1.curl是什么

cURL(客户端URL)是一个凋谢源代码的命令行工具,用来申请 Web和其余各种类型的服务器。curl有着大量的参数,罕用来测试/调试服务器的开发和排查等,堪称一个网络“神器”。

2.国密curl是什么


curl本身不反对国密SSL协定(TLCP)。程序员说:要有国密版curl,于是就有了国密版curl,哈哈,程序员就是软件世界的上帝啊。国密版curl,简称gmcurl,由国密SSL实验室(www.gmssl.cn)移植,并提供收费下载和应用。

3.国密curl应用(单向国密SSL)

3.1 简略执行

[root@206test ~]# ./gmcurlGM Version: 1.0.0 Ported by www.gmssl.cnOptions:--gmssl, use TLCP protocol--cert,  use sm2 sig pem cert--key,  use sm2 sig pem key--cert2, use sm2 enc pem cert--key2,  use sm2 enc pem keycurl: try 'curl --help' or 'curl --manual' for more information

3.2 简略拜访

[root@206test ~]# ./gmcurl --gmssl -k https://ebssec.boc.cnGM Version: 1.0.0 Ported by www.gmssl.cnOptions:--gmssl, use TLCP protocol--cert,  use sm2 sig pem cert--key,  use sm2 sig pem key--cert2, use sm2 enc pem cert--key2,  use sm2 enc pem key

正文:
1)--gmssl示意启用国密SSL
2)-k示意不验证服务端证书

3.3 验证证书

[root@206test ~]# ./gmcurl --gmssl --cacert boc.ca.pem https://ebssec.boc.cnGM Version: 1.0.0 Ported by www.gmssl.cnOptions:--gmssl, use TLCP protocol--cert,  use sm2 sig pem cert--key,  use sm2 sig pem key--cert2, use sm2 enc pem cert--key2,  use sm2 enc pem key

正文:
1)--cacert示意加载本地可信证书链
2)boc.ca.pem下载地址为https://www.gmssl.cn/gmssl/do...

3.4 简略调试

[root@206test ~]# ./gmcurl --gmssl -k --verbose https://ebssec.boc.cnGM Version: 1.0.0 Ported by www.gmssl.cnOptions:--gmssl, use TLCP protocol--cert,  use sm2 sig pem cert--key,  use sm2 sig pem key--cert2, use sm2 enc pem cert--key2,  use sm2 enc pem key*  Trying 123.124.191.183:443...* Connected to ebssec.boc.cn (123.124.191.183) port 443 (#0)* ALPN, offering http/1.1* (101) (OUT), , Unknown (1):* (101) (IN), , Unknown (2):* (101) (IN), , Unknown (11):* (101) (IN), , Unknown (12):* (101) (IN), , Unknown (14):* (101) (OUT), , Unknown (16):* (101) (OUT), , Change cipher spec (1):* (101) (OUT), , Unknown (20):* (101) (IN), , Unknown (20):* SSL connection using GMSSLv1.1 / ECC-SM4-CBC-SM3* ALPN, server did not agree to a protocol* Server certificate:*  subject: C=CN; ST=\U5317\U4EAC; L=\U5317\U4EAC; O=\U4E2D\U56FD\U94F6\U884C\U80A1\U4EFD\U6709\U9650\U516C\U53F8; OU=Local RA; OU=SSL; CN=ebssec.boc.cn*  start date: Jun 11 09:05:20 2021 GMT*  expire date: Jun 19 08:16:56 2026 GMT*  issuer: C=CN; O=CFCA SM2 OCA1*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.> GET / HTTP/1.1> Host: ebssec.boc.cn> User-Agent: curl/7.82.0> Accept: \*/*> * Mark bundle as not supporting multiuse< HTTP/1.1 200 OK< Date: Sun, 17 Jul 2022 04:06:39 GMT< Last-Modified: Sat, 27 Jun 2015 16:48:38 GMT< Accept-Ranges: bytes< Content-Length: 156< Cache-Control: max-age=300< Expires: Sun, 17 Jul 2022 04:11:39 GMT< Vary: Accept-Encoding,User-Agent< Content-Type: text/html< * Connection #0 to host ebssec.boc.cn left intact<!DOCTYPE html><html><head><meta http-equiv="refresh" content="0;url=/boc15/login.html"><meta name="renderer" content="ie-stand"></head><body></body></html>

正文:
1) 能够看到协定GMSSLv1.1和算法ECC-SM4-CBC-SM3
2) 能够看到服务器证书信息
3) 能够看到HTTPS申请头和应答头
4) -–verbose能够简写为-v,即./gmcurl --gmssl -k -v https://ebssec.boc.cn

3.5 深度调试(蕴含SSL过程)

[root@206test ~]# ./gmcurl --gmssl -k --trace - https://ebssec.boc.cnGM Version: 1.0.0 Ported by www.gmssl.cnOptions:--gmssl, use TLCP protocol--cert,  use sm2 sig pem cert--key,  use sm2 sig pem key--cert2, use sm2 enc pem cert--key2,  use sm2 enc pem key== Info:  Trying 123.124.191.183:443...== Info: Connected to ebssec.boc.cn (123.124.191.183) port 443 (#0)== Info: ALPN, offering http/1.1=> Send SSL data, 5 bytes (0x5)0000: 16 01 01 00 80                  .....== Info: (101) (OUT), , Unknown (1):=> Send SSL data, 128 bytes (0x80)0000: 01 00 00 7c 01 01 04 8c 21 8f c5 fc d8 1e 9b 15 ...|....!.......0010: 54 11 1b 7b cc 4f de bf 56 46 f7 30 85 b6 32 46 T..{.O..VF.0..2F0020: 28 b5 03 7a 80 17 00 00 0e e0 53 e0 51 e0 13 e0 (..z......S.Q...0030: 11 e0 03 e0 01 00 ff 01 00 00 45 00 00 00 12 00 ..........E.....0040: 10 00 00 0d 65 62 73 73 65 63 2e 62 6f 63 2e 63 ....ebssec.boc.c0050: 6e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 n...............0060: 1d 00 17 00 1e 00 19 00 18 33 74 00 00 00 10 00 .........3t.....0070: 0b 00 09 08 68 74 74 70 2f 31 2e 31 00 16 00 00 ....http/1.1....<= Recv SSL data, 5 bytes (0x5)0000: 16 01 01 00 39                  ....9== Info: (101) (IN), , Unknown (2):<= Recv SSL data, 57 bytes (0x39)0000: 02 00 00 35 01 01 62 d3 8c 34 7c a3 f0 aa e3 da ...5..b..4|.....0010: 61 85 fd 8e 05 77 98 f0 9e 3e f0 82 3d 57 70 cf a....w...>..=Wp.0020: e1 74 dc 19 54 44 00 e0 13 00 00 0d ff 01 00 01 .t..TD..........0030: 00 00 0b 00 04 03 00 01 02            .........<= Recv SSL data, 5 bytes (0x5)0000: 16 01 01 05 b2                  .....== Info: (101) (IN), , Unknown (11):<= Recv SSL data, 1458 bytes (0x5b2)0000: 0b 00 05 ae 00 05 ab 00 02 d3 30 82 02 cf 30 82 ..........0...0.0010: 02 72 a0 03 02 01 02 02 05 13 36 39 33 70 30 0c .r........693p0.0020: 06 08 2a 81 1c cf 55 01 83 75 05 00 30 25 31 0b ..\*...U..u..0%1.0030: 30 09 06 03 55 04 06 13 02 43 4e 31 16 30 14 06 0...U....CN1.0..0040: 03 55 04 0a 0c 0d 43 46 43 41 20 53 4d 32 20 4f .U....CFCA SM2 O0050: 43 41 31 30 1e 17 0d 32 31 30 36 31 31 30 39 30 CA10...2106110900060: 35 32 30 5a 17 0d 32 36 30 36 31 39 30 38 31 36 520Z..26061908160070: 35 36 5a 30 81 91 31 0b 30 09 06 03 55 04 06 13 56Z0..1.0...U...0080: 02 43 4e 31 0f 30 0d 06 03 55 04 08 0c 06 e5 8c .CN1.0...U......0090: 97 e4 ba ac 31 0f 30 0d 06 03 55 04 07 0c 06 e5 ....1.0...U.....00a0: 8c 97 e4 ba ac 31 27 30 25 06 03 55 04 0a 0c 1e .....1'0%..U....00b0: e4 b8 ad e5 9b bd e9 93 b6 e8 a1 8c e8 82 a1 e4 ................00c0: bb bd e6 9c 89 e9 99 90 e5 85 ac e5 8f b8 31 11 ..............1.00d0: 30 0f 06 03 55 04 0b 0c 08 4c 6f 63 61 6c 20 52 0...U....Local R00e0: 41 31 0c 30 0a 06 03 55 04 0b 0c 03 53 53 4c 31 A1.0...U....SSL100f0: 16 30 14 06 03 55 04 03 0c 0d 65 62 73 73 65 63 .0...U....ebssec0100: 2e 62 6f 63 2e 63 6e 30 59 30 13 06 07 2a 86 48 .boc.cn0Y0...\*.H0110: ce 3d 02 01 06 08 2a 81 1c cf 55 01 82 2d 03 42 .=....\*...U..-.B0120: 00 04 fb 0d 52 7a 19 40 cf 42 4a 7b c2 e7 b4 db ....Rz.@.BJ{....0130: bd d7 f2 39 30 ae 3c e4 a5 66 63 c0 cb 10 4a 16 ...90.<..fc...J.0140: 3f 98 d5 01 ff c6 5b 9b 1d d5 5f e5 7a 87 ac ed ?.....[..._.z...0150: 63 08 34 62 ed a3 79 20 a1 97 40 5d 78 f7 67 3c c.4b..y ..@]x.g<0160: d3 73 a3 82 01 1e 30 82 01 1a 30 1f 06 03 55 1d .s....0...0...U.0170: 23 04 18 30 16 80 14 5c 93 58 20 5a 24 73 56 10 #..0...\.X Z$sV.0180: 1b 64 50 10 ec e9 a7 ca 07 41 11 30 0c 06 03 55 .dP......A.0...U0190: 1d 13 01 01 ff 04 02 30 00 30 48 06 03 55 1d 20 .......0.0H..U.01a0: 04 41 30 3f 30 3d 06 08 60 81 1c 86 ef 2a 01 01 .A0?0=..`....\*..01b0: 30 31 30 2f 06 08 2b 06 01 05 05 07 02 01 16 23 010/..+........#01c0: 68 74 74 70 3a 2f 2f 77 77 77 2e 63 66 63 61 2e http://www.cfca.01d0: 63 6f 6d 2e 63 6e 2f 75 73 2f 75 73 2d 31 34 2e com.cn/us/us-14.01e0: 68 74 6d 30 37 06 03 55 1d 1f 04 30 30 2e 30 2c htm07..U...00.0,01f0: a0 2a a0 28 86 26 68 74 74 70 3a 2f 2f 63 72 6c .\*.(.&http://crl0200: 2e 63 66 63 61 2e 63 6f 6d 2e 63 6e 2f 53 4d 32 .cfca.com.cn/SM20210: 2f 63 72 6c 35 36 31 38 2e 63 72 6c 30 18 06 03 /crl5618.crl0...0220: 55 1d 11 04 11 30 0f 82 0d 65 62 73 73 65 63 2e U....0...ebssec.0230: 62 6f 63 2e 63 6e 30 0e 06 03 55 1d 0f 01 01 ff boc.cn0...U.....0240: 04 04 03 02 06 c0 30 1d 06 03 55 1d 0e 04 16 04 ......0...U.....0250: 14 9e a8 16 8f ce ac a8 03 84 71 4e 46 96 aa d3 ..........qNF...0260: 89 17 ed 3d 4a 30 1d 06 03 55 1d 25 04 16 30 14 ...=J0...U.%..0.0270: 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 ..+.........+...0280: 05 07 03 01 30 0c 06 08 2a 81 1c cf 55 01 83 75 ....0...\*...U..u0290: 05 00 03 49 00 30 46 02 21 00 af 85 2b db bf 98 ...I.0F.!...+...02a0: 7a 11 19 75 61 c0 8b 83 e7 f3 f5 49 5e 41 b6 8f z..ua......I^A..02b0: 7c 16 30 52 35 03 d9 d0 07 55 02 21 00 c4 42 e2 |.0R5....U.!..B.02c0: 4f 52 fe 64 82 d1 4a 54 bc 2a a1 fc 34 02 d9 48 OR.d..JT.\*..4..H02d0: bc 4d c7 1d e4 6d 88 81 84 ac 72 75 0d 00 02 d2 .M...m....ru....02e0: 30 82 02 ce 30 82 02 72 a0 03 02 01 02 02 05 13 0...0..r........02f0: 36 39 33 71 30 0c 06 08 2a 81 1c cf 55 01 83 75 693q0...\*...U..u0300: 05 00 30 25 31 0b 30 09 06 03 55 04 06 13 02 43 ..0%1.0...U....C0310: 4e 31 16 30 14 06 03 55 04 0a 0c 0d 43 46 43 41 N1.0...U....CFCA0320: 20 53 4d 32 20 4f 43 41 31 30 1e 17 0d 32 31 30  SM2 OCA10...2100330: 36 31 31 30 39 30 35 32 30 5a 17 0d 32 36 30 36 611090520Z..26060340: 31 39 30 38 31 36 35 36 5a 30 81 91 31 0b 30 09 19081656Z0..1.0.0350: 06 03 55 04 06 13 02 43 4e 31 0f 30 0d 06 03 55 ..U....CN1.0...U0360: 04 08 0c 06 e5 8c 97 e4 ba ac 31 0f 30 0d 06 03 ..........1.0...0370: 55 04 07 0c 06 e5 8c 97 e4 ba ac 31 27 30 25 06 U..........1'0%.0380: 03 55 04 0a 0c 1e e4 b8 ad e5 9b bd e9 93 b6 e8 .U..............0390: a1 8c e8 82 a1 e4 bb bd e6 9c 89 e9 99 90 e5 85 ................03a0: ac e5 8f b8 31 11 30 0f 06 03 55 04 0b 0c 08 4c ....1.0...U....L03b0: 6f 63 61 6c 20 52 41 31 0c 30 0a 06 03 55 04 0b ocal RA1.0...U..03c0: 0c 03 53 53 4c 31 16 30 14 06 03 55 04 03 0c 0d ..SSL1.0...U....03d0: 65 62 73 73 65 63 2e 62 6f 63 2e 63 6e 30 59 30 ebssec.boc.cn0Y003e0: 13 06 07 2a 86 48 ce 3d 02 01 06 08 2a 81 1c cf ...\*.H.=....\*...03f0: 55 01 82 2d 03 42 00 04 c9 f5 ab e8 5b 57 48 b5 U..-.B......[WH.0400: aa 72 80 cb b4 1e 67 76 5f 00 3f a0 a8 75 f8 17 .r....gv_.?..u..0410: 93 2a 22 1b 1a ac e0 e5 5a c6 af 7f f7 5c a6 b0 .\*".....Z...\..0420: b4 17 6e fb cd ce 38 69 80 41 ff 7b 9c cb 83 c5 ..n...8i.A.{....0430: a9 76 91 1d 0a 7c 3c 4c a3 82 01 1e 30 82 01 1a .v...|***0440: 30 1f 06 03 55 1d 23 04 18 30 16 80 14 5c 93 58 0...U.#..0...\.X0450: 20 5a 24 73 56 10 1b 64 50 10 ec e9 a7 ca 07 41  Z$sV..dP......A0460: 11 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 .0...U.......0.00470: 48 06 03 55 1d 20 04 41 30 3f 30 3d 06 08 60 81 H..U. .A0?0=..`.0480: 1c 86 ef 2a 01 01 30 31 30 2f 06 08 2b 06 01 05 ...\*..010/..+...0490: 05 07 02 01 16 23 68 74 74 70 3a 2f 2f 77 77 77 .....#http://www04a0: 2e 63 66 63 61 2e 63 6f 6d 2e 63 6e 2f 75 73 2f .cfca.com.cn/us/04b0: 75 73 2d 31 34 2e 68 74 6d 30 37 06 03 55 1d 1f us-14.htm07..U..04c0: 04 30 30 2e 30 2c a0 2a a0 28 86 26 68 74 74 70 .00.0,.\*.(.&http04d0: 3a 2f 2f 63 72 6c 2e 63 66 63 61 2e 63 6f 6d 2e ://crl.cfca.com.04e0: 63 6e 2f 53 4d 32 2f 63 72 6c 35 36 31 38 2e 63 cn/SM2/crl5618.c04f0: 72 6c 30 18 06 03 55 1d 11 04 11 30 0f 82 0d 65 rl0...U....0...e0500: 62 73 73 65 63 2e 62 6f 63 2e 63 6e 30 0e 06 03 bssec.boc.cn0...0510: 55 1d 0f 01 01 ff 04 04 03 02 03 38 30 1d 06 03 U..........80...0520: 55 1d 0e 04 16 04 14 5f da d4 91 ef cc bc db a4 U......_........0530: 56 c1 96 35 fb 84 dc 51 a6 3f f6 30 1d 06 03 55 V..5...Q.?.0...U0540: 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 .%..0...+.......0550: 06 08 2b 06 01 05 05 07 03 01 30 0c 06 08 2a 81 ..+.......0...\*.0560: 1c cf 55 01 83 75 05 00 03 48 00 30 45 02 21 00 ..U..u...H.0E.!.0570: c2 38 58 b5 79 97 20 88 de ad fa 1e a5 c4 bc 12 .8X.y. .........0580: 82 b0 21 dc 96 a5 97 e6 72 03 67 8f c3 ac 5c 8f ..!.....r.g...\.0590: 02 20 37 20 ef a3 be b5 76 9c 09 85 cc 96 7f 25 . 7 ....v.....%05a0: 42 02 76 93 7f 45 5f e0 32 d6 23 52 be 4b ba 68 B.v.E_.2.#R.K.h05b0: 52 bf                      R.<= Recv SSL data, 5 bytes (0x5)0000: 16 01 01 00 4d                  ....M== Info: (101) (IN), , Unknown (12):<= Recv SSL data, 77 bytes (0x4d)0000: 0c 00 00 49 00 47 30 45 02 20 07 bb 5c f7 90 d0 ...I.G0E. ..\...0010: c0 91 fd 80 69 0f c7 78 27 7b b4 fd 55 5b 59 1b ....i..x'{..U[Y.0020: 35 e8 14 b7 b1 72 3c 0b 04 93 02 21 00 fd 4c d7 5....r<....!..L.0030: 5c 16 87 5f 6b 63 f3 7e a9 73 75 8b cc 56 7e fa \.._kc.~.su..V~.0040: bc 78 bf 7a 2d cb 30 0d 3b 78 06 91 6f      .x.z-.0.;x..o<= Recv SSL data, 5 bytes (0x5)0000: 16 01 01 00 04                  .....== Info: (101) (IN), , Unknown (14):<= Recv SSL data, 4 bytes (0x4)0000: 0e 00 00 00                   ....=> Send SSL data, 5 bytes (0x5)0000: 16 01 01 00 a3                  .....== Info: (101) (OUT), , Unknown (16):=> Send SSL data, 163 bytes (0xa3)0000: 10 00 00 9f 00 9d 30 81 99 02 21 00 ad db a9 b8 ......0...!.....0010: af 6f be 9e d4 78 8a d5 f6 83 e8 45 90 42 db ad .o...x.....E.B..0020: cb 9f a0 29 2c e5 66 88 8d 27 8b 27 02 20 3d b4 ...),.f..'.'. =.0030: dc f9 40 84 c4 02 60 96 95 a6 da f3 76 f9 d1 06 ..@...`.....v...0040: b0 18 f5 da c6 30 2f dd da 69 d5 97 17 7f 04 20 .....0/..i....*0050: bf 2c 65 24 97 50 7b a6 62 df 27 db 34 8f 65 bf .,e$.P{.b.'.4.e.0060: 90 3f b9 e2 2d f0 e4 b8 17 98 c9 cf 8f 4e 78 db .?..-........Nx.0070: 04 30 48 d8 08 d9 1e 86 31 16 82 e8 f8 bd e5 23 .0H.....1......#0080: 0e ae 95 06 77 4f 20 ca 75 1a 43 57 05 d2 2b d6 ....wO .u.CW..+.0090: 81 fc a5 88 b4 6e 72 6b 22 8d 87 3d 0a cd de b1 .....nrk"..=....00a0: 6f 84 00                     o..=> Send SSL data, 5 bytes (0x5)0000: 14 01 01 00 01                  .....== Info: (101) (OUT), , Change cipher spec (1):=> Send SSL data, 1 bytes (0x1)0000: 01                        .=> Send SSL data, 5 bytes (0x5)0000: 16 01 01 00 50                  ....P== Info: (101) (OUT), , Unknown (20):=> Send SSL data, 16 bytes (0x10)0000: 14 00 00 0c c1 5f 9d fc 52 8d 3a 99 12 8b 4e fa ....._..R.:...N.<= Recv SSL data, 5 bytes (0x5)0000: 14 01 01 00 01                  .....<= Recv SSL data, 5 bytes (0x5)0000: 16 01 01 00 50                  ....P== Info: (101) (IN), , Unknown (20):<= Recv SSL data, 16 bytes (0x10)0000: 14 00 00 0c 40 7b 25 ad a3 46 d9 8a a2 d0 27 a0 ....@{%..F....'.== Info: SSL connection using GMSSLv1.1 / ECC-SM4-CBC-SM3== Info: ALPN, server did not agree to a protocol== Info: Server certificate:== Info:  subject: C=CN; ST=\U5317\U4EAC; L=\U5317\U4EAC; O=\U4E2D\U56FD\U94F6\U884C\U80A1\U4EFD\U6709\U9650\U516C\U53F8; OU=Local RA; OU=SSL; CN=ebssec.boc.cn== Info:  start date: Jun 11 09:05:20 2021 GMT== Info:  expire date: Jun 19 08:16:56 2026 GMT== Info:  issuer: C=CN; O=CFCA SM2 OCA1== Info:  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.=> Send SSL data, 5 bytes (0x5)0000: 17 01 01 00 80                  .....=> Send header, 77 bytes (0x4d)0000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a GET / HTTP/1.1..0010: 48 6f 73 74 3a 20 65 62 73 73 65 63 2e 62 6f 63 Host: ebssec.boc0020: 2e 63 6e 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a .cn..User-Agent:0030: 20 63 75 72 6c 2f 37 2e 38 32 2e 30 0d 0a 41 63  curl/7.82.0..Ac0040: 63 65 70 74 3a 20 2a 2f 2a 0d 0a 0d 0a      cept: \*/\*....<= Recv SSL data, 5 bytes (0x5)0000: 17 01 01 01 e0                  .....== Info: Mark bundle as not supporting multiuse<= Recv header, 17 bytes (0x11)0000: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK.0010: 0a                        .<= Recv header, 37 bytes (0x25)0000: 44 61 74 65 3a 20 53 75 6e 2c 20 31 37 20 4a 75 Date: Sun, 17 Ju0010: 6c 20 32 30 32 32 20 30 34 3a 31 32 3a 33 36 20 l 2022 04:12:360020: 47 4d 54 0d 0a                  GMT..<= Recv header, 46 bytes (0x2e)0000: 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 53 Last-Modified: S0010: 61 74 2c 20 32 37 20 4a 75 6e 20 32 30 31 35 20 at, 27 Jun 20150020: 31 36 3a 34 38 3a 33 38 20 47 4d 54 0d 0a    16:48:38 GMT..<= Recv header, 22 bytes (0x16)0000: 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 Accept-Ranges: b0010: 79 74 65 73 0d 0a                ytes..<= Recv header, 21 bytes (0x15)0000: 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 Content-Length:0010: 31 35 36 0d 0a                  156..<= Recv header, 28 bytes (0x1c)0000: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6d Cache-Control: m0010: 61 78 2d 61 67 65 3d 33 30 30 0d 0a       ax-age=300..<= Recv header, 40 bytes (0x28)0000: 45 78 70 69 72 65 73 3a 20 53 75 6e 2c 20 31 37 Expires: Sun, 170010: 20 4a 75 6c 20 32 30 32 32 20 30 34 3a 31 37 3a  Jul 2022 04:17:0020: 33 36 20 47 4d 54 0d 0a             36 GMT..<= Recv header, 34 bytes (0x22)0000: 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 Vary: Accept-Enc0010: 6f 64 69 6e 67 2c 55 73 65 72 2d 41 67 65 6e 74 oding,User-Agent0020: 0d 0a                      ..<= Recv header, 25 bytes (0x19)0000: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 Content-Type: te0010: 78 74 2f 68 74 6d 6c 0d 0a            xt/html..<= Recv header, 2 bytes (0x2)0000: 0d 0a                      ..<= Recv data, 156 bytes (0x9c)0000: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c <!DOCTYPE html><0010: 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 html><head><meta0020: 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66  http-equiv="ref0030: 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 resh" content="00040: 3b 75 72 6c 3d 2f 62 6f 63 31 35 2f 6c 6f 67 69 ;url=/boc15/logi0050: 6e 2e 68 74 6d 6c 22 3e 3c 6d 65 74 61 20 6e 61 n.html"><meta na0060: 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f me="renderer" co0070: 6e 74 65 6e 74 3d 22 69 65 2d 73 74 61 6e 64 22 ntent="ie-stand"0080: 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f ></head><body></0090: 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e             body></html><!DOCTYPE html><html><head><meta http-equiv="refresh" content="0;url=/boc15/login.html"><meta name="renderer" content="ie-stand"></head><body></body></html>== Info: Connection #0 to host ebssec.boc.cn left intact

正文:
1)能够看到国密SSL国产的残缺数据
2)能够把日志输入到文件
即./gmcurl --gmssl -k --trace ssl.log https://ebssec.boc.cn

4.国密curl应用(双向国密SSL)

4.1 生成用户国密双证书

4.2 应用用户国密双证书拜访

[root@206test ~]# ./gmcurl --gmssl -k --cert ./sm2.user1.sig.crt.pem --key ./sm2.user1.sig.key.pem --cert2 ./sm2.user1.enc.crt.pem --key2 ./sm2.user1.enc.key.pem https://demo.gmssl.cn:1443GM Version: 1.0.0 Ported by www.gmssl.cnOptions:--gmssl, use TLCP protocol--cert,  use sm2 sig pem cert--key,   use sm2 sig pem key--cert2, use sm2 enc pem cert--key2,  use sm2 enc pem key<!DOCTYPE html><HTML><HEAD><TITLE>祝贺</TITLE><META http-equiv=Content-Type content="text/html; charset=UTF-8"><STYLE type=text/css>.style1 {    font-family: Consolas,monospace;     font-size: 14px;     white-space: nowrap;}</STYLE></HEAD><BODY>    <BR>    <BR>    <CENTER>        <TABLE cellPadding=5 width=400>            <TBODY>                <TR>                    <TD align=middle>                        <p class="style1">胜利拜访了受HTTPS爱护的页面。</p>                    </TD>                </TR>                <TR>                    <TD align=middle>                        <span class="style1"><b>SSL信息:</b>GMSSLv1.1,ECC-SM4-GCM-SM3</span>                    </TD>                </TR>                                <TR>                    <TD align=left>                        <span class="style1"><b>证书信息</b></span>                    </TD>                </TR>                <TR>                    <TD align=left>                        <span class="style1">&nbsp;&nbsp;[0]&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Version:&nbsp;3<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SerialNumber:&nbsp;1658039001384<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;IssuerDN:&nbsp;C=CN,O=GMSSL,OU=PKI/SM2,CN=MiddleCA&nbsp;for&nbsp;Test<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Start&nbsp;Date:&nbsp;Sun&nbsp;Jul&nbsp;17&nbsp;00:00:00&nbsp;CST&nbsp;2022<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Final&nbsp;Date:&nbsp;Mon&nbsp;Jul&nbsp;17&nbsp;00:00:00&nbsp;CST&nbsp;2023<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;SubjectDN:&nbsp;C=CN,CN=user1<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Public&nbsp;Key:&nbsp;EC&nbsp;Public&nbsp;Key<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;X:&nbsp;97c5e022cd46ff344da14c59c97d1d71d67b4daf2c5b1c6687adde3fd3e3d051<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Y:&nbsp;97015282f9dc49ea209aebc5b0c1b4f81b8018b391d5195438bdab9251fe1341<br>&nbsp;&nbsp;Signature&nbsp;Algorithm:&nbsp;1.2.156.10197.1.501<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Signature:<br>&nbsp;3045022100f7937695e82f349cc00fe94cc07988<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;0ecd5ff1b36bcf25b144f1a150889bd89b022075<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;f9cae85fdcd0ad30e6b4cd2cbd95686ee1310f89<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;56605827f6501148800988<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Extensions:&nbsp;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;critical(false)&nbsp;2.5.29.35&nbsp;value&nbsp;=&nbsp;Sequence<br>&nbsp;&nbsp;&nbsp;&nbsp;Tagged&nbsp;[0]&nbsp;IMPLICIT&nbsp;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;DER&nbsp;Octet&nbsp;String[16]&nbsp;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;critical(false)&nbsp;2.5.29.14&nbsp;value&nbsp;=&nbsp;DER&nbsp;Octet&nbsp;String[16]&nbsp;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;critical(false)&nbsp;BasicConstraints:&nbsp;isCa(false)<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;critical(true)&nbsp;KeyUsage:&nbsp;0xc0<br></span>                    </TD>                </TR>                                                <TR>                    <TD align=left>                        <span class="style1"><b>证书PEM</b></span>                    </TD>                </TR>                <TR>                    <TD align=left>                        <span class="style1">-----BEGIN&nbsp;CERTIFICATE-----<br>MIIBuTCCAV2gAwIBAgIGAYIK02EoMAwGCCqBHM9VAYN1BQAwSzELMAkGA1UEBhMC<br>Q04xDjAMBgNVBAoTBUdNU1NMMRAwDgYDVQQLEwdQS0kvU00yMRowGAYDVQQDExFN<br>aWRkbGVDQSBmb3IgVGVzdDAiGA8yMDIyMDcxNjE2MDAwMFoYDzIwMjMwNzE2MTYw<br>MDAwWjAdMQswCQYDVQQGEwJDTjEOMAwGA1UEAxMFdXNlcjEwWTATBgcqhkjOPQIB<br>BggqgRzPVQGCLQNCAASXxeAizUb/NE2hTFnJfR1x1ntNryxbHGaHrd4/0+PQUZcB<br>UoL53EnqIJrrxbDBtPgbgBizkdUZVDi9q5JR/hNBo1UwUzAbBgNVHSMEFDASgBD5<br>f1W0J5QzYqZWym/MXRr/MBkGA1UdDgQSBBBTZ9eBZ4tYvhe+Sj2oeI4xMAkGA1Ud<br>EwQCMAAwDgYDVR0PAQH/BAQDAgDAMAwGCCqBHM9VAYN1BQADSAAwRQIhAPeTdpXo<br>LzScwA/pTMB5iA7NX/Gza88lsUTxoVCIm9ibAiB1+croX9zQrTDmtM0svZVobuEx<br>D4lWYFgn9lARSIAJiA==<br>-----END&nbsp;CERTIFICATE-----<br></span>                    </TD>                </TR>                            </TBODY>        </TABLE>    </CENTER></BODY></HTML>

正文:
1)https://demo.gmssl.cn:1443同时也反对单向国密SSL,不带客户端证书也能够拜访,但页面不显示客户端证书信息

5.国密curl下载

1) XP/Win7/Win10
https://www.gmssl.cn/gmssl/do...
2) CentOS7/8
https://www.gmssl.cn/gmssl/do...
3) MacOS x86_64
https://www.gmssl.cn/gmssl/do...