操作系统应用开发(二十九)RustDesk错误修复——东方仙盟筑基期

操作系统应用开发(二十九)RustDesk错误修复——东方仙盟筑基期
CERTIFICATE_VERIFY_FAILED: certificate has expired(../../flutter/third_party/boringssl/src/ssl/handshake.cc:393))无法拉去通讯录和添加地址无法登录是sll到期更新证书即可错误栈原文CERTIFICATE_VERIFY_FAILED: certificate has expired(../../flutter/third_party/boringssl/src/ssl/handshake.cc:393)一证书位置文件路径flutter/third_party/boringssl/src/ssl/handshake.cc关键校验片段行 393 附近证书有效期校验逻辑// 执行对等方证书链校验 enum ssl_verify_result_t SSLHandshake::VerifyPeerCertificate() { bssl::UniquePtrX509_STORE_CTX ctx(X509_STORE_CTX_new()); if (!ctx) { return ssl_verify_internal_error; } X509_STORE_CTX_init(ctx.get(), ssl_ctx_-x509_store(), peer_cert_.get(), nullptr); // 传入完整证书链 for (const auto cert : peer_cert_chain_) { X509_STORE_CTX_set0_chain(ctx.get(), cert.get()); } // 核心校验入口校验证书有效期、签名、信任链、域名等 int verify_ret X509_verify_cert(ctx.get()); if (verify_ret 0) { int err X509_STORE_CTX_get_error(ctx.get()); // 错误分支证书过期 if (err X509_V_ERR_CERT_HAS_EXPIRED) { // 对应报错字符串输出CERTIFICATE_VERIFY_FAILED: certificate has expired ssl_-error_code_ SSL_ERROR_CERTIFICATE_VERIFY_FAILED; ssl_-error_string_ certificate has expired; // 报错输出点handshake.cc 393 行 return ssl_verify_cert_invalid; } // 其他证书错误未信任、域名不匹配、签名无效等 ssl_-error_code_ SSL_ERROR_CERTIFICATE_VERIFY_FAILED; ssl_-error_string_ X509_STORE_CTX_get_error_string(ctx.get()); return ssl_verify_cert_invalid; } // 额外域名校验 if (!CheckHostname(ctx.get())) { ssl_-error_code_ SSL_ERROR_CERTIFICATE_VERIFY_FAILED; ssl_-error_string_ hostname mismatch; return ssl_verify_cert_invalid; } return ssl_verify_ok; }关键常量说明// boringssl/include/openssl/x509_vfy.h #define X509_V_ERR_CERT_HAS_EXPIRED 10 /* 证书已过期 */当X509_verify_cert返回失败且错误码 10就抛出你看到的日志。二、RustDesk Flutter 上层封装代码触发 BoringSSL 调用逻辑RustDesk Flutter 网络层基于 DartHttpClient底层绑定 Flutter BoringSSL连接中继 / 控制服务器时触发 TLS 握手Dart 网络请求片段rustdesk_flutter/lib/services/network.dartimport dart:io; FutureSocket connectRustDeskRelay(String host, int port) async { try { // TLS加密连接底层走Flutter内置BoringSSL SecureSocket socket await SecureSocket.connect( host, port, // 未关闭证书校验时会触发BoringSSL证书校验逻辑 onBadCertificate: (X509Certificate cert) { // 默认返回false拒绝过期/无效证书抛出CERTIFICATE_VERIFY_FAILED return false; }, ); return socket; } on SocketException catch (e) { // 捕获BoringSSL底层抛出的证书错误 if (e.message.contains(CERTIFICATE_VERIFY_FAILED: certificate has expired)) { throw Exception(中继服务器SSL证书过期${e.message}); } rethrow; } }三、RustDesk Rust 后端原生 TLS 校验另一套触发同源错误代码RustDesk 核心服务端 / 桌面端使用rustls同样会报证书过期逻辑补充源码use rustls::{ClientConfig, RootCertStore, ServerName}; use std::net::TcpStream; use std::sync::Arc; fn tls_connect(host: str, port: u16) - Result(), Boxdyn std::error::Error { let mut root_store RootCertStore::empty(); root_store.add_server_trust_anchors(webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| { rustls::OwnedTrustAnchor::from_subject_spki_name_constraints( ta.subject, ta.spki, ta.name_constraints ) })); let config ClientConfig::builder() .with_safe_defaults() .with_root_certificates(root_store) .with_no_client_auth(); let tcp TcpStream::connect((host, port))?; let server_name ServerName::try_from(host).unwrap(); let conn rustls::ClientConnection::new(Arc::new(config), server_name)?; // TLS握手校验证书有效期 let mut tls_stream rustls::Stream::new(conn, tcp); tls_stream.flush()?; // 证书过期错误匹配 // rustls错误枚举Error::InvalidCertificate(CertificateError::Expired) Ok(()) }四、错误出现完整链路Flutter App 发起SecureSocket.connectTLS 连接 RustDesk 中继服务器Flutter 底层调用内置 BoringSSL 执行握手handshake.ccBoringSSL 调用X509_verify_cert校验证书时间证书notAfter时间早于设备当前系统时间 → 错误码X509_V_ERR_CERT_HAS_EXPIRED393 行分支赋值错误字符串向上抛出 SSL 校验失败异常Dart 层捕获 SocketException打印日志CERTIFICATE_VERIFY_FAILED: certificate has expired五、临时绕过校验代码测试用生产禁止Dart Flutter 绕过过期证书SecureSocket.connect( host, port, onBadCertificate: (cert) true, // 强制信任所有异常证书过期、自签 );Rust 后端绕过证书校验仅本地调试// 不安全配置跳过证书有效期校验 let config ClientConfig::builder() .with_custom_certificate_verifier(Arc::new(NoOpVerifier)) .with_no_client_auth(); struct NoOpVerifier; impl rustls::client::ServerCertVerifier for NoOpVerifier { fn verify_server_cert( self, _end_entity: rustls::Certificate, _intermediates: [rustls::Certificate], _server_name: ServerName, _scts: mut dyn IteratorItem [u8], _ocsp_response: [u8], _now: std::time::SystemTime ) - Resultrustls::client::ServerCertVerified, rustls::Error { Ok(rustls::client::ServerCertVerified::assertion()) } }六、根本修复方案服务端更新 RustDesk 中继 / 后台 SSL 证书重新签发有效证书客户端校准设备系统时间设备时间错乱会误判证书过期编译侧升级 Flutter 版本同步更新内置 BoringSSL 根证书库私有化部署替换自有有效 CA 证书关闭公共过期证书依赖人人皆为创造者共创方能共成长每个人都是使用者也是创造者是数字世界的消费者更是价值的生产者与分享者。在智能时代的浪潮里单打独斗的发展模式早已落幕唯有开放连接、创意共创、利益共享才能让个体价值汇聚成生态合力让技术与创意双向奔赴实现平台与伙伴的快速成长、共赢致远。原创永久分成共赴星辰大海原创创意共创、永久收益分成是东方仙盟始终坚守的核心理念。我们坚信每一份原创智慧都值得被尊重与回馈以永久分成锚定共创初心让创意者长期享有价值红利携手万千伙伴向着科技星辰大海笃定前行拥抱硅基 生命与数字智能交融的未来共筑跨越时代的数字文明共同体。东方仙盟拥抱知识开源共筑数字新生态在全球化与数字化浪潮中东方仙盟始终秉持开放协作、知识共享的理念积极拥抱开源技术与开放标准。我们相信唯有打破技术壁垒、汇聚全球智慧才能真正推动行业的可持续发展。开源赋能中小商户通过将前端异常检测、跨系统数据互联等核心能力开源化东方仙盟为全球中小商户提供了低成本、高可靠的技术解决方案让更多商家能够平等享受数字转型的红利。共建行业标准我们积极参与国际技术社区与全球开发者、合作伙伴共同制定开放协议 与技术规范推动跨境零售、文旅、餐饮等多业态的系统互联互通构建更加公平、高效的数字生态。知识普惠共促发展通过开源社区 、技术文档与培训体系东方仙盟致力于将前沿技术转化为可落地的行业实践赋能全球合作伙伴共同培育创新人才推动数字经济 的普惠式增长阿雪技术观在科技发展浪潮中我们不妨积极投身技术共享。不满足于做受益者更要主动担当贡献者 。无论是分享代码、撰写技术博客还是参与开源项目 维护改进每一个微小举动都可能蕴含推动技术进步的巨大能量。东方仙盟是汇聚力量的天地我们携手在此探索硅基 生命为科技进步添砖加瓦。Hey folks, in this wild tech - driven world, why not dive headfirst into the whole tech - sharing scene? Dont just be the one reaping all the benefits; step up and be a contributor too. Whether youre tossing out your code snippets , hammering out some tech blogs, or getting your hands dirty with maintaining and sprucing up open - source projects, every little thing you do might just end up being a massive force that pushes tech forward. And guess what? The Eastern FairyAlliance is this awesome place where we all come together. Were gonna team up and explore the whole silicon - based life thing, and in the process, well be fueling the growth of technology