github-starred/frp

Fork 0

mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00

[GH-ISSUE #2170] tls相关，是BUG吗？ #1728

New issue

Closed

opened 2026-05-05 13:06:30 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented

2026-05-05 13:06:30 -06:00

Owner

Originally created by @Yusoo on GitHub (Dec 28, 2020).
Original GitHub issue: https://github.com/fatedier/frp/issues/2170

1、服务端启用tls_only，客户端不设置tls，也能连上。
2、按照 https://gofrp.org/docs/features/common/network/network-tls/#openssl-%E7%94%9F%E6%88%90%E8%AF%81%E4%B9%A6%E7%A4%BA%E4%BE%8B 新生成的证书，客户端启动后一直报证书错误，我把客户端的tls_trusted_ca_file注释掉才能用

[REQUIRED] hat version of frp are you using
Version: docker版v0.34.3

confile

frps.ini
[common]
bind_port = 7000
tls_only = true
tls_cert_file = /app/server.crt
tls_key_file = /app/server.key
tls_trusted_ca_file = /app/ca.crt
frpc.ini
server_addr = ****
server_port = 7000
tls_enable = true
tls_cert_file = /app/client.crt
tls_key_file = /app/client.key
tls_trusted_ca_file = /app/ca.crt

log file
frpc的错误信息
[W] [service.go:102] login to server failed: x509: certificate has expired or is not yet valid: current time 2020-12-27T23:53:10+08:00 is after 0001-01-01T00:00:00Z

Originally created by @Yusoo on GitHub (Dec 28, 2020). Original GitHub issue: https://github.com/fatedier/frp/issues/2170 1、服务端启用tls_only，客户端不设置tls，也能连上。 2、按照 https://gofrp.org/docs/features/common/network/network-tls/#openssl-%E7%94%9F%E6%88%90%E8%AF%81%E4%B9%A6%E7%A4%BA%E4%BE%8B 新生成的证书，客户端启动后一直报证书错误，我把客户端的tls_trusted_ca_file注释掉才能用 **[REQUIRED] hat version of frp are you using** Version: docker版v0.34.3 **confile** * frps.ini [common] bind_port = 7000 tls_only = true tls_cert_file = /app/server.crt tls_key_file = /app/server.key tls_trusted_ca_file = /app/ca.crt * frpc.ini server_addr = **** server_port = 7000 tls_enable = true tls_cert_file = /app/client.crt tls_key_file = /app/client.key tls_trusted_ca_file = /app/ca.crt **log file** frpc的错误信息 [W] [service.go:102] login to server failed: x509: certificate has expired or is not yet valid: current time 2020-12-27T23:53:10+08:00 is after 0001-01-01T00:00:00Z

gitea-mirror closed this issue

2026-05-05 13:06:31 -06:00

gitea-mirror commented

2026-05-05 13:06:33 -06:00

Author

Owner

@yuyulei commented on GitHub (Dec 29, 2020):

是不是你的证书有问题（看样子跟过期时间相关）？你可以参照文档里的先生成一份证书或者找一份保证有效的证书，再试一下，如果 ok 的话就排除 frp 的问题。

@yuyulei commented on GitHub (Dec 29, 2020): 是不是你的证书有问题（看样子跟过期时间相关）？你可以参照文档里的先生成一份证书或者找一份保证有效的证书，再试一下，如果 ok 的话就排除 frp 的问题。

gitea-mirror commented

2026-05-05 13:06:34 -06:00

Author

Owner

@Yusoo commented on GitHub (Dec 29, 2020):

应该是bug，我又完全按照文档生成了一次，还是同样的问题，我用下面的命令测试是OK的。
openssl verify -CAfile ca.crt server.crt
openssl verify -CAfile ca.crt client.crt
这是生成的证书
1.zip

@Yusoo commented on GitHub (Dec 29, 2020): 应该是bug，我又完全按照文档生成了一次，还是同样的问题，我用下面的命令测试是OK的。 openssl verify -CAfile ca.crt server.crt openssl verify -CAfile ca.crt client.crt 这是生成的证书 [1.zip](https://github.com/fatedier/frp/files/5750846/1.zip)

gitea-mirror commented

2026-05-05 13:06:34 -06:00

Author

Owner

@yuyulei commented on GitHub (Dec 30, 2020):

但是我拿了你给的证书，成功跑起来了。。。所以是不是你环境的问题，比如说是 docker 挂载？你能不能在本地裸跑下 frps 和 frpc, 就照你一开始的配置即可？

@yuyulei commented on GitHub (Dec 30, 2020): 但是我拿了你给的证书，成功跑起来了。。。所以是不是你环境的问题，比如说是 docker 挂载？你能不能在本地裸跑下 frps 和 frpc, 就照你一开始的配置即可？

gitea-mirror commented

2026-05-05 13:06:35 -06:00

Author

Owner

@Yusoo commented on GitHub (Jan 8, 2021):

发现是配置文件没生效，关闭了。

@Yusoo commented on GitHub (Jan 8, 2021): 发现是配置文件没生效，关闭了。

gitea-mirror commented

2026-05-05 13:06:35 -06:00

Author

Owner

@zed76r commented on GitHub (Mar 24, 2021):

发现是配置文件没生效，关闭了。

我也是相同的状况，我是用frpc -c ./frpc.ini测试的，想问问您最后说的配置文件没生效是什么意思。我现在也是暂时注释了ca的配置

@zed76r commented on GitHub (Mar 24, 2021): > 发现是配置文件没生效，关闭了。我也是相同的状况，我是用`frpc -c ./frpc.ini`测试的，想问问您最后说的配置文件没生效是什么意思。我现在也是暂时注释了ca的配置

gitea-mirror referenced this issue

2026-05-05 14:42:11 -06:00

[PR #1728] [MERGED] bump version to v0.32.1 #4443