openssl handshake

最新推荐文章于 2024-07-12 08:46:23 发布
最新推荐文章于 2024-07-12 08:46:23 发布
阅读量1.1k 收藏 1
点赞数 2
分类专栏: openssl 文章标签: openssl
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/wq897387/article/details/79552309
版权

通过openssl命令来建立一个SSL测试环境

环境背景:Ubuntu 16.04.1 & OpenSSL-1.0.2g

1. 在openssl安装目录/usr/lib/ssl/misc目录下,运行脚本 ./CA.sh –newca

随后会生成一个demonCA的目录,里面包含了ca证书及其私钥。

2. 生成客户端和服务端证书申请

$ openssl req -newkey rsa:1024 -out req1.pem -keyout sslclientkey.pem
$ openssl req -newkey rsa:1024 -out req2.pem -keyout sslserverkey.pem

3. 签发客户端和服务端证书

$ openssl ca -in req1.pem -out sslclientcert.pem
$ openssl ca -in req2.pem -out sslservercert.pem

4. 运行ssl 服务端

$ openssl s_server -cert sslservercert.pem -key sslserverkey.pem -CAfile demoCA/cacert.pem
Enter pass phrase for sslserverkey.pem:
Using default temp DH parameters
ACCEPT
-----BEGIN SSL SESSION PARAMETERS-----
MFUCAQECAgMDBALAMAQABDBZ6RLUgd5qBfj3oeCfRzD/1sdK9aQcpbmvFVRLBJ66
roEscQm1tHBUOrYWX9UYjNehBgIEX/U+rqIEAgIBLKQGBAQBAAAA
-----END SSL SESSION PARAMETERS-----
Shared ciphers:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA
Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Supported Elliptic Curve Point Formats: uncompressed:ansiX962_compressed_prime:ansiX962_compressed_char2
Supported Elliptic Curves: P-256:P-521:brainpoolP512r1:brainpoolP384r1:P-384:brainpoolP256r1:secp256k1:B-571:K-571:K-409:B-409:K-283:B-283
Shared Elliptic curves: P-256:P-521:brainpoolP512r1:brainpoolP384r1:P-384:brainpoolP256r1:secp256k1:B-571:K-571:K-409:B-409:K-283:B-283
CIPHER is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported

5. 运行客户端

$ openssl s_client -CAfile demoCA/cacert.pem 
CONNECTED(00000003)
depth=1 C = CN, ST = JiangSu, O = Tech, OU = Software Development, CN = wq, emailAddress = wq897387@126.com
verify return:1
depth=0 C = CN, ST = JiangSu, O = Tech, OU = Software Development, CN = wq, emailAddress = wq897387@126.com
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=JiangSu/O=Tech/OU=Software Development/CN=wq/emailAddress=wq897387@126.com
   i:/C=CN/ST=JiangSu/O=Tech/OU=Software Development/CN=wq/emailAddress=wq897387@126.com
 1 s:/C=CN/ST=JiangSu/O=Tech/OU=Software Development/CN=wq/emailAddress=wq897387@126.com
   i:/C=CN/ST=JiangSu/O=Tech/OU=Software Development/CN=wq/emailAddress=wq897387@126.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDdjCCAl6gAwIBAgIJAMW4y04XPrUDMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
BAYTAkNOMRAwDgYDVQQIDAdKaWFuZ1N1MQ0wCwYDVQQKDARUZWNoMR0wGwYDVQQL
DBRTb2Z0d2FyZSBEZXZlbG9wbWVudDELMAkGA1UEAwwCd3ExIjAgBgkqhkiG9w0B
CQEWE3dxODk3Mzg3NjNAeWVhaC5uZXQwHhcNMjEwMTA2MDQzMDEyWhcNMjIwMTA2
MDQzMDEyWjB+MQswCQYDVQQGEwJDTjEQMA4GA1UECAwHSmlhbmdTdTENMAsGA1UE
CgwEVGVjaDEdMBsGA1UECwwUU29mdHdhcmUgRGV2ZWxvcG1lbnQxCzAJBgNVBAMM
AndxMSIwIAYJKoZIhvcNAQkBFhN3cTg5NzM4NzYzQHllYWgubmV0MIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQDAO8Y56uwwL1FQtNGvfLJhaAp5898SWaenYOAl
w906uY6gLEZQ2+PbndPSOwHxrTH4tOYdAdan7dXHA0V5a2w20qn9zn5RbyXpX/Cp
eVaRmI8rgq3kafPTeQMoCXfcaKjydy+oywlDPkbS7q1h5iOTVHsEJLKIg46oaJLl
gLFOswIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NM
IEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU2QySKT5mNzgFVk2cOxk6
JdDBIIgwHwYDVR0jBBgwFoAUozwxNsifkC4u51ET6KQpuht1z8AwDQYJKoZIhvcN
AQELBQADggEBAK70RFqguCwO7ebmiI2pFWvrbilm2LHBsFPWXedOKWJ1l84OVGOO
FGrAmG69Kd1BFpMk/16a9EHwecbS+5CcfqxdtKWvWXpvpq1oVlqcxcJxXu7bqR5v
v9MONZj0LFfo30JUXMjJ8Nq0NiAHMi8PEXhGXgYtWBWKHbPpS+k/bs+fW1V6zUl6
/xFbgw8/c6UsPdDpQtMrmwZqmbQULqObEBB0tU7ggisdYfIFZ3dfLvw2sB+oDmGt
pzdDtjzPCSqOkT4S1/twgu8sYAx7EXKM0UkrATDp6Is1nuQNzcV8TmC53hMapP52
1fd0JOu6IXBbIFtXZ1x7vjkit1g+u2cTT3g=
-----END CERTIFICATE-----
subject=/C=CN/ST=JiangSu/O=Tech/OU=Software Development/CN=wq/emailAddress=wq897387@126.com
issuer=/C=CN/ST=JiangSu/O=Tech/OU=Software Development/CN=wq/emailAddress=wq897387@126.com
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2403 bytes and written 391 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 131EC22EF3270199458720A32F7C626FD9C177EDEBABD4D2CBFC38A69A0A536A
    Session-ID-ctx: 
    Master-Key: 59E912D481DE6A05F8F7A1E09F4730FFD6C74AF5A41CA5B9AF15544B049EBAAE812C7109B5B470543AB6165FD5188CD7
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 49 f5 d2 ed 95 0b 9b c7-a9 1e 5d ab bc 54 2c 4e   I.........]..T,N
    0010 - 13 68 d9 60 92 57 f8 0d-cd f6 75 f7 67 a3 21 27   .h.`.W....u.g.!'
    0020 - cb 5b ed c1 db 11 17 dd-99 fb 57 b3 ff 83 64 f7   .[........W...d.
    0030 - 18 31 89 9a 99 5c 6c f6-1e 87 2e 03 ec b9 50 cb   .1...\l.......P.
    0040 - fe 1e 7a fb 95 86 ab 8c-f4 c6 a2 84 77 70 d4 76   ..z.........wp.v
    0050 - ec f0 f8 48 a3 c5 29 7c-d6 4b 7d 67 8e a8 01 46   ...H..)|.K}g...F
    0060 - 17 01 fd f4 b3 b6 11 28-05 3e b8 dd aa 25 a7 f8   .......(.>...%..
    0070 - 47 05 96 c1 1f 18 e7 8b-a9 81 ca dd e2 2e f4 8d   G...............
    0080 - 25 9e e5 be a9 ed 61 2b-0a d4 61 50 92 ff fe b9   %.....a+..aP....
    0090 - 1d bb 42 09 7f ce be 65-f1 73 16 72 a3 07 4a cf   ..B....e.s.r..J.

    Start Time: 1609907886
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

 

通过openssl编程接口建立一个SSL测试环境

Server端

#include <stdio.h>
#include <stdlib.h>
#include <dlfcn.h>
#include <sys/types.h>          /* See NOTES */
#include <sys/socket.h>
#include <linux/in.h>
#include <errno.h>
#include <openssl/ssl.h>
int err;

#define CERTF "certs/sslservercert.pem"
#define KEYF "certs/sslserverkey.pem"
#define CAFILE "certs/cacert.pem"

int verify_callback_server(int ok, X509_STORE_CTX *ctx)
{
    printf("verify_callback_server.\n");
    return ok;
}

int SSL_CTX_use_PrivateKey_file_pass(SSL_CTX *ctx, char *filename, char *pass)
{
    EVP_PKEY *pkey = NULL;
    BIO *key = NULL;
    key = BIO_new(BIO_s_file());

    BIO_read_filename(key, filename);
    pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, pass);

    if (pkey==NULL)
    {
        printf("PEM_read_bio_PrivateKey failed");
        return -1;
    }

    if (SSL_CTX_use_PrivateKey(ctx, pkey)<=0)
    {
        printf("SSL_CTX_use_PrivateKey err.\n");
        return -1;
    }

    BIO_free(key);
    return 1;
}

int main()
{
    int ret;

    SSL_load_error_strings();
    SSLeay_add_ssl_algorithms();

    const SSL_METHOD *meth = SSLv3_server_method();
    SSL_CTX *ctx = SSL_CTX_new(meth);
    if (!ctx)
    {
        printf("SSL_CTX_new failed. ctx=%d\n", ctx);
        return -1;
    }

    if ((!SSL_CTX_load_verify_locations(ctx, CAFILE, NULL))||(!SSL_CTX_set_default_verify_paths(ctx)))
    {
        printf("error.\n");
        return -1;
    }

    if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM)<=0)
    {
     
   printf("SSL_CTX_use_certificate_file failed.\n");
        return -1;
    }

    if (SSL_CTX_use_PrivateKey_file_pass(ctx,KEYF,NULL)<=0)
    {
  
  printf("SSL_CTX_use_PrivateKey_file_pass failed.\n");
        return -1;
    }

    if (!SSL_CTX_check_private_key(ctx))
    {
        printf("SSL_CTX_check_private_key failed.\n");
        return -1;
    }

    int s_server_verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT|SSL_VERIFY_CLIENT_ONCE;
    SSL_CTX_set_verify(ctx, s_server_verify, verify_callback_server);
    SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAFILE));

    int s_handle = socket(AF_INET, SOCK_STREAM, 6);
    if (s_handle<0)
    {
        printf("create socket failed.\n");
        return -1;
    }

    struct sockaddr_in service;
    service.sin_family = AF_INET;
    service.sin_addr.s_addr = inet_addr("192.168.44.99");
    service.sin_port = htons(1111);

    if (bind(s_handle, (const struct sockaddr *)&service, sizeof(service))==-1)
    {
        printf("bind failed.\n");
        close(s_handle);
        return -1;
    }

    if (listen(s_handle, 1)==-1)
    {
        printf("listen failed.\n");
        return -1;
    }

    while(1)
    {
        int session_socket = accept(s_handle, NULL, NULL);
        if(session_socket < 0)
        {
            printf("accept failed.\n");
            return -1;
        }
        SSL *ssl = SSL_new(ctx);
        err = SSL_set_fd(ssl, session_socket);
        if (err < 0)
        {
            printf("SSL_set_fd failed.\n");
            return -1;
        }

        err = SSL_accept(ssl);
        if (err < 0)
        {
            printf("SSL_accept failed. errstr=%s\n", SSL_state_string_long(ssl));
            return -1;
        }

        printf("SSL_connection using %s\n", SSL_get_cipher(ssl));

        X509 *client_cert = SSL_get_peer_certificate(ssl);
        if (client_cert != NULL)
        {
            printf("client cerificate:\n");
            char *str = X509_NAME_oneline(X509_get_subject_name(client_cert), 0, 0);
            if (str&&(*str))
                printf("\tsubject:%s\n", str);
            OPENSSL_free(str);

            str = X509_NAME_oneline(X509_get_issuer_name(client_cert), 0, 0);
            if(str&&(*str))
                printf("\t issuer:%s\n", str);
            OPENSSL_free(str);

            X509_free(client_cert);
        }else
            printf("Client does not have certificate.\n");
        const char *cipher_name = SSL_get_cipher_name(ssl);
        if (cipher_name && *cipher_name)
        {
            printf("SSL_get_cipher_name %s.\n", cipher_name);
            return -1;
        }

        char buf[1024];
        memset(buf, 0, 1024);
        err = SSL_read(ssl, buf, sizeof(buf)-1);
        if (err<0)
        {
            printf("SSL_read failed.\n");
            close(ssl);
            return err;
        }
        printf("get: %s\n", buf);

        SSL_free(ssl);
        close(s_handle);
    }

    SSL_CTX_free(ctx);
    return 0;
}

 

Client端

#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <linux/in.h>
#include <string.h>

#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

#define MAX_T 1000
#define CLIENTCERT "certs/sslclientcert.pem"
#define CLIENTKEY "certs/sslclientkey.pem"
#define CAFILE "certs/cacert.pem"
int verify_callback(int ok, X509_STORE_CTX *ctx)
{
    printf("verify_callback.\n");
    return ok;
}

int SSL_CTX_use_PrivateKey_file_pass(SSL_CTX *ctx, char *filename, char *pass)
{
    EVP_PKEY *pkey = NULL;
    BIO *key = NULL;

    key = BIO_new(BIO_s_file());
    BIO_read_filename(key, filename);
    pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, pass);
    if (pkey==NULL)
    {
        printf("PEM_read_bio_PrivateKey failed");
        return -1;
    }

    if (SSL_CTX_use_PrivateKey(ctx, pkey)<=0)
    {
        printf("SSL_CTX_use_PrivateKey err.\n");
        return -1;
    }

    BIO_free(key);
    return 1;
}

int main()
{
    int ret;
    SSL_load_error_strings();
    SSLeay_add_ssl_algorithms();
 
    const SSL_METHOD *meth = SSLv3_client_method();
    SSL_CTX *ctx = SSL_CTX_new(meth);
    if (!ctx)
    {
        printf("SSL_CTX_new failed.\n");
        return -1;
    }

    if (SSL_CTX_use_certificate_file(ctx, CLIENTCERT, SSL_FILETYPE_PEM)<=0)
    {
        printf("SSL_CTX_use_certificate failed.\n");
        return -1;
    }

    if (SSL_CTX_use_PrivateKey_file_pass(ctx, CLIENTKEY, NULL)<=0)
    {
      printf("SSL_CTX_use_PrivateKey_file_pass failed.\n");
        return -1;
    }

    int s_handle = socket(AF_INET, SOCK_STREAM, 0);
    if (s_handle <= 0)
    {
        printf("create socket handle failed.\n");
        return -1;
    }

    struct sockaddr_in dest_sin;
    dest_sin.sin_family = AF_INET;
    dest_sin.sin_addr.s_addr = inet_addr("192.168.44.99");
    dest_sin.sin_port = htons(1111); 
    ret = connect(s_handle, (struct sockaddr *)&dest_sin, sizeof(dest_sin));
    if (ret < 0)
    {
        printf("connect failed.\n");
        return -1;
    } 

    SSL *ssl = SSL_new(ctx);
    if (ssl==NULL)
    {
        printf("SSL_new failed.\n");
        return -1;
    }

    SSL_set_fd(ssl, s_handle);
    ret = SSL_connect(ssl);
    if (ret<0)
    {
        printf("SSL_connect failed.\n");
        return -1;
    }
    printf("SSL_ connection using %s\n", SSL_get_cipher(ssl));

    X509 * server_cert = SSL_get_peer_certificate(ssl);
    printf("Server certificate:");
    char *str = X509_NAME_oneline(X509_get_subject_name(server_cert), 0, 0);
    printf("\t subject: %s\n", str);
    OPENSSL_free(str);

    str = X509_NAME_oneline(X509_get_issuer_name(server_cert),0,0);
    printf("\tissuer:%s\n",str);
    OPENSSL_free(str);
    X509_free(server_cert);

    ret = SSL_write(ssl, "Hello World!",strlen("Hello World!"));
    if (ret<0)
    {
        printf("SSL_Write failed.\n");
        return ret;
    }

    SSL_CTX_free(ctx);
    return 0;
}

Makefile

all: ssl_server ssl_client

ssl_server:
    gcc -g ssl_server.c libssl.a libcrypto.a -o ssl_server -ldl

ssl_client:
    gcc -g ssl_client.c libssl.a libcrypto.a -o ssl_client -ldl

clean:
    rm ssl_server ssl_client

在当前目录创建certs文件夹,塞入如下证书

cacert.pem  sslclientcert.pem  sslclientkey.pem  sslservercert.pem  sslserverkey.pem 

风流网民
关注
  • 2
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
SSL通信过程分析
hpp205的专栏
10-09 4901
        SSL通信过程分析 一、SSL建立握手连接目的 1.身份的验证,client与server确认对方是它相连接的,而不是第三方冒充的,通过证书实现。 2.client与server交换session key,用于连接后数据的传输加密和hash校验。 二、简单的SSL握手连接过程 (仅Server端交换证书给client): 1.client发送ClientHell...
TLS1.2的握手过程——从代码角度
jllongbell的博客
08-19 586
TLS1.2的握手过程——从代码角度
Nginx配置SSL证书出现PEM_read_bio_PrivateKey() failed错误
最新发布
rocky的编程随记
07-12 433
key文件是从GoDaddy保存下来的txt文件,后续经过人工修改为key文件,第一时间猜测是不是内容少了“PRIVATE KEY”字样的开头。经过核对后,文件内容无误,继而猜测文件编码的问题。用vscode打开,发现是UTF-8 with Bom编码,修改成UTF-8编码后,问题解决。
SSL协议与数字证书原理
xinew的专栏
12-19 960
<br />SSL协议与数字证书原理<br />SSL 协议的握手和通讯<br />  为了便于更好的认识和理解 SSL 协议,这里着重介绍 SSL 协议的握手协议。SSL 协议既用到了公钥加密技术又用到了对称加密技术,对称加密技术虽然比公钥加密技术的速度快,可是公钥加密技术提供了更好的身份认证技术。SSL 的握手协议非常有效的让客户和服务器之间完成相互之间的身份认证,其主要过程如下: <br />① 客户端的浏览器向服务器传送客户端 SSL 协议的版本号,加密算法的种类,产生的随机数,以及其他服务器和客户
openssl 握手、加密解密过程
修行之路
03-04 2789
SSL 协议既用到了公钥加密技术又用到了对称加密技术,对称加密技术虽然比公钥加密技术的速度快,可是公钥加密技术提供了更好的身份认证技术。SSL 的握手协议非常有效的让客户和服务器之间完成相互之间的身份认证,其主要过程如下:① 客户端的浏览器向服务器传送客户端 SSL 协议的版本号,加密算法的种类,产生的随机数,以及其他服务器和客户端之间通讯所需要的各种信息。② 服务器向客户端传送 SSL 协议的版本
OpenSSL
u010230019的博客
11-07 2466
openssl
ssl PEM_read_bio:bad end line
my_live_123
07-22 1453
KEY/CSR/SSL证书匹配工具 openssl x509 -noout -modulus -in certificate.crt | openssl md5 openssl rsa -noout -modulus -in privateKey.key | openssl md5 openssl req -noout -modulus -in CSR.csr | openssl md5 执行第...
linux c openssl rsa 加解密
whatday的专栏
07-25 5943
1.PEM私钥文件格式 -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- 生成该密钥的Linux命令:OpenSSL>genrsa -out privateKey.pem 1024 读取该密钥的Linux Openssl API 函数文件读取: RSA *PEM_read_RSAPrivateKey(FILE *...
OpenSSL 3.0 Demo
09-28
之后,创建`SSL`对象,将其与socket连接关联,进行握手操作,如`SSL_do_handshake`。在数据传输过程中,`SSL_read`和`SSL_write`分别用于读取和发送加密的数据。 为了处理错误,OpenSSL提供了一系列的错误堆栈处理...
openssl握手过程
02-25
例如,`SSL_set_connect_state`和`SSL_do_handshake`等函数用于初始化和执行握手过程。OpenSSL还提供了一系列API供开发者使用,使得开发者能够灵活地控制握手过程的不同方面。 ### 五、OpenSSL与SSL协议对应关系 ...
openssl使用指南
07-12
- 解决常见的 SSL/TLS 连接错误,如“handshake failure”或“certificate verify failed”。 - 使用 `openssl s_client` 和 `openssl s_server` 输出进行问题分析。 通过深入学习这些内容,你将能够熟练地使用 ...
security_with_OpenSSL
09-19
《Secure programming with the OpenSSL API, Part 2 Secure handshake》则可能详细阐述了SSL/TLS协议的握手过程,这是建立安全连接的关键步骤。它涉及证书的交换、密钥的协商和协议版本的确认。这部分内容对于确保...
OpenSSL materials for HP OpenVMS
02-24
接着,"Secure programming with the OpenSSL API, Part 2 Secure handshake"深入到SSL/TLS协议的核心过程——安全握手。安全握手确保了客户端和服务器之间的身份验证,并协商加密算法和密钥交换机制。这部分将详细...
宝塔踩坑日记
weixin_44716496的博客
03-22 1013
前言最近迁移了服务器配置宝塔面板有一点问题非常坑正文0x01显示其他网站的内容我在这个服务器上搭建了多个网站新建一个网站打开发现是另一个网站的内容发现是没配置SSL配置好了就解决了0x02配置SSL报错开始配置SSL发现报错了报错是这样nginx: [emerg] cannot load certificate key "/www/server/panel/vhost/ce...
ubuntu使用OpenSSL生成数字证书&&常见错误修改
Code Young 的博客
11-08 2312
一、安装openssl     a)    略 二、生成ca证书     a)    创建一个证书目录,mkdir /home/liuzhigong/SSL     b)    将CA.sh拷贝到/home/ca/SSL目录,cp /usr/lib/ssl/misc/CA.sh /home/ca/SSL     c)    在home/ca/目录下执行./CA.sh -newca
PEM_read_bio_X509_AUX() failed (SSL: error:0906D06C:PEM routines:PEM_read_bio
热门推荐
poem_2010的博客
01-25 1万+
在使用nginx处理 https的时候,修改好了 nginx.conf, 使用命令 ./sbin/nginx -s reload 的时候,报出 cannot load certificate "/usr/local/nginx/conf/7175012_api.xxxxx.com.key": PEM_read_bio_X509_AUX() failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line:Expecting: T
openssl pem 生成公钥和私钥及文件
学而不思则罔
09-19 9131
原文地址:https://www.cnblogs.com/cocoajin/p/6137651.html   openssl pem.h 中提供了关于pem格式密钥对的操作接口 通常使用.pem的格式文件来保存openssl 生成的密钥对; 在终端下 cat xxx.pem 可以看到  -----BEGIN RSA PRIVATE KEY----- XXXX -----END RSA...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值