1 3e e7 00 55 6e 0d .n-EB.....>..Un.
0770 - 20 dd 04 1e e5 b5 7d 73-ea 88 5c 01 9d fe 07 dd .....}s..\.....
0780 - dd 19 ac 13 c5 96 4b 92-10 40 4b 45 b9 f6 f3 0b ......K..@KE....
0790 - ab 0d 16 3f 57 24 00 b6-08 ca be 3b ab ef b8 61 ...?W$.....;...a
07a0 - 71 03 33 03 0a 66 36 27-34 93 9c 76 eb 25 98 6a q.3..f6'4..v.%.j
07b0 - b4 8c 81 af f6 d6 ea 1e-80 c5 5b 1e a6 0f 65 35 ..........[...e5
07c0 - 41 6b a7 5a 0a 1d 8b be-b8 66 e4 0c 2e 32 d8 a5 Ak.Z.....f...2..
07d0 - 57 05 9f 05 29 97 9f d2-9a 20 58 72 0f 75 83 16 W...).... Xr.u..
07e0 - 0f cd b5 5b 49 fe 69 1e-d8 9b 65 9c b9 bd c7 01 ...[I.i...e.....
07f0 - 7a d1 bd b0 02 b8 1c 88-78 4c 6e f8 65 a1 3e c9 z.......xLn.e.>.
0800 - 12 75 fd da 6a 9a 04 bc-cc 59 45 ce 43 34 0a fa .u..j....YE.C4..
0810 - 74 6d ae dd b0 ff ea cb-4b a8 47 e7 a4 84 86 97 tm......K.G.....
0820 - 70 f3 8b 5e 79 25 3f ba-24 24 a1 d4 21 bd 1b 4a p..^y%?.$$..!..J
0830 - 24 69 aa f8 6b f8 af 62-50 de f7 58 96 85 5d 22 $i..k..bP..X..]"
0840 - 3e ea 79 89 cd e5 46 e4-85 a0 e7 83 1c 93 4f 13 >.y...F.......O.
0850 - 6f 16 44 3e 41 09 ec 71-bb 11 28 c0 77 87 39 f0 o.D>A..q..(.w.9.
0860 - a4 6f 4e ba 7d a3 19 ce-e9 92 1e 0c 2f c8 97 93 .oN.}......./...
0870 - 60 20 c6 ce 8d 5e f7 30-f2 b5 6f 2d 3b 56 2a 00 ` ...^.0..o-;V*.
0880 - 9f 9b 54 68 32 08 17 49-16 72 c9 73 42 05 7e 02 ..Th2..I.r.sB.~.
0890 - cf 59 29 4e 51 da c4 91-aa 31 05 eb ee e1 03 4c .Y)NQ....1.....L
08a0 - cb 9c 8c 59 73 8b b8 a6-19 79 44 3d 2a ac ac bd ...Ys....yD=*...
08b0 - d9 0f ed a8 ba b1 3a 4b-e9 aa d9 4b ec d2 77 33 ......:K...K..w3
08c0 - f4 05 0c 06 48 9f 34 b1-58 2e 72 93 cd 85 ce 78 ....H.4.X.r....x
08d0 - 50 a9 19 7c 73 1e 75 f8-ec 28 14 4b dc 40 3b 2c P..|s.u..(.K.@;,
08e0 - d4 66 f0 67 a2 c3 8b b3-f2 79 af fc 82 d3 7a 90 .f.g.....y....z.
08f0 - 91 db c5 c9 b8 f7 9b b9-ed f1 6b ac 4c 80 3a 51 ..........k.L.:Q
0900 - ed 44 39 b6 ae ed b6 5d-6a e5 99 49 54 20 21 f6 .D9....]j..IT !.
0910 - 5b 5a ed 59 34 8f c8 d1-1b ec 66 91 db 76 e2 bb [Z.Y4.....f..v..
0920 - 7b a3 ab 64 1a 02 17 7f-95 62 9e f2 ed 62 ba e5 {..d.....b...b..
0930 - 7c a0 ca 49 56 87 bd 63-39 92 c9 e6 2d 9a f7 |..IV..c9...-..
Inner Content Type = Handshake (22)
Certificate, Length=2346
context (len=0):
certificate_list, length=2342
ASN.1Cert, length=1355
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
02:98:5c:2d:f3:43:5f:82:5c:80:a0:58:1f:c8:bb:e6
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
Validity
Not Before: May 4 00:00:00 2021 GMT
Not After : May 3 23:59:59 2022 GMT
Subject: C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:39:5a:a9:8b:b6:d9:1d:73:e1:ab:15:15:32:f2:
d3:81:2e:e7:d1:57:09:69:99:6c:55:88:00:ec:4e:
b9:f7:10:70:a2:5e:f9:ee:08:4e:71:c8:82:1f:df:
e8:67:8f:04:d3:e6:8a:7f:84:9f:38:d8:d2:db:d1:
0f:18:d6:e3:55
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F
X509v3 Subject Key Identifier:
07:DB:65:97:E8:3D:CA:F7:04:12:EA:B0:C9:AD:09:A3:48:07:CE:56
X509v3 Subject Alternative Name:
DNS:sni.cloudflaressl.com, DNS:crypto.cloudflare.com, DNS:*.crypto.cloudflare.com
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/CloudflareIncECCCA-3.crl
Full Name:
URI:http://crl4.digicert.com/CloudflareIncECCCA-3.crl
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/CloudflareIncECCCA-3.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 29:79:BE:F0:9E:39:39:21:F0:56:73:9F:63:A5:77:E5:
BE:57:7D:9C:60:0A:F8:F9:4D:5D:26:5C:25:5D:C7:84
Timestamp : May 4 20:27:50.374 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:61:7F:66:96:55:C3:05:3A:DE:91:3B:F8:
DF:04:B0:97:F4:C3:FC:73:A6:60:8F:D2:FC:80:8D:98:
D0:C5:21:6F:02:20:04:6A:D4:9B:92:8E:FC:75:B3:87:
04:14:1C:27:68:D0:2A:2B:04:5A:94:22:BA:74:BF:3A:
46:5C:F7:63:D0:DB
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 22:45:45:07:59:55:24:56:96:3F:A1:2F:F1:F7:6D:86:
E0:23:26:63:AD:C0:4B:7F:5D:C6:83:5C:6E:E2:0F:02
Timestamp : May 4 20:27:49.424 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:71:AF:74:51:AA:60:37:EC:25:22:68:F5:
B1:55:90:1E:F1:63:09:BE:27:D9:72:4F:F2:CD:97:88:
9B:07:4D:B9:02:20:77:E8:4E:12:D4:8E:57:85:AE:9F:
AF:C7:06:3D:B4:56:36:86:71:E2:07:42:8C:97:54:30:
B0:D0:92:4A:CC:6E
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 51:A3:B0:F5:FD:01:79:9C:56:6D:B8:37:78:8F:0C:A4:
7A:CC:1B:27:CB:F7:9E:88:42:9A:0D:FE:D4:8B:05:E5
Timestamp : May 4 20:27:49.923 2021 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:B1:06:05:98:37:BA:1C:04:B1:44:F9:
D8:47:EB:98:CF:BC:FD:21:7D:59:57:C0:57:E5:58:8B:
E5:18:C2:3F:46:02:21:00:D8:10:CA:F1:E6:DB:7D:2F:
31:6C:C3:4E:CC:78:02:EB:BB:4B:9A:DD:38:09:BE:F1:
6E:50:AB:17:FB:58:F8:F0
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:44:02:20:31:fc:5b:3b:0e:04:62:75:73:18:6f:b8:e6:65:
6b:6e:a3:db:a6:0b:2e:42:f8:57:d5:ac:69:67:8c:7f:23:f0:
02:20:4a:fa:be:73:4c:02:47:20:cb:2c:bd:8a:cb:18:6e:dd:
9f:4b:7c:f0:54:8d:b0:5c:81:2f:cc:0a:6b:80:b4:b1
-----BEGIN CERTIFICATE-----
MIIFRzCCBO6gAwIBAgIQAphcLfNDX4JcgKBYH8i75jAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNTA0MDAwMDAwWhcNMjIwNTAz
MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG
A1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe
MBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEOVqpi7bZHXPhqxUVMvLTgS7n0VcJaZlsVYgA7E659xBwol757ghO
cciCH9/oZ48E0+aKf4SfONjS29EPGNbjVaOCA4kwggOFMB8GA1UdIwQYMBaAFKXO
N+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQH22WX6D3K9wQS6rDJrQmjSAfO
VjBQBgNVHREESTBHghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CFWNyeXB0by5jbG91
ZGZsYXJlLmNvbYIXKi5jcnlwdG8uY2xvdWRmbGFyZS5jb20wDgYDVR0PAQH/BAQD
AgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB7BgNVHR8EdDByMDeg
NaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NB
LTMuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vQ2xvdWRmbGFy
ZUluY0VDQ0NBLTMuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUH
AgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB2BggrBgEFBQcBAQRqMGgw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcw
AoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0ND
QS0zLmNydDAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcA
dQApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAXk5EMLmAAAEAwBG
MEQCIGF/ZpZVwwU63pE7+N8EsJf0w/xzpmCP0vyAjZjQxSFvAiAEatSbko78dbOH
BBQcJ2jQKisEWpQiunS/OkZc92PQ2wB1ACJFRQdZVSRWlj+hL/H3bYbgIyZjrcBL
f13Gg1xu4g8CAAABeTkQvzAAAAQDAEYwRAIgca90UapgN+wlImj1sVWQHvFjCb4n
2XJP8s2XiJsHTbkCIHfoThLUjleFrp+vxwY9tFY2hnHiB0KMl1QwsNCSSsxuAHcA
UaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAF5ORDBIwAABAMASDBG
AiEAsQYFmDe6HASxRPnYR+uYz7z9IX1ZV8BX5ViL5RjCP0YCIQDYEMrx5tt9LzFs
w07MeALru0ua3TgJvvFuUKsX+1j48DAKBggqhkjOPQQDAgNHADBEAiAx/Fs7DgRi
dXMYb7jmZWtuo9umCy5C+FfVrGlnjH8j8AIgSvq+c0wCRyDLLL2Kyxhu3Z9LfPBU
jbBcgS/MCmuAtLE=
-----END CERTIFICATE-----
------------------
No extensions
ASN.1Cert, length=977
------details-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:37:87:64:5e:5f:b4:8c:22:4e:fd:1b:ed:14:0c:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
Validity
Not Before: Jan 27 12:48:08 2020 GMT
Not After : Dec 31 23:59:59 2024 GMT
Subject: C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:b9:ad:4d:66:99:14:0b:46:ec:1f:81:d1:2a:50:
1e:9d:03:15:2f:34:12:7d:2d:96:b8:88:38:9b:85:
5f:8f:bf:bb:4d:ef:61:46:c4:c9:73:d4:24:4f:e0:
ee:1c:ce:6c:b3:51:71:2f:6a:ee:4c:05:09:77:d3:
72:62:a4:9b:d7
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:CE:37:EA:EB:B0:75:0E:94:67:88:B4:45:FA:D9:24:10:87:96:1F
X509v3 Authority Key Identifier:
E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/Omniroot2025.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.114412.1.1
CPS: https://www.digicert.com/CPS
Policy: 2.16.840.1.114412.1.2
Policy: 2.23.140.1.2.1
Policy: 2.23.140.1.2.2
Policy: 2.23.140.1.2.3
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
05:24:1d:dd:1b:b0:2a:eb:98:d6:85depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
verify return:1
:e3:39:4d:5e:6b:57:9d:
82:57:fc:eb:e8:31:a2:57:90:65:05:be:16:44:38:5a:77:02:
b9:cf:10:42:c6:e1:92:a4:e3:45:27:f8:00:47:2c:68:a8:56:
99:53:54:8f:ad:9e:40:c1:d0:0f:b6:d7:0d:0b:38:48:6c:50:
2c:49:90:06:5b:64:1d:8b:cc:48:30:2e:de:08:e2:9b:49:22:
c0:92:0c:11:5e:96:92:94:d5:fc:20:dc:56:6c:e5:92:93:bf:
7a:1c:c0:37:e3:85:49:15:fa:2b:e1:74:39:18:0f:b7:da:f3:
a2:57:58:60:4f:cc:8e:94:00:fc:46:7b:34:31:3e:4d:47:82:
81:3a:cb:f4:89:5d:0e:ef:4d:0d:6e:9c:1b:82:24:dd:32:25:
5d:11:78:51:10:3d:a0:35:23:04:2f:65:6f:9c:c1:d1:43:d7:
d0:1e:f3:31:67:59:27:dd:6b:d2:75:09:93:11:24:24:14:cf:
29:be:e6:23:c3:b8:8f:72:3f:e9:07:c8:24:44:53:7a:b3:b9:
61:65:a1:4c:0e:c6:48:00:c9:75:63:05:87:70:45:52:83:d3:
95:9d:45:ea:f0:e8:31:1d:7e:09:1f:0a:fe:3e:dd:aa:3c:5e:
74:d2:ac:b1
-----BEGIN CERTIFICATE-----
MIIDzTCCArWgAwIBAgIQCjeHZF5ftIwiTv0b7RQMPDANBgkqhkiG9w0BAQsFADBa
MQswCQYDVQQGEwJJRTESMBAGA1UEChMJQmFsdGltb3JlMRMwEQYDVQQLEwpDeWJl
clRydXN0MSIwIAYDVQQDExlCYWx0aW1vcmUgQ3liZXJUcnVzdCBSb290MB4XDTIw
MDEyNzEyNDgwOFoXDTI0MTIzMTIzNTk1OVowSjELMAkGA1UEBhMCVVMxGTAXBgNV
BAoTEENsb3VkZmxhcmUsIEluYy4xIDAeBgNVBAMTF0Nsb3VkZmxhcmUgSW5jIEVD
QyBDQS0zMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEua1NZpkUC0bsH4HRKlAe
nQMVLzQSfS2WuIg4m4Vfj7+7Te9hRsTJc9QkT+DuHM5ss1FxL2ruTAUJd9NyYqSb
16OCAWgwggFkMB0GA1UdDgQWBBSlzjfq67B1DpRniLRF+tkkEIeWHzAfBgNVHSME
GDAWgBTlnVkwgkdYzKz6CFQ2hns6tQRN8DAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQIMAYBAf8CAQAwNAYI
KwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j
b20wOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL09t
bmlyb290MjAyNS5jcmwwbQYDVR0gBGYwZDA3BglghkgBhv1sAQEwKjAoBggrBgEF
BQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglghkgBhv1sAQIw
CAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQELBQADggEB
AAUkHd0bsCrrmNaF4zlNXmtXnYJX/OvoMaJXkGUFvhZEOFp3ArnPEELG4ZKk40Un
+ABHLGioVplTVI+tnkDB0A+21w0LOEhsUCxJkAZbZB2LzEgwLt4I4ptJIsCSDBFe
lpKU1fwg3FZs5ZKTv3ocwDfjhUkV+ivhdDkYD7fa86JXWGBPzI6UAPxGezQxPk1H
goE6y/SJXQ7vTQ1unBuCJN0yJV0ReFEQPaA1IwQvZW+cwdFD19Ae8zFnWSfda9J1
CZMRJCQUzym+5iPDuI9yP+kHyCREU3qzuWFloUwOxkgAyXVjBYdwRVKD05WdRerw
6DEdfgkfCv4+3ao8XnTSrLE=
-----END CERTIFICATE-----
------------------
No extensions
read from 0x6000005ec360 [0x14a012003] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 60 ....`
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 96
read from 0x6000005ec360 [0x14a012008] (96 bytes => 96 (0x60))
0000 - c9 d8 70 4d 4f 43 58 8e-ba e0 37 cb 4b ae 5b eb ..pMOCX...7.K.[.
0010 - 6f 53 d7 b4 f6 1b 35 e9-ab 48 bb 6c cd b5 49 54 oS....5..H.l..IT
0020 - fb ac 32 d5 fb 5a dc 01-0f 60 e2 c9 5a 7a ad b0 ..2..Z...`..Zz..
0030 - c3 d2 48 f2 c2 af da 41-e6 3e 71 9c 8a 75 b6 03 ..H....A.>q..u..
0040 - d1 34 5d ec 7e 08 e9 ea-1c 11 38 d8 ab 47 6a d5 .4].~.....8..Gj.
0050 - 77 6c fe 09 da e5 fd ec-16 bb 20 a4 1f 6b b7 bb wl........ ..k..
Inner Content Type = Handshake (22)
CertificateVerify, Length=75
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature (len=71): 3045022058844BD577BB46192A79612587568D2D1037FC85CB56E7BE4A602D4A7A7696D6022100A9F519C07DEF98AE6CCD67CD6D76B652E9E5A03BF1A5B82A50F8D61D2B0081CD
read from 0x6000005ec360 [0x14a012003] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 35 ....5
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 53
read from 0x6000005ec360 [0x14a012008] (53 bytes => 53 (0x35))
0000 - 12 ac 6e 0d ff 83 31 9d-31 ea 8e ec 05 f5 c9 9e ..n...1.1.......
0010 - cd 8f 4d 4a 3b 8e d1 74-92 94 cb 79 74 3b ff b2 ..MJ;..t...yt;..
0020 - c6 46 66 b0 87 77 6e 77-a5 09 d9 eb 71 5d 57 01 .Ff..wnw....q]W.
0030 - 85 85 64 42 a8 ..dB.
Inner Content Type = Handshake (22)
Finished, Length=32
verify_data (len=32): 82DF4037300AF8F4051B727A3303F1EC75FA71B7A69C3CB86787CB32FBDD2A53
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ChangeCipherSpec (20)
Length = 1
change_cipher_spec (1)
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 53
Inner Content Type = Handshake (22)
Finished, Length=32
verify_data (len=32): C131792A9F23411F1E47D8720FA4D3EAB6F66E9AB04B7D99DE6D52E6ED547832
write to 0x6000005ec360 [0x14a01b400] (64 bytes => 64 (0x40))
0000 - 14 03 03 00 01 01 17 03-03 00 35 d4 cc 08 47 54 ..........5...GT
0010 - f5 91 22 8d 7a 31 68 c9-52 a8 c7 92 8d e3 25 2f ..".z1h.R.....%/
0020 - d0 63 69 92 5b 3d 66 7e-ef b5 ab 34 fe 53 72 61 .ci.[=f~...4.Sra
0030 - 3e 1c d9 af 3c 28 51 d5-e5 63 49 4e b2 c8 d4 b5 >...<(Q..cIN....
---
Certificate chain
0 s:C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
i:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: ecdsa-with-SHA256
v:NotBefore: May 4 00:00:00 2021 GMT; NotAfter: May 3 23:59:59 2022 GMT
1 s:C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
i:C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
a:PKEY: id-ecPublicKey, 256 (bit); sigalg: RSA-SHA256
v:NotBefore: Jan 27 12:48:08 2020 GMT; NotAfter: Dec 31 23:59:59 2024 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFRzCCBO6gAwIBAgIQAphcLfNDX4JcgKBYH8i75jAKBggqhkjOPQQDAjBKMQsw
CQYDVQQGEwJVUzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEgMB4GA1UEAxMX
Q2xvdWRmbGFyZSBJbmMgRUNDIENBLTMwHhcNMjEwNTA0MDAwMDAwWhcNMjIwNTAz
MjM1OTU5WjB1MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG
A1UEBxMNU2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQQ2xvdWRmbGFyZSwgSW5jLjEe
MBwGA1UEAxMVc25pLmNsb3VkZmxhcmVzc2wuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEOVqpi7bZHXPhqxUVMvLTgS7n0VcJaZlsVYgA7E659xBwol757ghO
cciCH9/oZ48E0+aKf4SfONjS29EPGNbjVaOCA4kwggOFMB8GA1UdIwQYMBaAFKXO
N+rrsHUOlGeItEX62SQQh5YfMB0GA1UdDgQWBBQH22WX6D3K9wQS6rDJrQmjSAfO
VjBQBgNVHREESTBHghVzbmkuY2xvdWRmbGFyZXNzbC5jb22CFWNyeXB0by5jbG91
ZGZsYXJlLmNvbYIXKi5jcnlwdG8uY2xvdWRmbGFyZS5jb20wDgYDVR0PAQH/BAQD
AgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB7BgNVHR8EdDByMDeg
NaAzhjFodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vQ2xvdWRmbGFyZUluY0VDQ0NB
LTMuY3JsMDegNaAzhjFodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vQ2xvdWRmbGFy
ZUluY0VDQ0NBLTMuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUH
AgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzB2BggrBgEFBQcBAQRqMGgw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBABggrBgEFBQcw
AoY0aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Nsb3VkZmxhcmVJbmNFQ0ND
QS0zLmNydDAMBgNVHRMBAf8EAjAAMIIBfQYKKwYBBAHWeQIEAgSCAW0EggFpAWcA
dQApeb7wnjk5IfBWc59jpXflvld9nGAK+PlNXSZcJV3HhAAAAXk5EMLmAAAEAwBG
MEQCIGF/ZpZVwwU63pE7+N8EsJf0w/xzpmCP0vyAjZjQxSFvAiAEatSbko78dbOH
BBQcJ2jQKisEWpQiunS/OkZc92PQ2wB1ACJFRQdZVSRWlj+hL/H3bYbgIyZjrcBL
f13Gg1xu4g8CAAABeTkQvzAAAAQDAEYwRAIgca90UapgN+wlImj1sVWQHvFjCb4n
2XJP8s2XiJsHTbkCIHfoThLUjleFrp+vxwY9tFY2hnHiB0KMl1QwsNCSSsxuAHcA
UaOw9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAF5ORDBIwAABAMASDBG
AiEAsQYFmDe6HASxRPnYR+uYz7z9IX1ZV8BX5ViL5RjCP0YCIQDYEMrx5tt9LzFs
w07MeALru0ua3TgJvvFuUKsX+1j48DAKBggqhkjOPQQDAgNHADBEAiAx/Fs7DgRi
dXMYb7jmZWtuo9umCy5C+FfVrGlnjH8j8AIgSvq+c0wCRyDLLL2Kyxhu3Z9LfPBU
jbBcgS/MCmuAtLE=
-----END CERTIFICATE-----
subject=C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
issuer=C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2707 bytes and written 657 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_128_GCM_SHA256
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
ALPN protocol: http/1.1
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
ECH: worked but bad name
*** SSL_ech_print ***
s=0x14987ee00
inner_s=0x0
outer_s=0x14a01c400
ech_attempted=1
ech_attempted_type=0xfe0d
ech_atttempted_cid=0xdd
ech_done=1
ech_grease=0
HRR=0
hrr_depth=-1
ech_returned=0x0
ech_returned_len=0
ech_backend=0
ech_success=1
1 ECHConfig values loaded
ECHConfig 0
[fe0d,dd,cloudflare-esni.com,0020,[0001,0001],675672013745723e0ef1d243de36fc01f60c923670d9e25d0da22f52cbe3672b,00,00]
*** SSL_ech_print ***
---
HTTP/1.1 302 Found
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Cf-Ray: 69ed3aabd12739a1-SEA
Expect-Ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Location: https://tools.ietf.org/html/draft-ietf-tls-esni-13
Server: cloudflare
Vary: Accept-Encoding
Date: Sat, 16 Oct 2021 00:39:17 GMT
Content-Length: 0
Connection: close
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 84
Inner Content Type = ApplicationData (23)
write to 0x6000005ec360 [0x14a016203] (89 bytes => 89 (0x59))
0000 - 17 03 03 00 54 de 4c ab-b0 7e e7 0e fc f9 8e 7c ....T.L..~.....|
0010 - e2 d0 0d a7 7b a3 31 22-e4 c8 98 ee fc 55 8b e8 ....{.1".....U..
0020 - b6 da 77 3f 7b 2f 26 be-49 3c 27 b5 79 97 24 28 ..w?{/&.I<'.y.$(
0030 - 6e 93 20 12 b3 44 f5 62-85 4d 21 27 7c d5 78 61 n. ..D.b.M!'|.xa
0040 - 5d ea 0c 34 7f 4c 1b d2-48 0b bb d1 1b 15 5f 8e ]..4.L..H....._.
0050 - f5 f6 f3 63 95 2f 45 5f-1b ...c./E_.
read from 0x6000005ec360 [0x14a012003] (5 bytes => 5 (0x5))
0000 - 17 03 03 01 e8 .....
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 488
read from 0x6000005ec360 [0x14a012008] (488 bytes => 488 (0x1E8))
0000 - d4 34 a6 88 37 53 e4 c5-bd 70 70 25 8c c7 85 61 .4..7S...pp%...a
0010 - 37 b9 b9 bc 8b 56 a0 34-23 2a 61 72 09 fa ef 93 7....V.4#*ar....
0020 - 9d 4c 57 ca 86 2d e8 be-91 25 3e 91 b9 1f 87 34 .LW..-...%>....4
0030 - 50 a4 6b 8e 9c be fe 45-ac 6c 8a fb 5d 39 bc a6 P.k....E.l..]9..
0040 - ab e0 7d 28 7a 06 d3 e0-bb ef b8 67 f5 31 a6 38 ..}(z......g.1.8
0050 - 4c 71 de 3f 59 34 df 01-6f 0a 0a 11 2f 45 0e 4b Lq.?Y4..o.../E.K
0060 - e8 ac 14 58 92 10 5f d5-a9 ae 8e 11 2a 3c d1 9a ...X.._.....*<..
0070 - ff 42 e8 0e 4b 45 2e cc-ba de a9 aa d3 9e b0 bc .B..KE..........
0080 - 53 2b 43 6f db 7a 94 7b-6a 8d d0 fb 9b 35 15 d6 S+Co.z.{j....5..
0090 - b5 7d 3c de fd cc 30 78-64 c0 08 3d 35 5f 86 7d .}<...0xd..=5_.}
00a0 - f0 0f a1 0b c7 f6 55 54-41 5a e6 91 71 f6 c3 33 ......UTAZ..q..3
00b0 - f4 77 03 59 cf 1a 5e 05-8e be 8f cd d1 f3 6e 2c .w.Y..^.......n,
00c0 - 18 1b 99 b6 ab 86 22 3d-fb 9a 7d b9 6c 8a 15 b6 ......"=..}.l...
00d0 - 19 3a 94 7a 43 2a 2f 01-d9 be 6b c5 54 85 06 a7 .:.zC*/...k.T...
00e0 - a1 8f 58 de 1e 2b ab 9f-dd 6e 79 a2 b5 0a 77 95 ..X..+...ny...w.
00f0 - b2 a2 1a df 2d 15 73 c2-24 d5 34 e7 fb 25 08 5f ....-.s.$.4..%._
0100 - 43 7b 33 c8 a2 9a 3e 91-0f b0 a2 bc eb d4 b0 7e C{3...>........~
0110 - 84 b5 11 53 39 17 6b ce-d2 87 9b 7f 6d 4c df bb ...S9.k.....mL..
0120 - fc 26 f6 41 2a c5 b1 83-2d 9a c9 10 16 c9 04 6b .&.A*...-......k
0130 - 8d ed 54 68 e3 54 63 d0-a9 63 23 44 8c 54 f7 04 ..Th.Tc..c#D.T..
0140 - c6 48 ff 96 a4 7f e8 fa-36 34 98 79 46 7f 52 3f .H......64.yF.R?
0150 - 72 3d c9 c6 f9 c2 f4 35-d7 99 05 72 ef 20 48 53 r=.....5...r. HS
0160 - 39 b5 50 a5 d6 7d b3 1e-36 6c 9d 36 20 ac 01 5b 9.P..}..6l.6 ..[
0170 - 87 0d 98 74 9b e6 23 dc-7a b2 32 47 ed 2b ab 8f ...t..#.z.2G.+..
0180 - f6 aa 5b 82 60 69 71 5d-44 03 d7 5f f1 9a 83 0d ..[.`iq]D.._....
0190 - 63 4a e5 b2 d8 fa 0b d1-8a 9f ec 5f 19 a9 56 97 cJ........._..V.
01a0 - 25 be a5 44 18 2d d5 4c-47 58 10 89 30 03 b6 53 %..D.-.LGX..0..S
01b0 - 5b 26 00 9f d5 0f 85 8c-8e a6 0d e0 89 22 58 05 [&..........."X.
01c0 - ec fe 49 8d 36 ae ff 6c-f0 1a ea ea 73 56 ec a1 ..I.6..l....sV..
01d0 - cd c2 69 4f 99 6a 32 61-ff 4b 19 cb db 48 b7 da ..iO.j2a.K...H..
01e0 - cb b9 70 61 fc 1d f8 50- ..pa...P
Inner Content Type = ApplicationData (23)
read from 0x6000005ec360 [0x14a012003] (5 bytes => 5 (0x5))
0000 - 17 03 03 00 13 .....
Received Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 19
read from 0x6000005ec360 [0x14a012008] (19 bytes => 19 (0x13))
0000 - 15 33 67 72 c2 31 ce 68-60 d6 da eb f3 14 a3 10 .3gr.1.h`.......
0010 - b1 81 e2 ...
Inner Content Type = Alert (21)
Level=warning(1), description=close notify(0)
closed
Sent Record
Header:
Version = TLS 1.2 (0x303)
Content Type = ApplicationData (23)
Length = 19
Inner Content Type = Alert (21)
write to 0x6000005ec360 [0x14a016203] (24 bytes => 24 (0x18))
0000 - 17 03 03 00 13 d2 78 ee-35 92 14 b0 92 ad 88 98 ......x.5.......
0010 - b7 e3 2c 92 53 f3 63 68- ..,.S.ch
Level=warning(1), description=close notify(0)
read from 0x6000005ec360 [0x14980e000] (8192 bytes => 0)
./echcli.sh Summary:
Bummer - probably didn't work
ECH: worked but bad namethanks again!
the significant part I guess is "Verification error: unable to get local issuer certificate" - that seems to imply that cloudflare's TLS server cert isn't validating with your local (I guess the OS's?) list of trusted CAs. In that case, it's not an ECH problem but a more general TLS issue.
Does curl produce any errors? $ curl -vvv https://crypto.cloudflare.com/
Or you can just run the openssl s_client without ECH:
$ CODETOP=$HOME/openssl ./echcli.sh -dn
All going well that should contain:
subject=C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = sni.cloudflaressl.com
issuer=C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2693 bytes and written 319 bytes
Verification: OKwith the last line being the significant part
ghost
commented
2 years ago Thank you!
By the way, actually your shell script options isn't really working on macOS.
-d option produces nothing more than without -d
I had to manually edit the file to produce debug output
sftcd
commented
2 years ago Ah, I don't have a mac to hand but I do have a colleague with one I can ask to run tests next week. The good news (for me;-) is that ECH seems to have worked (so the library code is likely not too bad) but it looks like we've a bit of work to do for sure on that OS.
Be interesting to see what you get if you try against one of my servers, e.g. $ CODETOP=$HOME/openssl ./echcli.sh -H draft-13.esni.defo.ie -p 9413 -d - my servers use LetsEncrypt certs so could be those are in whatever root store is used by default on macOS maybe?
ghost
commented
2 years ago Strangely, it still tests against the Cloudflare server instead of your server even if I specify the command line options
ghost
commented
2 years ago And I cannot install any Linux distros on my M1 Macbook
sftcd
commented
2 years ago weird, I guess the bash getopt thing must differ (sorry I don't have much mac experience;-)
sftcd
commented
2 years ago In case you want to try my server without the echcli.sh script: ...
$ export LD_LIBRARY_PATH=$HOME/openssl
$ $HOME/openssl/apps/openssl s_client -msg -debug -trace -tlsextdebug -keylogfile keys.cli -CApath /etc/ssl/certs/ -no_ssl3 -no_tls1 -no_tls1_1 -no_tls1_2 -connect draft-13.esni.defo.ie:9413 -servername draft-13.esni.defo.ie -svcb 000100000500420040FE0D003C0200200020AE5F0D36FE5516C60322C21859CE390FD752F1A13C22E132F10C7FE032D54121000400010001000D636F7665722E6465666F2E69650000 -alpn inner,secret,http/1.1 -alpn-outer outer,public,h2Note that cloudflare rotate their ECH keys (maybe hourly, not sure) but my servers have static keys so doing the above anytime is ok to test against mine, but you need to re-run echcli.sh (or play with dig yourself) to get a fresh key to test vs. cloudflare.
PS: Getting late in this TZ so I may sign off for the night now, but I'll follow up and (arm-wrestle my colleague to:-) do some tests on macOS after the weekend:-) Thanks for the help though, v. useful to see what happens on other platforms!
ghost
commented
2 years ago Thank you
Update: Using the gnu-getopt from Homebrew make the command line options work. But built in getopt doesn't work with any shell script which requires command line options
niallor
commented
2 years ago I'm the colleague whom Stephen mentioned upthread. I don't currently have a build environment on my macOS laptop, and it will be a few days before I can spin one up and do some testing of a revised script.
The built-in getopt can't support Stephen's scripts, which rely on functionality specific to the GNU getopt. The simplest and quickest fix I can imagine is, to make a one-line change in (each of) the script(s) of interest as shown below and also to set an environment variable to point to the directory where the GNU getopt is to be found. Either of two directory paths might seems suitable, but only one is invariant over successive Homebrew keg upgrades.
I suggest export GNU_GETOPT_EXEC_PATH=/usr/local/opt/gnu-getopt/bin and (using echcli.sh as an example) the following change to any script which is of interest.
Nialls-mba(niall)155: git diff
diff --git a/esnistuff/echcli.sh b/esnistuff/echcli.sh
index 912550dbab..04d6eddc90 100755
--- a/esnistuff/echcli.sh
+++ b/esnistuff/echcli.sh
@@ -113,7 +113,7 @@ function usage()
}
# options may be followed by one colon to indicate they have a required argument
-if ! options=$(/usr/bin/getopt -s bash -o C:c:def:gGhH:IjnNp:P:rs:S:t:v -l choose:,clear_sni:,debug,early,filepath:,grease,greasesuite,help,hidden:,ignore_cid,just,noech,noalpn,port:,echpub:,realcert,server:,session:,gtype:,valgrind -- "$@")
+if ! options=$("${GNU_GETOPT_EXEC_PATH:=/usr/bin}/getopt" -s bash -o C:c:def:gGhH:IjnNp:P:rs:S:t:v -l choose:,clear_sni:,debug,early,filepath:,grease,greasesuite,help,hidden:,ignore_cid,just,noech,noalpn,port:,echpub:,realcert,server:,session:,gtype:,valgrind -- "$@")
then
# something went wrong, getopt will put out an error message for us
exit 1
Nialls-mba(niall)156: I'm the colleague whom Stephen mentioned upthread. I don't currently have a build environment on my macOS laptop, and it will be a few days before I can spin one up and do some testing of a revised script.
The built-in getopt can't support Stephen's scripts, which rely on functionality specific to the GNU getopt. The simplest and quickest fix I can imagine is, to make a one-line change in (each of) the script(s) of interest as shown below and also to set an environment variable to point to the directory where the GNU getopt is to be found. Either of two directory paths might seems suitable, but only one is invariant over successive Homebrew keg upgrades.
I suggest
export GNU_GETOPT_EXEC_PATH=/usr/local/opt/gnu-getopt/binand (using echcli.sh as an example) the following change to any script which is of interest.Nialls-mba(niall)155: git diff diff --git a/esnistuff/echcli.sh b/esnistuff/echcli.sh index 912550dbab..04d6eddc90 100755 --- a/esnistuff/echcli.sh +++ b/esnistuff/echcli.sh @@ -113,7 +113,7 @@ function usage() } # options may be followed by one colon to indicate they have a required argument -if ! options=$(/usr/bin/getopt -s bash -o C:c:def:gGhH:IjnNp:P:rs:S:t:v -l choose:,clear_sni:,debug,early,filepath:,grease,greasesuite,help,hidden:,ignore_cid,just,noech,noalpn,port:,echpub:,realcert,server:,session:,gtype:,valgrind -- "$@") +if ! options=$("${GNU_GETOPT_EXEC_PATH:=/usr/bin}/getopt" -s bash -o C:c:def:gGhH:IjnNp:P:rs:S:t:v -l choose:,clear_sni:,debug,early,filepath:,grease,greasesuite,help,hidden:,ignore_cid,just,noech,noalpn,port:,echpub:,realcert,server:,session:,gtype:,valgrind -- "$@") then # something went wrong, getopt will put out an error message for us exit 1 Nialls-mba(niall)156:
I use Homebrew on M1 ARM64 Macbook air and the directory is /opt/homebrew/opt/gnu-getppt/bin/
sftcd
commented
2 years ago I just pushed a version that adds a $GETOPTDIR to echcli.sh allowing override from the command line. That also tries to check if $GETOPTDIR/getopt is as expected. Be great if one of you could verify that it seems to work on macOS.
Thanks, S.
PS: some earlier code-review commits tweaked some header file
comments so don't be surprised if a make causes a bunch
of stuff to happen as well.
niallor
commented
2 years ago I use Homebrew on M1 ARM64 Macbook air and the directory is /opt/homebrew/opt/gnu-getppt/bin/getopt
Eh?
Nialls-mba(niall)156: test -d opt/homebrew/opt/gnu-getppt/bin/getopt || echo not a directory
not a directory
Nialls-mba(niall)157: I use Homebrew on M1 ARM64 Macbook air and the directory is /opt/homebrew/opt/gnu-getppt/bin/getopt
Eh?
Nialls-mba(niall)156: test -d opt/homebrew/opt/gnu-getppt/bin/getopt || echo not a directory not a directory Nialls-mba(niall)157:
Sorry That was the actual file Not a directory I edited
niallor
commented
2 years ago @sftcd -- sure, but not for a couple of days
ghost
commented
2 years ago Oops
ld: warning: ignoring file test/libtestutil.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )
ld: warning: ignoring file test/libtestutil.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )
ld: warning: ignoring file libcrypto.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )
ld: warning: ld: warning: ignoring file libcrypto.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )ignoring file libcrypto.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )
ld: warning: ignoring file test/libtestutil.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )
ld: warning: ignoring file libcrypto.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )
Undefined symbols for architecture arm64:
"_BN_clear", referenced from:
_test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o
"_BN_free", referenced from:
_test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o
"_BN_new", referenced from:
_test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o
"_add_test", referenced from:
_setup_tests in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o
"_main", referenced from:
implicit entry/start for main executable
"_ossl_decode_der_dsa_sig", referenced from:
_test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o
"_test_BN_eq_word", referenced from:
_test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o
"_test_info", referenced from:
_test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o
"_test_ptr_eq", referenced from:
_test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [test/asn1_dsa_internal_test] Error 1
make[1]: *** Waiting for unfinished jobs....
Undefined symbols for architecture arm64:
"_ASN1_INTEGER_free", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_ASN1_INTEGER_new", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_ASN1_item_print", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_BIO_free", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_BIO_new", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_BIO_s_mem", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_BIO_s_null", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_BIO_write", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_CRYPTO_free", referenced from:
_fuzz_rand_freectx in cmp-test-bin-fuzz_rand.o
"_CRYPTO_free_ex_index", referenced from:
_FuzzerInitialize in cmp-test-bin-cmp.o
"_CRYPTO_malloc", referenced from:
_fuzz_rand_newctx in cmp-test-bin-fuzz_rand.o
"_ERR_clear_error", referenced from:
_FuzzerInitialize in cmp-test-bin-cmp.o
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_ERR_new", referenced from:
_process_cert_request in cmp-test-bin-cmp.o
_process_rr in cmp-test-bin-cmp.o
_process_genm in cmp-test-bin-cmp.o
_process_error in cmp-test-bin-cmp.o
_process_certConf in cmp-test-bin-cmp.o
_process_pollReq in cmp-test-bin-cmp.o
"_ERR_set_debug", referenced from:
_process_cert_request in cmp-test-bin-cmp.o
_process_rr in cmp-test-bin-cmp.o
_process_genm in cmp-test-bin-cmp.o
_process_error in cmp-test-bin-cmp.o
_process_certConf in cmp-test-bin-cmp.o
_process_pollReq in cmp-test-bin-cmp.o
"_ERR_set_error", referenced from:
_process_cert_request in cmp-test-bin-cmp.o
_process_rr in cmp-test-bin-cmp.o
_process_genm in cmp-test-bin-cmp.o
_process_error in cmp-test-bin-cmp.o
_process_certConf in cmp-test-bin-cmp.o
_process_pollReq in cmp-test-bin-cmp.o
"_OPENSSL_DIR_end", referenced from:
_main in cmp-test-bin-test-corpus.o
"_OPENSSL_DIR_read", referenced from:
_main in cmp-test-bin-test-corpus.o
"_OPENSSL_die", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
_testfile in cmp-test-bin-test-corpus.o
"_OPENSSL_init_crypto", referenced from:
_FuzzerInitialize in cmp-test-bin-cmp.o
"_OPENSSL_sk_pop_free", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_CTX_free", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_CTX_get_transfer_cb_arg", referenced from:
_transfer_cb in cmp-test-bin-cmp.o
"_OSSL_CMP_CTX_new", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_CTX_set1_secretValue", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_CTX_set_log_cb", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_CTX_set_transfer_cb", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_CTX_set_transfer_cb_arg", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_ITAV_free", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_MSG_dup", referenced from:
_transfer_cb in cmp-test-bin-cmp.o
"_OSSL_CMP_MSG_free", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_MSG_it", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_SRV_CTX_free", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_SRV_CTX_get0_cmp_ctx", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_SRV_CTX_init", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_SRV_CTX_new", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_SRV_process_request", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_exec_GENM_ses", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_exec_RR_ses", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_exec_certreq", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_CMP_try_certreq", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_OSSL_LIB_CTX_free", referenced from:
_fuzz_rand_method in cmp-test-bin-fuzz_rand.o
"_OSSL_LIB_CTX_new", referenced from:
_fuzz_rand_provider_init in cmp-test-bin-fuzz_rand.o
"_OSSL_PARAM_locate", referenced from:
_fuzz_rand_get_ctx_params in cmp-test-bin-fuzz_rand.o
"_OSSL_PARAM_set_int", referenced from:
_fuzz_rand_get_ctx_params in cmp-test-bin-fuzz_rand.o
"_OSSL_PARAM_set_size_t", referenced from:
_fuzz_rand_get_ctx_params in cmp-test-bin-fuzz_rand.o
"_OSSL_PROVIDER_add_builtin", referenced from:
_FuzzerSetRand in cmp-test-bin-fuzz_rand.o
"_OSSL_PROVIDER_try_load", referenced from:
_FuzzerSetRand in cmp-test-bin-fuzz_rand.o
"_OSSL_PROVIDER_unload", referenced from:
_FuzzerClearRand in cmp-test-bin-fuzz_rand.o
"_RAND_set_DRBG_type", referenced from:
_FuzzerSetRand in cmp-test-bin-fuzz_rand.o
"_X509_NAME_free", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_X509_NAME_new", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_X509_new", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_X509_set_issuer_name", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_X509_set_serialNumber", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_d2i_OSSL_CMP_MSG_bio", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_i2d_OSSL_CMP_MSG_bio", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
"_ossl_cmp_msg_check_update", referenced from:
_FuzzerTestOneInput in cmp-test-bin-cmp.o
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [fuzz/cmp-test] Error 1
Undefined symbols for architecture arm64:
"_BIO_free", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_file in algorithmid_test-bin-algorithmid_test.o
"_BIO_new_file", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_file in algorithmid_test-bin-algorithmid_test.o
"_BIO_printf", referenced from:
_setup_tests in algorithmid_test-bin-algorithmid_test.o
"_CRYPTO_free", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_EVP_DigestVerifyInit_ex", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_EVP_KEYMGMT_free", referenced from:
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_EVP_KEYMGMT_gettable_params", referenced from:
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_EVP_KEYMGMT_is_a", referenced from:
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_EVP_MD_CTX_free", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_EVP_MD_CTX_new", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_EVP_PKEY_CTX_get_params", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_EVP_PKEY_CTX_gettable_params", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_EVP_PKEY_get0_type_name", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_EVP_PKEY_is_a", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_OBJ_find_sigid_algs", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_OBJ_nid2sn", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_OBJ_obj2nid", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_OBJ_obj2txt", referenced from:
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_OPT_HELP_STR", referenced from:
_test_get_options.test_options in algorithmid_test-bin-algorithmid_test.o
"_OSSL_PARAM_locate_const", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_PEM_read_bio_X509", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_PEM_read_bio_X509_PUBKEY", referenced from:
_test_spki_file in algorithmid_test-bin-algorithmid_test.o
"_X509_ALGOR_cmp", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_X509_ALGOR_get0", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_X509_PUBKEY_free", referenced from:
_test_spki_file in algorithmid_test-bin-algorithmid_test.o
"_X509_PUBKEY_get0", referenced from:
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_X509_PUBKEY_get0_param", referenced from:
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_X509_free", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_X509_get0_pubkey", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_X509_get0_signature", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_X509_get0_tbs_sigalg", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_X509_get_X509_PUBKEY", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_add_test", referenced from:
_setup_tests in algorithmid_test-bin-algorithmid_test.o
"_bio_err", referenced from:
_setup_tests in algorithmid_test-bin-algorithmid_test.o
"_evp_keymgmt_get_params", referenced from:
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_evp_pkey_export_to_provider", referenced from:
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_i2d_X509_ALGOR", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_main", referenced from:
implicit entry/start for main executable
"_opt_next", referenced from:
_setup_tests in algorithmid_test-bin-algorithmid_test.o
"_test_error", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_file in algorithmid_test-bin-algorithmid_test.o
"_test_get_argument", referenced from:
_setup_tests in algorithmid_test-bin-algorithmid_test.o
"_test_get_argument_count", referenced from:
_setup_tests in algorithmid_test-bin-algorithmid_test.o
"_test_info", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_test_int_eq", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_test_int_ge", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_test_int_ne", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
"_test_mem_eq", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_test_openssl_errors", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_file in algorithmid_test-bin-algorithmid_test.o
"_test_ptr", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
"_test_true", referenced from:
_test_x509_files in algorithmid_test-bin-algorithmid_test.o
_test_spki_aid in algorithmid_test-bin-algorithmid_test.o
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [test/algorithmid_test] Error 1
Undefined symbols for architecture arm64:
"_ASN1_mbstring_copy", referenced from:
_test_unicode_range in asn1_internal_test-bin-asn1_internal_test.o
"_BN_free", referenced from:
_test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o
"_BN_new", referenced from:
_test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o
"_OBJ_nid2ln", referenced from:
_test_tbl_standard in asn1_internal_test-bin-asn1_internal_test.o
"_OBJ_nid2sn", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_RSA_free", referenced from:
_test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o
"_RSA_new", referenced from:
_test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o
"_RSA_set0_key", referenced from:
_test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o
"_add_test", referenced from:
_setup_tests in asn1_internal_test-bin-asn1_internal_test.o
"_i2d_RSAPrivateKey", referenced from:
_test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o
"_main", referenced from:
implicit entry/start for main executable
"_ossl_dh_asn1_meth", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_ossl_dhx_asn1_meth", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_ossl_dsa_asn1_meths", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_ossl_eckey_asn1_meth", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_ossl_ecx25519_asn1_meth", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_ossl_ecx448_asn1_meth", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_ossl_ed25519_asn1_meth", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_ossl_ed448_asn1_meth", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_ossl_rsa_asn1_meths", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_ossl_rsa_pss_asn1_meth", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_ossl_sm2_asn1_meth", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_test_info", referenced from:
_test_tbl_standard in asn1_internal_test-bin-asn1_internal_test.o
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_test_int_eq", referenced from:
_test_unicode_range in asn1_internal_test-bin-asn1_internal_test.o
"_test_int_le", referenced from:
_test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o
"_test_int_ne", referenced from:
_test_tbl_standard in asn1_internal_test-bin-asn1_internal_test.o
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_test_note", referenced from:
_test_tbl_standard in asn1_internal_test-bin-asn1_internal_test.o
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
"_test_ptr", referenced from:
_test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o
"_test_true", referenced from:
_test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o
_test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [test/asn1_internal_test] Error 1
make: *** [build_sw] Error 2@D4v1dH03 Stephen seems to have made an equivalent or more elaborate chage, but using a different variable name.
sftcd
commented
2 years ago On 17/10/2021 19:14, David Hu wrote:
Oops
odd indeed
I'll take a peek at what the CI builds say in a while
if you make clean; make does that fix it?
Ta, S.
niallor
commented
2 years ago @D4v1dH03, Sorry; I don't have an M1 (ARM64) Mac so far, so can't help with the architecture-related trouble.
ghost
commented
2 years ago That's a bummer
niallor
commented
2 years ago I've had success running echcli.sh. It turns out that it's not sufficient, in macOS-land, for the relevant PEM file to be present in the CApath directory; the name of the file is significant, and must be formed from a hash of the contents, as HASHSTRING.0. Rather then renaming the file, a suitably named symbolic link may be used.
The tool for populating the CApath directory is provided in the OpenSSL repo and is built during make processing; it is to be found at tools/c_rehash.
Nialls-mba(niall)411: dirs | head -2
0 /etc/ssl/certs
1 ~/Documents/Work/ESNI-Project/build/ECH-draft-13a/openssl
Nialls-mba(niall)412: sudo ~1/tools/c_rehash ./
Doing ./
Nialls-mba(niall)413: ls -l
total 8
lrwxr-xr-x 1 root wheel 29 21 Oct 15:01 653b494a.0 -> Baltimore_CyberTrust_Root.pem
-rw-r--r-- 1 root wheel 1261 21 Oct 14:24 Baltimore_CyberTrust_Root.pem
Nialls-mba(niall)414: For simplicity, I used the CApath directory expected by echcli.sh. Another directory might be preferable. After installing the PEM file and creating the hash-named link, I obtained the following result.
Nialls-mba(niall)416: dirs -v | head -3
0 ~/Documents/Work/ESNI-Project/build/ECH-draft-13a/openssl
1 /etc/ssl/certs
2 ~/Documents/Work/ESNI-Project/repo/github.com/sftcd/openssl
Nialls-mba(niall)417: ~2/esnistuff/echcli.sh
Running /Users/niall/Documents/Work/ESNI-Project/repo/github.com/sftcd/openssl/esnistuff/echcli.sh at 20211021-140449
/Users/niall/Documents/Work/ESNI-Project/repo/github.com/sftcd/openssl/esnistuff/echcli.sh Summary:
Looks like it worked ok
ECH: success: outer SNI: 'cloudflare-esni.com', inner SNI: 'crypto.cloudflare.com'
Nialls-mba(niall)418: I was surprised to discover that this hashing requirement is actually documented in the openssl manpage, which was of course the last place I looked. Over on Ubuntu, it's mentioned in the verify manpage.
-CApath directory
Verify the signature on a CRL by looking up the issuing certifi-
cate in dir. This directory must be a standard certificate
directory, i.e. a hash of each subject name (using x509 -hash)
should be linked to each certificate.@D4v1dH03, Sorry; I don't have an M1 (ARM64) Mac so far, so can't help with the architecture-related trouble.
Now that architecture-specific build problem is solved somehow
Oh no it is still there!
ghost
commented
2 years ago But another problem occurs!
ssl/ech.c:120:19: error: use of undeclared identifier 'pemtat'; did you mean 'pemstat'?
time_t pemmod=pemtat.st_mtimespec.tv_sec;
^~
pemstat
ssl/ech.c:111:17: note: 'pemstat' declared here
struct stat pemstat;
^
1 error generated.
make[1]: [ssl/libssl-lib-ech.o] Error 1
make[1]: Waiting for unfinished jobs....
make: *** [build_sw] Error 2
sftcd
commented
2 years ago On 22/10/2021 04:19, David Hu wrote:
But another problem occurs! ssl/ech.c:120:19: error: use of undeclared identifier 'pemtat'; did you mean 'pemstat'? time_t pemmod=pemtat.st_mtimespec.tv_sec;
I don't see any occurrence of "pemtat" in ech.c and am confused by the line number above. In ech.c at line 246 [1] I do see an APPLE specific use of "pemstat"
Maybe you changed the code some? I've done a few mostly cosmetic tweaks last couple of days so it may be no harm to pull the latest?
Cheers, S.
[1] https://github.com/sftcd/openssl/blob/ECH-draft-13a/ssl/ech.c#L246
^~~~~~ pemstatssl/ech.c:111:17: note: 'pemstat' declared here struct stat pemstat; ^ 1 error generated. make[1]: [ssl/libssl-lib-ech.o] Error 1 make[1]: Waiting for unfinished jobs.... make: *** [build_sw] Error 2
ghost
commented
2 years ago No I did not change the code.
sftcd
commented
2 years ago Not sure then, as I don't see any source file containing the string "pemtat" but maybe try pull the latest and see what you see. Or check via git diff just in case? (Thanks for sticking with it btw, as a result of your issue, @niallor verified that s_client (and curl) work on macOS, which is good to know.)
ghost
commented
2 years ago 
At ssl/ech.c Line 120 and 122
ghost
commented
2 years ago oops I am on the wrong branch. My fault! I was on ECH-without-ESNI!
sftcd
commented
2 years ago Ah - that makes sense (apologies for my earlier silliness too:-)
ghost
commented
2 years ago Oops
ld: warning: ignoring file test/libtestutil.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 ) ld: warning: ignoring file test/libtestutil.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 ) ld: warning: ignoring file libcrypto.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 ) ld: warning: ld: warning: ignoring file libcrypto.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )ignoring file libcrypto.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 ) ld: warning: ignoring file test/libtestutil.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 ) ld: warning: ignoring file libcrypto.a, building for macOS-arm64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 ) Undefined symbols for architecture arm64: "_BN_clear", referenced from: _test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o "_BN_free", referenced from: _test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o "_BN_new", referenced from: _test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o "_add_test", referenced from: _setup_tests in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o "_main", referenced from: implicit entry/start for main executable "_ossl_decode_der_dsa_sig", referenced from: _test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o "_test_BN_eq_word", referenced from: _test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o "_test_info", referenced from: _test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o "_test_ptr_eq", referenced from: _test_decode in asn1_dsa_internal_test-bin-asn1_dsa_internal_test.o ld: symbol(s) not found for architecture arm64 clang: error: linker command failed with exit code 1 (use -v to see invocation) make[1]: *** [test/asn1_dsa_internal_test] Error 1 make[1]: *** Waiting for unfinished jobs.... Undefined symbols for architecture arm64: "_ASN1_INTEGER_free", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_ASN1_INTEGER_new", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_ASN1_item_print", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_BIO_free", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_BIO_new", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_BIO_s_mem", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_BIO_s_null", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_BIO_write", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_CRYPTO_free", referenced from: _fuzz_rand_freectx in cmp-test-bin-fuzz_rand.o "_CRYPTO_free_ex_index", referenced from: _FuzzerInitialize in cmp-test-bin-cmp.o "_CRYPTO_malloc", referenced from: _fuzz_rand_newctx in cmp-test-bin-fuzz_rand.o "_ERR_clear_error", referenced from: _FuzzerInitialize in cmp-test-bin-cmp.o _FuzzerTestOneInput in cmp-test-bin-cmp.o "_ERR_new", referenced from: _process_cert_request in cmp-test-bin-cmp.o _process_rr in cmp-test-bin-cmp.o _process_genm in cmp-test-bin-cmp.o _process_error in cmp-test-bin-cmp.o _process_certConf in cmp-test-bin-cmp.o _process_pollReq in cmp-test-bin-cmp.o "_ERR_set_debug", referenced from: _process_cert_request in cmp-test-bin-cmp.o _process_rr in cmp-test-bin-cmp.o _process_genm in cmp-test-bin-cmp.o _process_error in cmp-test-bin-cmp.o _process_certConf in cmp-test-bin-cmp.o _process_pollReq in cmp-test-bin-cmp.o "_ERR_set_error", referenced from: _process_cert_request in cmp-test-bin-cmp.o _process_rr in cmp-test-bin-cmp.o _process_genm in cmp-test-bin-cmp.o _process_error in cmp-test-bin-cmp.o _process_certConf in cmp-test-bin-cmp.o _process_pollReq in cmp-test-bin-cmp.o "_OPENSSL_DIR_end", referenced from: _main in cmp-test-bin-test-corpus.o "_OPENSSL_DIR_read", referenced from: _main in cmp-test-bin-test-corpus.o "_OPENSSL_die", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o _testfile in cmp-test-bin-test-corpus.o "_OPENSSL_init_crypto", referenced from: _FuzzerInitialize in cmp-test-bin-cmp.o "_OPENSSL_sk_pop_free", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_CTX_free", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_CTX_get_transfer_cb_arg", referenced from: _transfer_cb in cmp-test-bin-cmp.o "_OSSL_CMP_CTX_new", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_CTX_set1_secretValue", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_CTX_set_log_cb", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_CTX_set_transfer_cb", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_CTX_set_transfer_cb_arg", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_ITAV_free", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_MSG_dup", referenced from: _transfer_cb in cmp-test-bin-cmp.o "_OSSL_CMP_MSG_free", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_MSG_it", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_SRV_CTX_free", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_SRV_CTX_get0_cmp_ctx", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_SRV_CTX_init", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_SRV_CTX_new", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_SRV_process_request", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_exec_GENM_ses", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_exec_RR_ses", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_exec_certreq", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_CMP_try_certreq", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_OSSL_LIB_CTX_free", referenced from: _fuzz_rand_method in cmp-test-bin-fuzz_rand.o "_OSSL_LIB_CTX_new", referenced from: _fuzz_rand_provider_init in cmp-test-bin-fuzz_rand.o "_OSSL_PARAM_locate", referenced from: _fuzz_rand_get_ctx_params in cmp-test-bin-fuzz_rand.o "_OSSL_PARAM_set_int", referenced from: _fuzz_rand_get_ctx_params in cmp-test-bin-fuzz_rand.o "_OSSL_PARAM_set_size_t", referenced from: _fuzz_rand_get_ctx_params in cmp-test-bin-fuzz_rand.o "_OSSL_PROVIDER_add_builtin", referenced from: _FuzzerSetRand in cmp-test-bin-fuzz_rand.o "_OSSL_PROVIDER_try_load", referenced from: _FuzzerSetRand in cmp-test-bin-fuzz_rand.o "_OSSL_PROVIDER_unload", referenced from: _FuzzerClearRand in cmp-test-bin-fuzz_rand.o "_RAND_set_DRBG_type", referenced from: _FuzzerSetRand in cmp-test-bin-fuzz_rand.o "_X509_NAME_free", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_X509_NAME_new", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_X509_new", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_X509_set_issuer_name", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_X509_set_serialNumber", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_d2i_OSSL_CMP_MSG_bio", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_i2d_OSSL_CMP_MSG_bio", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o "_ossl_cmp_msg_check_update", referenced from: _FuzzerTestOneInput in cmp-test-bin-cmp.o ld: symbol(s) not found for architecture arm64 clang: error: linker command failed with exit code 1 (use -v to see invocation) make[1]: *** [fuzz/cmp-test] Error 1 Undefined symbols for architecture arm64: "_BIO_free", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_file in algorithmid_test-bin-algorithmid_test.o "_BIO_new_file", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_file in algorithmid_test-bin-algorithmid_test.o "_BIO_printf", referenced from: _setup_tests in algorithmid_test-bin-algorithmid_test.o "_CRYPTO_free", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_EVP_DigestVerifyInit_ex", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_EVP_KEYMGMT_free", referenced from: _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_EVP_KEYMGMT_gettable_params", referenced from: _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_EVP_KEYMGMT_is_a", referenced from: _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_EVP_MD_CTX_free", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_EVP_MD_CTX_new", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_EVP_PKEY_CTX_get_params", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_EVP_PKEY_CTX_gettable_params", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_EVP_PKEY_get0_type_name", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_EVP_PKEY_is_a", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_OBJ_find_sigid_algs", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_OBJ_nid2sn", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_OBJ_obj2nid", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_OBJ_obj2txt", referenced from: _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_OPT_HELP_STR", referenced from: _test_get_options.test_options in algorithmid_test-bin-algorithmid_test.o "_OSSL_PARAM_locate_const", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_PEM_read_bio_X509", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_PEM_read_bio_X509_PUBKEY", referenced from: _test_spki_file in algorithmid_test-bin-algorithmid_test.o "_X509_ALGOR_cmp", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_X509_ALGOR_get0", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_X509_PUBKEY_free", referenced from: _test_spki_file in algorithmid_test-bin-algorithmid_test.o "_X509_PUBKEY_get0", referenced from: _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_X509_PUBKEY_get0_param", referenced from: _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_X509_free", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_X509_get0_pubkey", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_X509_get0_signature", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_X509_get0_tbs_sigalg", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_X509_get_X509_PUBKEY", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_add_test", referenced from: _setup_tests in algorithmid_test-bin-algorithmid_test.o "_bio_err", referenced from: _setup_tests in algorithmid_test-bin-algorithmid_test.o "_evp_keymgmt_get_params", referenced from: _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_evp_pkey_export_to_provider", referenced from: _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_i2d_X509_ALGOR", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_main", referenced from: implicit entry/start for main executable "_opt_next", referenced from: _setup_tests in algorithmid_test-bin-algorithmid_test.o "_test_error", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_file in algorithmid_test-bin-algorithmid_test.o "_test_get_argument", referenced from: _setup_tests in algorithmid_test-bin-algorithmid_test.o "_test_get_argument_count", referenced from: _setup_tests in algorithmid_test-bin-algorithmid_test.o "_test_info", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_test_int_eq", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_test_int_ge", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_test_int_ne", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o "_test_mem_eq", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_test_openssl_errors", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_file in algorithmid_test-bin-algorithmid_test.o "_test_ptr", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_aid in algorithmid_test-bin-algorithmid_test.o "_test_true", referenced from: _test_x509_files in algorithmid_test-bin-algorithmid_test.o _test_spki_aid in algorithmid_test-bin-algorithmid_test.o ld: symbol(s) not found for architecture arm64 clang: error: linker command failed with exit code 1 (use -v to see invocation) make[1]: *** [test/algorithmid_test] Error 1 Undefined symbols for architecture arm64: "_ASN1_mbstring_copy", referenced from: _test_unicode_range in asn1_internal_test-bin-asn1_internal_test.o "_BN_free", referenced from: _test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o "_BN_new", referenced from: _test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o "_OBJ_nid2ln", referenced from: _test_tbl_standard in asn1_internal_test-bin-asn1_internal_test.o "_OBJ_nid2sn", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_RSA_free", referenced from: _test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o "_RSA_new", referenced from: _test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o "_RSA_set0_key", referenced from: _test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o "_add_test", referenced from: _setup_tests in asn1_internal_test-bin-asn1_internal_test.o "_i2d_RSAPrivateKey", referenced from: _test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o "_main", referenced from: implicit entry/start for main executable "_ossl_dh_asn1_meth", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_ossl_dhx_asn1_meth", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_ossl_dsa_asn1_meths", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_ossl_eckey_asn1_meth", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_ossl_ecx25519_asn1_meth", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_ossl_ecx448_asn1_meth", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_ossl_ed25519_asn1_meth", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_ossl_ed448_asn1_meth", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_ossl_rsa_asn1_meths", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_ossl_rsa_pss_asn1_meth", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_ossl_sm2_asn1_meth", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_test_info", referenced from: _test_tbl_standard in asn1_internal_test-bin-asn1_internal_test.o _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_test_int_eq", referenced from: _test_unicode_range in asn1_internal_test-bin-asn1_internal_test.o "_test_int_le", referenced from: _test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o "_test_int_ne", referenced from: _test_tbl_standard in asn1_internal_test-bin-asn1_internal_test.o _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_test_note", referenced from: _test_tbl_standard in asn1_internal_test-bin-asn1_internal_test.o _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o "_test_ptr", referenced from: _test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o "_test_true", referenced from: _test_standard_methods in asn1_internal_test-bin-asn1_internal_test.o _test_empty_nonoptional_content in asn1_internal_test-bin-asn1_internal_test.o ld: symbol(s) not found for architecture arm64 clang: error: linker command failed with exit code 1 (use -v to see invocation) make[1]: *** [test/asn1_internal_test] Error 1 make: *** [build_sw] Error 2
Unfortunately this issue is still occuring. I guess we can only wait until someone gets an M1/M2 Mac.
Strangely it only happens on the ECH-draft-13a branch the master branch builds fine
I am trying to run
echcli.shbut it continues to show that it failed My openssl code folder was not$HOME/code/opensslbut I chose$HOME/opensslSo I edited the shell script by replacing the directory However it prints the following instead of the success messageIs there something wrong with what I am doing or the code?