急急急,QT 官方自带SSL/TLS当用ip地址的时候认证不成功 5C
 Client(const QHostAddress& host = QHostAddress::LocalHost,
           const quint16 port = 1883,
           QObject* parent = NULL);

#ifndef QT_NO_SSL
    Client(const QString& hostName,
           const quint16 port,
           const QSslConfiguration& config,
           const bool ignoreSelfSigned=false,
           QObject* parent = NULL);
#endif // QT_NO_SSL
这个是官网自带的MQTT,可以好清楚看到,当使用SSL认证的时候,是用QString& hostName,如果不用SSL认证就是用const QHostAddress& host;
QSslConfiguration sslConfig = QSslConfiguration::defaultConfiguration();
// Add custom SSL options here (for example extra certificates)
QMQTT::Client *client = new QMQTT::Client("example.com", 8883, sslConfig);


qq_25958023 额,答非所问呀
5 个月之前 回复
Csdn user default icon
如何禁用SSL / TLS压缩[关闭]

<div class="post-text" itemprop="text"> <p>For "SSL/TLS CRIME attack" problem, I need to disable the SSL/TLS compression option in my apache server. Tell your comments.</p> </div>

偶发"基础连接已经关闭: 未能为SSL/TLS 安全通道建立信任关系"错误

如题,我的网站在请求微信公众平台接口时,有时候回出现"基础连接已经关闭: 未能为SSL/TLS 安全通道建立信任关系"这种错误,已经在Global.aspx中添加了"System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;"问题是这是偶发的,这是为什么呢,有没有什么解决思路以及可以参考的文档,谢谢大家的帮助!

请求https网站 提示:请求被中止: 未能创建 SSL/TLS 安全通道。



压缩包里有客户端源码和服务器端源码,支持TCP的双向认证,也支持WEBSOCKET的双向认证,内附测试 wss的测试例子, 需要生成PKCS12的证书,导入浏览器才可以测试。你这个服务端是用什么语言写的呢

从PHP发送电子邮件时使用SSL / TLS

<div class="post-text" itemprop="text"> <p>I am very new to email servers and sending email with PHP...</p> <p>Is it possible to have email sent from a PHP script on my server encrypted using SSL or TLS before it is sent to the recipient's mail server?</p> <p>I need to ensure only the intended recipient can read the email, in case the transmission is intercepted on its journey to their mail server.</p> <p>I am not sure if this is possible, as the recipient's mail server would not know the public key right? So how could it decrypt the email?</p> <p>As background, I am not actually hosting email accounts for anyone - so it is not a case of the users authenticating with my server and downloading emails for them hosted there. I just have a script triggering an alert email to be sent from "notifications@danbaylis.com" (which is not a real email address on the server so you can't reply to it) to the user's real email address (which my application knows). I need a way to make sure this email is securely sent from PHP on my server, to the recipients mail server.</p> <p>I have looked at the mail() function in PHP, as well as the PHPMailer class - but I am not sure how I would configure either of these methods to securely send the email.</p> <p>All my research just shows how to install SSL in on my server so users can securely download email stored on my server - which is not what I am trying to do here.</p> <p>I am running Centos5.7 which I believe has a mail server installed, though I am not sure if PHP actually uses that by default..</p> <p>Thanks for any help!</p> </div>

fopen()用于FTP显式SSL / TLS

<div class="post-text" itemprop="text"> <p>How can I use <code>fopen("ftp://$user:$pass@$domain/test.php", "wb");</code> for FTP Explicit SSL/TLS ?</p> <p>Something like <code>fopen("ftpes://$user:$pass@$domain/test.php", "wb");</code>.</p> <p><code>ftpes://</code> is not listed in <a href="http://php.net/manual/en/wrappers.php" rel="nofollow">Supported Protocols and Wrappers</a></p> <p>From Filezilla Client, I can confirm that ftpes://$domain is right and even the user credentials are correct.</p> <p>Basically I want to write the contents directly through <code>fwrite()</code>, the same code works for ftp and ftps but not ftpes.</p> <p>Let me know if any more information is required.</p> </div>

Websockets服务器的SSL / TLS-Go lang

<div class="post-text" itemprop="text"> <p>I am using collider (<a href="https://github.com/webrtc/apprtc/tree/master/src/collider" rel="nofollow noreferrer">https://github.com/webrtc/apprtc/tree/master/src/collider</a> -a websockets server in go) and I am trying to add SSL/TLS support. For which I generated self-signed certificates:</p> <pre><code>openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 Enter PEM pass phrase: Verifying - Enter PEM pass phrase: Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:CA Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]:testwebsite.com Organizational Unit Name (eg, section) []:Engineering Common Name (e.g. server FQDN or YOUR name) []:www.testwebsite.com Email Address []:testwebsite@gmail.com </code></pre> <p>When I run the collider, I see this error:</p> <pre><code>2017/06/05 21:25:50 Error Run: crypto/tls: failed to parse private key </code></pre> <p>When I generate using (based on <a href="http://www.kaihag.com/https-and-go/" rel="nofollow noreferrer">http://www.kaihag.com/https-and-go/</a>):</p> <pre><code>openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem </code></pre> <p>I get this error:</p> <pre><code>2017/06/05 22:11:31 http: TLS handshake error from &lt;some-ip&gt;:1082: remote error: unknown certificate </code></pre> <p>How to fix this? </p> <p><strong>Note:</strong> collider uses golang.org/x/net/websocket</p> </div>

供应标准库(crypto / tls)

<div class="post-text" itemprop="text"> <p>I want to make some changes to the Go crypto/tls standard library.</p> <p>Is making a copy of crypto/tls in the vendor folder a good way to do this?</p> <p>It almost works, it seems the vendored is copy used when I compile the application (Caddy webserver). Apart from one error I get:</p> <blockquote> <p>go/src/github.com/user/caddy/caddytls/httphandler.go:40: cannot use "vendor/crypto/tls".Config literal (type *"vendor/crypto/tls".Config) as type *"crypto/tls".Config in field value</p> </blockquote> <p>Is there a way of casting to get around this one error? Doesn't sound like good practice to me though.</p> <p>I would have thought that the vendored copy would always be used, but it seems something is still using the standard crypto/tls library? (I think "net/http" is. Do I have to vendor this too?)</p> </div>


Mon Feb 24 15:22:09 2020 TLS: Initial packet from [AF_INET], sid=412dcd80 f5ddfb47 Mon Feb 24 15:22:09 2020 TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive. Mon Feb 24 15:22:09 2020 OpenSSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Mon Feb 24 15:22:09 2020 TLS_ERROR: BIO read tls_read_plaintext error Mon Feb 24 15:22:09 2020 TLS Error: TLS object -> incoming plaintext read error Mon Feb 24 15:22:09 2020 TLS Error: TLS handshake failed Mon Feb 24 15:22:09 2020 SIGUSR1[soft,tls-error] received, client-instance restarting Mon Feb 24 15:23:10 2020 TLS: Initial packet from [AF_INET], sid=6bd5599e afa06e6e Mon Feb 24 15:23:13 2020 TLS error: The server has no TLS ciphersuites in common with the client. Your --tls-cipher setting might be too restrictive. Mon Feb 24 15:23:13 2020 OpenSSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher Mon Feb 24 15:23:13 2020 TLS_ERROR: BIO read tls_read_plaintext error Mon Feb 24 15:23:13 2020 TLS Error: TLS object -> incoming plaintext read error Mon Feb 24 15:23:13 2020 TLS Error: TLS handshake failed Mon Feb 24 15:23:13 2020 SIGUSR1[soft,tls-error] received, client-instance restarting

HTTP基本身份验证与SSL / TLS(HTTPS)结合使用将用于验证用户身份

<div class="post-text" itemprop="text"> <p>i need to send json request (RESTful) to a URL where the server authority send me the username &amp; password and ask me to send the request to the server using <strong>"HTTP Basic Authentication combined with SSL/TLS (HTTPS) will be used to authenticate user"</strong>.</p> <p>when i send the request to that link using cURL then i get the error. "<strong>Error: call to URL failed with status 0, curl_error SSL certificate problem: self signed certificate, curl_errno 60</strong>"</p> <p>My Web server version is: IIS7, PHP Version: 5.3.27.</p> <p>Now, what is the process to complete the task. please help.</p> </div>

Golang Web服务器在crypto / tls处泄漏内存(* block).reserve

<div class="post-text" itemprop="text"> <p>I've got a web server written in Go.</p> <pre><code>tlsConfig := &amp;tls.Config{ PreferServerCipherSuites: true, MinVersion: tls.VersionTLS12, CurvePreferences: []tls.CurveID{ tls.CurveP256, tls.X25519, }, CipherSuites: []uint16{ tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, }, } s := &amp;http.Server{ ReadTimeout: 5 * time.Second, WriteTimeout: 10 * time.Second, IdleTimeout: 120 * time.Second, Handler: r, // where r is my router TLSConfig: tlsConfig, } // redirect http to https redirect := &amp;http.Server{ ReadTimeout: 5 * time.Second, WriteTimeout: 10 * time.Second, IdleTimeout: 120 * time.Second, Handler: http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Connection", "close") url := "https://" + r.Host + r.URL.String() http.Redirect(w, r, url, http.StatusMovedPermanently) }), } go func() { log.Fatal(redirect.ListenAndServe()) }() log.Fatal(s.ListenAndServeTLS(certFile, keyFile)) </code></pre> <p>Here is a screenshot from my Digital Ocean dashboard.</p> <p><a href="https://i.stack.imgur.com/ZbZpX.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/ZbZpX.png" alt="enter image description here"></a></p> <p>As you can see memory keeps growing and growing. So I started looking at <a href="https://github.com/google/pprof" rel="nofollow noreferrer">https://github.com/google/pprof</a>. Here is the output of <code>top5</code>.</p> <pre><code>Type: inuse_space Time: Nov 7, 2018 at 10:31am (CET) Entering interactive mode (type "help" for commands, "o" for options) (pprof) top5 Showing nodes accounting for 289.50MB, 79.70% of 363.24MB total Dropped 90 nodes (cum &lt;= 1.82MB) Showing top 5 nodes out of 88 flat flat% sum% cum cum% 238.98MB 65.79% 65.79% 238.98MB 65.79% crypto/tls.(*block).reserve 20.02MB 5.51% 71.30% 20.02MB 5.51% crypto/tls.Server 11.50MB 3.17% 74.47% 11.50MB 3.17% crypto/aes.newCipher 10.50MB 2.89% 77.36% 10.50MB 2.89% crypto/aes.(*aesCipherGCM).NewGCM </code></pre> <p>The SVG shows the same huge amount of memory allocated by crypto/tls.(*block).reserve.</p> <p><a href="https://i.stack.imgur.com/FxbfZ.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/FxbfZ.png" alt="enter image description here"></a></p> <p>Here is the exact code.</p> <p><a href="https://i.stack.imgur.com/59VOT.png" rel="nofollow noreferrer"><img src="https://i.stack.imgur.com/59VOT.png" alt="enter image description here"></a></p> <p>I spent the last days reading every article, document, blog post, source code, help file I could find. However nothing helps. The code is running on a Ubuntu 17.10 x64 machine using Go 1.11 inside a Docker container.</p> <p>It looks like the server doesn't close the connections to the client. I thought setting all the <code>xyzTimeout</code> would help but it didn't.</p> <p>Any ideas?</p> <p>Edit 12/20/2018:</p> <p>fixed now <a href="https://github.com/golang/go/issues/28654#issuecomment-448477056" rel="nofollow noreferrer">https://github.com/golang/go/issues/28654#issuecomment-448477056</a></p> </div>

Ruby的grpc(v1.3.2)gem SSL / TLS连接问题,完全在golang中构建的grpc服务器

<div class="post-text" itemprop="text"> <p>Recently, I was trying to use rubygem grpc version 1.3.2 as a clinet and connect to a grpc server which is built from golang. I went through the documentation at <a href="http://grpc.io/docs/guides/auth.html" rel="nofollow noreferrer">GRPC.IO</a> and used it in my code as it.</p> <pre><code> irb(main):017:0&gt; GRPC::Core::Credentials.new(File.read(CA_FILE_PATH)) NameError: uninitialized constant GRPC::Core::Credentials from (irb):17 from /usr/local/share/gems/gems/railties-4.2.1/lib/rails/commands/console.rb:110:in `start' from /usr/local/share/gems/gems/railties-4.2.1/lib/rails/commands/console.rb:9:in `start' from /usr/local/share/gems/gems/railties-4.2.1/lib/rails/commands/commands_tasks.rb:68:in `console' from /usr/local/share/gems/gems/railties-4.2.1/lib/rails/commands/commands_tasks.rb:39:in `run_command!' from /usr/local/share/gems/gems/railties-4.2.1/lib/rails/commands.rb:17:in `&lt;top (required)&gt;' from bin/rails:4:in `require' from bin/rails:4:in `&lt;main&gt;' </code></pre> <p>However their documentation specifically says,</p> <pre><code>creds = GRPC::Core::Credentials.new(load_certs) # load_certs typically loads a CA roots file stub = Helloworld::Greeter::Stub.new('myservice.example.com', creds) </code></pre> <p>Then I came across <strong>ChannelCredentials</strong> and the <em>creds</em> is supposed to be either <strong>ChannelCredentials</strong> object or a symbol(e.g. <em>:this_channel_is_insecure</em>). Hence, I gave it a try as well.</p> <p>I've taken the following function from the grpc gem's source code itself. This function was called in rspec test cases for loading the certs:</p> <pre><code>def load_certs data_dir = "#{Rails.root}/certs" files = ['ca.pem', 'server.key', 'server.pem'] files.map { |f| File.open(File.join(data_dir, f)).read } end </code></pre> <p>Then I gave it a try with,</p> <pre><code>channel_creds = GRPC::Core::ChannelCredentials.new(load_certs) stub = Helloworld::Greeter::Stub.new('myservice.example.com', channel_creds) </code></pre> <p>But the above failed with</p> <pre><code>E0619 09:59:10.410575570 14208 ssl_transport_security.c:601] Could not load any root certificate. E0619 09:59:10.410604954 14208 ssl_transport_security.c:1315] Cannot load server root certificates. E0619 09:59:10.410622519 14208 security_connector.c:837] Handshaker factory creation failed with TSI_INVALID_ARGUMENT. </code></pre> <p>I also tried:</p> <pre><code>channel_creds = GRPC::Core::ChannelCredentials.new(File.read(CA_FILE_PATH)) stub = Helloworld::Greeter::Stub.new('myservice.example.com', creds) </code></pre> <p>But all I got was error from the logs or rpc server:</p> <pre><code>2017/06/16 10:52:34 transport: http2Server.HandleStreams failed to receive the preface from client: EOF 2017/06/16 10:53:35 transport: http2Server.HandleStreams failed to receive the preface from client: EOF 2017/06/16 10:53:59 transport: http2Server.HandleStreams failed to receive the preface from client: EOF 2017/06/16 10:55:06 transport: http2Server.HandleStreams failed to receive the preface from client: EOF </code></pre> <p>Has anyone successfully tried this Ruby client Golang server combination with SSL/TLS enabled?</p> </div>


<div class="post-text" itemprop="text"> <p>This following reduced test case code works when run locally on my laptop using my own 'developer' certs for accessing internal services</p> <p>If I run on a remote machine with dynamically generated certs (all of which is handled by a separate team in my organisation) it fails with a 400 and "No required SSL certificate was sent" error</p> <p>But if I use curl on the remote machine, and specify the same certs as referenced in my Go code, it will work</p> <p>So seems the certs aren't the issue but the Go code, but that itself doesn't seem to be the issue as it works with my own certs locally</p> <pre><code>package main import ( "crypto/tls" "crypto/x509" "fmt" "io/ioutil" "net/http" "os" "time" ) func main() { transport, transErr := configureTLS() if transErr != nil { fmt.Printf("trans error: %s", transErr.Error()) return } timeout := time.Duration(1 * time.Second) client := http.Client{ Transport: transport, Timeout: timeout, } resp, clientErr := client.Get("https://my-service-with-nginx/") if clientErr != nil { fmt.Printf("client error: %s", clientErr.Error()) } else { defer resp.Body.Close() contents, contErr := ioutil.ReadAll(resp.Body) if contErr != nil { fmt.Printf("contents error: %s", contErr.Error()) } fmt.Printf(" contents: %+v", string(contents)) } } func configureTLS() (*http.Transport, error) { certPath := "/path/to/client.crt" keyPath := "/path/to/client.key" caPath := "/path/to/ca.crt" // Load client cert cert, err := tls.LoadX509KeyPair(certPath, keyPath) if err != nil { return nil, err } // Load CA cert caCert, err := ioutil.ReadFile(caPath) if err != nil { return nil, err } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(caCert) // Setup HTTPS client tlsConfig := &amp;tls.Config{ Certificates: []tls.Certificate{cert}, RootCAs: caCertPool, InsecureSkipVerify: true, } tlsConfig.BuildNameToCertificate() return &amp;http.Transport{TLSClientConfig: tlsConfig}, nil } </code></pre> <p>Does anyone know why this would be happening? </p> <p>I thought it might be the renegotiation bug that Go has (as of 1.6) but I don't think that's the case here as otherwise it would fail for me when running the app locally (but it doesn't, using my own dev certs and running locally works fine - the problem only occurs when run on a remote instance with different certs; and those certs aren't the problem as they work fine when used by <code>curl</code>)</p> </div>

我应该在JSON API中的哪里添加TLS / SSL?

<div class="post-text" itemprop="text"> <p>So I have a droplet on DigitalOcean, the front-end is a Backbone.js app, and our back-end is a JSON API written in Go. Nginx is in-between proxying requests from port 80 to our front-end JavaScript app's port.</p> <p>My question, where in this stack does SSL/TLS go? I've seen tutorials that suggest we configure only Nginx to handle SSL/TLS calls (like this one: <a href="https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04" rel="nofollow">https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04</a>) , and I've seen tutorials using Go's <code>ListenAndServeTLS</code> that suggest this is done within the server code (like this one: <a href="https://www.kaihag.com/https-and-go/" rel="nofollow">https://www.kaihag.com/https-and-go/</a>).</p> <p>A follow-up question, let's say that it ends up that only Nginx needs to be configured for SSL/TLS, wouldn't the incoming requests be encrypted using SSL, and the responses from the Go server be unencrypted? This leads me to believe that both Nginx and the Go server need to be configured for SSL/TLS integration. </p> <p>Which one is it? Nginx? The Go server? Both?</p> <p>Thanks everyone</p> </div>


<div class="post-text" itemprop="text"> <p>I configured RabbitMQ connection using follow link: <a href="https://github.com/streadway/amqp/blob/master/examples_test.go" rel="nofollow noreferrer">https://github.com/streadway/amqp/blob/master/examples_test.go</a></p> <p>Certificate I created according to the instructions here: <a href="https://www.rabbitmq.com/ssl.html#enabling-tls-paths" rel="nofollow noreferrer">https://www.rabbitmq.com/ssl.html#enabling-tls-paths</a></p> <p>I use RabbitMQ 3.7.0 installed in docker. After the call amqp.DialTLS I receive "Bad certificate" error on the server side (in the docker logs).</p> <p>I suppose that the problem is that certificate should contain the server name and if so, which server name should I set in the certificate if RabbitMQ is installed inside docker?</p> <p>Besides, any other ideas?</p> </div>

chrome 45 服务器的瞬时 Diffie-Hellman 公共密钥过弱

更新到最新的chrome 45 ,结果访问 公司的 https 就出现服务器的瞬时 Diffie-Hellman 公共密钥过弱 ![图片说明](https://img-ask.csdn.net/upload/201509/07/1441595809_964002.png) 以前 firefox 39.0 也出现过这个问题, 那时候给Firefox 安装一个 disable-DHE插件就行了, 我想问下 有没有类似的解决方法, 或者 这个问题该怎么解决, 重新添加 https 安全协议?


<div class="post-text" itemprop="text"> <p>When I try install to composer on my system, it always gives me this error </p> <pre><code> The "https://getcomposer.org/versions" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed Failed to enable crypto failed to open stream: operation failed </code></pre> <p>I used the php -r 'print_r(openssl_get_cert_locations());' command to see the php default cert locations and the result is below: </p> <pre><code> Array ( [default_cert_file] =&gt; C:\usr\local\ssl/cert.pem [default_cert_file_env] =&gt; SSL_CERT_FILE [default_cert_dir] =&gt; C:\usr\local\ssl/certs [default_cert_dir_env] =&gt; SSL_CERT_DIR [default_private_dir] =&gt; C:\usr\local\ssl/private [default_default_cert_area] =&gt; C:\usr\local\ssl [ini_cafile] =&gt; C:\xampp\apache\cert.pem [ini_capath] =&gt; ) </code></pre> <p>C:\usr\local\ssl/cert.pem does not exist so I then downloaded an ssl cert from <a href="http://curl.haxx.se/ca/cacert.pem" rel="nofollow noreferrer">http://curl.haxx.se/ca/cacert.pem</a> and manually created the C:\usr\local\ssl/cert.pem but still no success. I really need a solution as I'm out of options or is there a way I can bypass the ssl cert validation. </p> </div>

Go的crypto / tls是否已准备好用于生产环境? [关闭]

<div class="post-text" itemprop="text"> <p>There was previously a comment regarding the crypto/tls library in Go not being ready for production which has been quoted in many places but I have not seen any real updates on this issue.</p> <p><a href="http://grokbase.com/p/gg/golang-nuts/139sqq5hw5/go-nuts-re-go-is-production-ready-but-the-crypto-tls-package-isnt" rel="nofollow">http://grokbase.com/p/gg/golang-nuts/139sqq5hw5/go-nuts-re-go-is-production-ready-but-the-crypto-tls-package-isnt</a></p> <p>What is the status today? Since the comment was made both v1.2 and v1.3 of the language has been released. Has the library matured? Is it considered production ready?</p> </div>

python ssl客户端认证

server端 ``` # coding:utf-8 from __future__ import absolute_import, division, print_function, with_statement import socket, ssl import os import tornado.tcpserver from tornado.ioloop import IOLoop import tornado.gen ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("/keys/server.crt", "/keys/server.key") ssl_ctx.load_verify_locations("keys/ca.crt") ssl_ctx.verify_mode = ssl.CERT_REQUIRED class A(tornado.tcpserver.TCPServer): def handle_stream(self, stream, address): self.run(stream) @tornado.gen.coroutine def run(self, stream): body = yield stream.read_bytes(111110, partial=True) print(body) def main(): server = A(ssl_options=ssl_ctx) server.listen(6030, '') io_loop = IOLoop.current() io_loop.add_callback(main) io_loop.start() ``` client端 ``` # coding:utf-8 import socket, ssl, pprint import os s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) ssl_ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ssl_ctx.load_cert_chain("keys/server.crt","keys/server.key") ssl_sock = ssl_ctx.wrap_socket(s) ssl_sock.connect(('localhost', 6030)) print repr(ssl_sock.getpeername()) print ssl_sock.cipher() print pprint.pformat(ssl_sock.getpeercert()) ssl_sock.write("boo!") ``` 运行后 服务器端报错 [SSL: NO_CERTIFICATE_RETURNED] no certificate returned (_ssl.c:590) 客户端也报错 [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:590) 我想做的是ssl双向认证


大学四年,看课本是不可能一直看课本的了,对于学习,特别是自学,善于搜索网上的一些资源来辅助,还是非常有必要的,下面我就把这几年私藏的各种资源,网站贡献出来给你们。主要有:电子书搜索、实用工具、在线视频学习网站、非视频学习网站、软件下载、面试/求职必备网站。 注意:文中提到的所有资源,文末我都给你整理好了,你们只管拿去,如果觉得不错,转发、分享就是最大的支持了。 一、电子书搜索 对于大部分程序员...


今年,我也32了 ,为了不给大家误导,咨询了猎头、圈内好友,以及年过35岁的几位老程序员……舍了老脸去揭人家伤疤……希望能给大家以帮助,记得帮我点赞哦。 目录: 你以为的人生 一次又一次的伤害 猎头界的真相 如何应对互联网行业的「中年危机」 一、你以为的人生 刚入行时,拿着傲人的工资,想着好好干,以为我们的人生是这样的: 等真到了那一天,你会发现,你的人生很可能是这样的: ...




ArrayList源码分析 前言: 写这篇博客的主要原因是,在我上一次参加千牵科技Java实习生面试时,有被面试官问到ArrayList为什么查找的速度较快,插入和删除的速度较慢?当时我回答得不好,很大的一部分原因是因为我没有阅读过ArrayList源码,虽然最后收到Offer了,但我拒绝了,打算寒假学得再深入些再广泛些,下学期开学后再去投递其他更好的公司。为了更加深入理解ArrayList,也为



String s = new String(" a ") 到底产生几个对象?

老生常谈的一个梗,到2020了还在争论,你们一天天的,哎哎哎,我不是针对你一个,我是说在座的各位都是人才! 上图红色的这3个箭头,对于通过new产生一个字符串(”宜春”)时,会先去常量池中查找是否已经有了”宜春”对象,如果没有则在常量池中创建一个此字符串对象,然后堆中再创建一个常量池中此”宜春”对象的拷贝对象。 也就是说准确答案是产生了一个或两个对象,如果常量池中原来没有 ”宜春” ,就是两个。...

技术大佬:我去,你写的 switch 语句也太老土了吧

昨天早上通过远程的方式 review 了两名新来同事的代码,大部分代码都写得很漂亮,严谨的同时注释也很到位,这令我非常满意。但当我看到他们当中有一个人写的 switch 语句时,还是忍不住破口大骂:“我擦,小王,你丫写的 switch 语句也太老土了吧!” 来看看小王写的代码吧,看完不要骂我装逼啊。 private static String createPlayer(PlayerTypes p...

和黑客斗争的 6 天!

互联网公司工作,很难避免不和黑客们打交道,我呆过的两家互联网公司,几乎每月每天每分钟都有黑客在公司网站上扫描。有的是寻找 Sql 注入的缺口,有的是寻找线上服务器可能存在的漏洞,大部分都...


loonggg读完需要3分钟速读仅需 1 分钟大家好,我是你们的校长。我之前讲过,这年头,只要肯动脑,肯行动,程序员凭借自己的技术,赚钱的方式还是有很多种的。仅仅靠在公司出卖自己的劳动时...






提到“程序员”,多数人脑海里首先想到的大约是:为人木讷、薪水超高、工作枯燥…… 然而,当离开工作岗位,撕去层层标签,脱下“程序员”这身外套,有的人生动又有趣,马上展现出了完全不同的A/B面人生! 不论是简单的爱好,还是正经的副业,他们都干得同样出色。偶尔,还能和程序员的特质结合,产生奇妙的“化学反应”。 @Charlotte:平日素颜示人,周末美妆博主 大家都以为程序媛也个个不修边幅,但我们也许...






私下里,有不少读者问我:“二哥,如何才能写出一份专业的技术简历呢?我总感觉自己写的简历太烂了,所以投了无数份,都石沉大海了。”说实话,我自己好多年没有写过简历了,但我认识的一个同行,他在阿里,给我说了一些他当年写简历的方法论,我感觉太牛逼了,实在是忍不住,就分享了出来,希望能够帮助到你。 01、简历的本质 作为简历的撰写者,你必须要搞清楚一点,简历的本质是什么,它就是为了来销售你的价值主张的。往深...


最近接手了一个springboot项目,不是不熟悉这个框架,启动时打印的信息吸引了我。 这不是我熟悉的常用springboot的打印信息啊,我打开自己的项目: 还真是的,不用默认的感觉也挺高大上的。一时兴起,就去研究了一下源代码,还正是有些收获,稍后我会总结一下。正常情况下做为一个老程序员,是不会对这种小儿科感兴趣的,不就是一个控制台打印嘛。哈哈! 于是出于最初的好奇,研究了项目的源代码。看到


即将毕业的应届毕业生一枚,现在只拿到了两家offer,但最近听到一些消息,其中一个offer,我这个组据说客户很少,很有可能整组被裁掉。 想问大家: 如果我刚入职这个组就被裁了怎么办呢? 大家都是什么时候知道自己要被裁了的? 面试软技能指导: BQ/Project/Resume 试听内容: 除了刷题,还有哪些技能是拿到offer不可或缺的要素 如何提升面试软实力:简历, 行为面试,沟通能...

离职半年了,老东家又发 offer,回不回?

有小伙伴问松哥这个问题,他在上海某公司,在离职了几个月后,前公司的领导联系到他,希望他能够返聘回去,他很纠结要不要回去? 俗话说好马不吃回头草,但是这个小伙伴既然感到纠结了,我觉得至少说明了两个问题:1.曾经的公司还不错;2.现在的日子也不是很如意。否则应该就不会纠结了。 老实说,松哥之前也有过类似的经历,今天就来和小伙伴们聊聊回头草到底吃不吃。 首先一个基本观点,就是离职了也没必要和老东家弄的苦...






当HR压你价,说你只值7K时,你可以流畅地回答,记住,是流畅,不能犹豫。 礼貌地说:“7K是吗?了解了。嗯~其实我对贵司的面试官印象很好。只不过,现在我的手头上已经有一份11K的offer。来面试,主要也是自己对贵司挺有兴趣的,所以过来看看……”(未完) 这段话主要是陪HR互诈的同时,从公司兴趣,公司职员印象上,都给予对方正面的肯定,既能提升HR的好感度,又能让谈判气氛融洽,为后面的发挥留足空间。...


HashMap底层实现原理,红黑树,B+树,B树的结构原理 Spring的AOP和IOC是什么?它们常见的使用场景有哪些?Spring事务,事务的属性,传播行为,数据库隔离级别 Spring和SpringMVC,MyBatis以及SpringBoot的注解分别有哪些?SpringMVC的工作原理,SpringBoot框架的优点,MyBatis框架的优点 SpringCould组件有哪些,他们...





你打算用Java 8一辈子都不打算升级到Java 14,真香



编程语言层出不穷,从最初的机器语言到如今2500种以上的高级语言,程序员们大呼“学到头秃”。程序员一边面临编程语言不断推陈出新,一边面临由于许多代码已存在,程序员编写新应用程序时存在重复“搬砖”的现象。 无代码/低代码编程应运而生。无代码/低代码是一种创建应用的方法,它可以让开发者使用最少的编码知识来快速开发应用程序。开发者通过图形界面中,可视化建模来组装和配置应用程序。这样一来,开发者直...

面试了一个 31 岁程序员,让我有所触动,30岁以上的程序员该何去何从?





已经连续五年参加大厂校招、社招的技术面试工作,简历看的不下于万份 这篇文章会用实例告诉你,什么是差的程序员简历! 疫情快要结束了,各个公司也都开始春招了,作为即将红遍大江南北的新晋UP主,那当然要为小伙伴们做点事(手动狗头)。 就在公众号里公开征简历,义务帮大家看,并一一点评。《启舰:春招在即,义务帮大家看看简历吧》 一石激起千层浪,三天收到两百多封简历。 花光了两个星期的所有空闲时...