openssl中的SSL_CTX_load_verify_locations该如何用 5C

SSL_CTX_load_verify_locations要如何使用呢? 传入啥样的证书?
比如自签名的证书 客户端和服务端证书如何生成 SSL_CTX_load_verify_locations需要放啥样的证书
如何生成的

1个回答

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
其他相关推荐
openssl编程时SSL_accept返回错误SSL_ERROR_SSL可能有哪些问题,怎么解决?

我是新手,刚开始学习openssl,网上找了一段使用C++编写的代码,如下,是一段服务器端的实例代码: ``` /*所有需要的参数信息都在此处以#define的形式提供*/ #define CERTF "server.crt" /*服务端的证书(需经CA签名)*/ #define KEYF "server.key" /*服务端的私钥(建议加密存储)*/ #define CACERT "ca.crt" /*CA 的证书*/ #define PORT 1111 /*准备绑定的端口*/ #define CHK_NULL(x) if ((x)==NULL) exit (1) #define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); } #define CHK_SSL(err) if ((err)==-1) { ERR_print_errors_fp(stderr); exit(2); } int main() { int err; int listen_sd; int sd; struct sockaddr_in sa_serv; struct sockaddr_in sa_cli; int client_len; SSL_CTX* ctx; SSL* ssl; X509* client_cert; char* str; char buf[4096]; SSL_METHOD *meth; WSADATA wsaData; int reterr = 0; if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0){ printf("WSAStartup()fail:%d/n", GetLastError()); return -1; } SSL_load_error_strings(); /*为打印调试信息作准备*/ OpenSSL_add_ssl_algorithms(); /*初始化*/ //meth = TLSv1_server_method(); /*采用什么协议(SSLv2/SSLv3/TLSv1)在此指定*/ //ctx = SSL_CTX_new(meth); ctx = SSL_CTX_new(TLSv1_server_method()); CHK_NULL(ctx); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL); /*验证与否*/ reterr = SSL_CTX_load_verify_locations(ctx, CACERT, NULL); /*若验证,则放置CA证书*/ if ((reterr = SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM)) <= 0) { ERR_print_errors_fp(stderr); exit(3); } if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) { ERR_print_errors_fp(stderr); exit(4); } if (!SSL_CTX_check_private_key(ctx)) { printf("Private key does not match the certificate public key/n"); exit(5); } SSL_CTX_set_cipher_list(ctx, "RC4-MD5"); /*开始正常的TCP socket过程.................................*/ printf("Begin TCP socket.../n"); listen_sd = socket(AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket"); memset(&sa_serv, '/0', sizeof(sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons(PORT); err = bind(listen_sd, (struct sockaddr*) &sa_serv, sizeof(sa_serv)); CHK_ERR(err, "bind"); /*接受TCP链接*/ err = listen(listen_sd, 5); CHK_ERR(err, "listen"); client_len = sizeof(sa_cli); sd = accept(listen_sd, (struct sockaddr*) &sa_cli, &client_len); CHK_ERR(sd, "accept"); closesocket(listen_sd); printf("Connection from %lx, port %x/n", sa_cli.sin_addr.s_addr, sa_cli.sin_port); /*TCP连接已建立,进行服务端的SSL过程. */ printf("Begin server side SSL/n"); ssl = SSL_new(ctx); CHK_NULL(ssl); SSL_set_fd(ssl, sd); err = SSL_accept(ssl); // 到这里就返回错误,无法继续进行了返回值是-1,获取错误ma是SSL_ERROR_SSL(值为1) ``` 每次运行到SSL\_accept就返回错误无法继续下去了,获取错误码是SSL\_ERROR\_SSL(值为1)

openssl客户端连接过程:SSL_connect(ssl);返回0

目的基于openssl实现客户端远程连接 下面是部分接口代码 ``` SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); ctx = SSL_CTX_new(SSLv2_client_method()); if (ctx == NULL) { ERR_print_errors_fp(stdout); exit(1); } if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("Socket"); exit(errno); } printf("socket created\n"); memset (&dest, '\0', sizeof(dest)); dest.sin_family = AF_INET; dest.sin_port = htons(atoi(argv[2])); if (inet_aton(argv[1], (struct in_addr *) &dest.sin_addr.s_addr) == 0) { perror(argv[1]); exit(errno); } printf("address created\n"); if (connect(sockfd, (struct sockaddr *) &dest, sizeof(dest)) != 0) { perror("Connect "); exit(errno); } printf("server connected\n"); ssl = SSL_new(ctx); if(!SSL_CTX_load_verify_locations(ctx, "/root/.ssh/ca-chain.cert.pem", NULL)){ ERR_print_errors_fp(stderr); return 1; } if (SSL_CTX_use_PrivateKey_file(ctx, "/root/.ssh/client.key.pem", SSL_FILETYPE_PEM) <= 0){ SSL_CTX_free (ctx); ERR_print_errors_fp(stderr); return 1; } if(!SSL_CTX_use_certificate_file(ctx, "/root/.ssh/client.cert.pem", SSL_FILETYPE_PEM)){ fprintf (stderr, "SSL_CTX_use_certificate_file ERROR\n"); ERR_print_errors_fp(stderr); return EXIT_FAILURE; } if (!SSL_CTX_check_private_key(ctx)) { ERR_print_errors_fp(stdout); exit(1); } if(SSL_get_verify_result(ssl) != X509_V_OK){ printf("X509证书无效\n"); return false; } SSL_set_fd(ssl, sockfd); if ((t=SSL_connect(ssl)) <= 0){ //返回0 ERR_print_errors_fp(stderr); } else { printf("Connected with %s encryption\n", SSL_get_cipher(ssl)); ShowCerts(ssl); } ``` 服务端打印出的Bug: routines:REQUEST_CERTIFICATE:peer error no certificate:s2_pkt.c:681: 是不是本地证书加载未成功?求指点。。。。

OpenSSL SSL_connect:与api.amazonalexa.com相关的SSL_ERROR_SYSCALL:443

<div class="post-text" itemprop="text"> <p>I've been trying to get the Skill Management API working and this morning I've hit a new roadblock without haven't changed anything. I was getting a "User has not consented to this operation error last night" and without changing anything this morning, this is the curl log I'm getting:</p> <p>Trying to hit the API with the same code as last night and now I'm getting:</p> <pre><code>string(513) " * Hostname api.amazonalexa.com was found in DNS cache * Trying 54.239.28.187... * TCP_NODELAY set * Connected to api.amazonalexa.com (54.239.28.187) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.amazonalexa.com:443 * stopped the pause stream! * Closing connection 0 " </code></pre> <p>Here is the code I'm using:</p> <pre><code>ob_start(); $out = fopen('php://output', 'w'); // exchange the access token for list of skills $c = curl_init('https://api.amazonalexa.com/v0/skills/'); curl_setopt($c, CURLOPT_HTTPHEADER, array( 'Authorization: ' . $access_token, 'Accept: application/json', 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' )); curl_setopt($c, CURLOPT_RETURNTRANSFER, true); curl_setopt($c, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($c, CURLOPT_VERBOSE, true); curl_setopt($c, CURLOPT_STDERR, $out); curl_setopt($c, CURLOPT_POST, 1); $r = curl_exec($c); curl_close($c); fclose($out); $debug = ob_get_clean(); var_dump($r); echo "&lt;BR&gt;&lt;BR&gt;"; var_dump($debug); $d = json_decode($r); </code></pre> <p>$r in this case produces bool(false) and $d outputs NULL. I host my server on Godaddy if that makes a difference. I am still able to access Login with Amazon and retrieve an access token. So, it doesn't seem like a hosting problem.</p> </div>

openssl 双向认证的问题

最近在用openssl写毕设,要用openssl做客户端和服务端的双向认证。但现在的问题是,就算客户端设置了 SSL_CTX_set_verify(ssl_ctx,SSL_VERTIFY_FAIL_IF_NO_PEER_CERT,NULL)客户端还是不能发证书过来, 测试的时候发现问题应该不在服务端上,因为粗略的看了一下,设置这一句和没有这一句的时候同一个程序发给客户端的包大小是不一样的。 在服务端用ssl_get_peer_certificate() 是收不到证书的,但是握手却能成功,很奇怪。 (也就是说尽管设置了,SSL_VERTIFY_FAIL_IF_NO_PEER_CERT,但是不论客户端有没有加载证书都能成功握手,,SSL_VERTIFY_FAIL_IF_NO_PEER_CERT设置根本没有意义) 在网上搜了一下,这方面的内容几乎没有,在百度知道上搜索到了一个类似的问题,http://zhidao.baidu.com/question/303072079.html 提问者好像说客户端需要二级CA证书才可以,但是不知道原理是什么。 最近刚刚接触openssl,连证书生成都还不熟练。 不知道我的问题和这个二级CA证书是否有关。希望有大神能帮忙解决这个问题。。 先谢过了!

openssl:用ssl_get_peer_certification函数得到证书为空

我用阻塞模式的socket做ssl连接就能得到证书,但是用非阻塞的socket得到证书就为空。 下面是代码: void ShowCerts(SSL * ssl) //show the certification { X509 * cert; char * line; cert = SSL_get_peer_certificate(ssl); if (cert != NULL) { line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0); printf("certification: %s\n", line); free(line); line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0); printf("publisher: %s\n", line); free(line); X509_free(cert); } else { printf("no certification!\n"); } } int main(int argc, char * *argv) { if (argc != 3) { printf("parameter error1!\n"); exit(0); } int sockfd, len; struct sockaddr_in dest; //initialize ssl SSL_CTX * ctx; SSL * ssl; SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); ctx = SSL_CTX_new(SSLv23_client_method()); if (ctx == NULL) { ERR_print_errors_fp(stdout); exit(1); } //create socket if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("Socket"); exit(errno); } printf("socket created\n"); bzero( &dest, sizeof(dest)); dest.sin_family = AF_INET; dest.sin_port = htons(atoi(argv[2])); if (inet_aton(argv[1], (struct in_addr * ) &dest.sin_addr.s_addr) == 0) { perror(argv[1]); exit(errno); } printf("address created\n"); int error=-1; len = sizeof(int); struct timeval tm; fd_set set; // set non-block socket unsigned long ul = 1; ioctl(sockfd,FIONBIO,&ul); // create tcp connection bool ret =false; if (connect(sockfd, (struct sockaddr * ) &dest, sizeof(dest)) == -1) { tm.tv_sec =TIMEOUT; tm.tv_usec = 0; FD_ZERO(&set); FD_SET(sockfd,&set); if(select(sockfd+1,NULL,&set,NULL,&tm)>0) { getsockopt(sockfd,SOL_SOCKET,SO_ERROR,&error,(socklen_t *)&len); if(error==0) { ret = true; //connect successfully } else { ret = false; //connect timeout } } else { ret = false; } } else { ret = true; } if(!ret) { close(sockfd); SSL_CTX_free(ctx); printf("tcp connection timeout!\n"); exit(0); } printf("server connected\n"); ssl = SSL_new(ctx); //bind socket and ssl SSL_set_fd(ssl, sockfd); int flag; int result; int ssl_conn_ret=0; if(1!=ssl_conn_ret) { //non block ssl connection ssl_conn_ret=SSL_connect(ssl); fd_set fds; FD_ZERO(&fds); FD_SET(sockfd, &fds); int ssl_get_error_value = SSL_get_error(ssl,ssl_conn_ret); printf("ssl_get_error_value is %d\n",ssl_get_error_value); switch (ssl_get_error_value) { case SSL_ERROR_WANT_READ: result=select(sockfd + 1, &fds, NULL, NULL, &tm); if(0==result) { flag=0; } else if(-1==result) { flag=0; } else { flag=1; //connect successfully } break; case SSL_ERROR_WANT_WRITE: result=select(sockfd + 1, NULL, &fds, NULL, &tm); if(0==result) { flag=0; } else if(-1==result) { flag=0; //conncet failed } else { flag=1; } break; default: flag=0; break; } } if(0==flag) { printf("connection error!\n"); } if(1==ssl_conn_ret||1==flag) { ShowCerts(ssl); } ul = 0; ioctl(sockfd, FIONBIO, &ul); SSL_shutdown(ssl); SSL_free(ssl); close(sockfd); SSL_CTX_free(ctx); return 0; }

关于openssl的问题 ssl_connect

做客户端程序, https请求。 使用openssl 调用 SSL_connect 函数 这个函数里面好像死循环了一样 一直不返回 会是什么问题 服务器确定是开的,希望大侠指正

卷曲错误:OpenSSL SSL_read:SSL_ERROR_SYSCALL,错误54

<div class="post-text" itemprop="text"> <p>I keep getting this error, i am running OS X, PHP71, Apache 2.4, OpenSSL</p> <p>php -i | grep "SSL Version" returns SSL Version =&gt; OpenSSL/1.0.2k</p> <p>PHP and CURL have been installed like this: </p> <pre><code>$ brew install --with-openssl curl $ brew install --with-homebrew-curl --with-httpd24 php71 </code></pre> </div>

如何在支持openssl的情况下在CentOS6.7上编译PHP7.0.1?

<div class="post-text" itemprop="text"> <p>I am trying to compile <strong>PHP7.0.1</strong> on <strong>CentOS 6.7</strong> with openssl support but I am getting an error. I have narrowed the issue to openssl because I can compile php fine when I remove "--with-openssl" and "--with-openssl-dir" from the configure command below.</p> <p>I thought it might be a problem with the version of openssl so I upgraded it to <strong>openssl-1.0.2e</strong>. I know this worked because when I issue "/usr/bin/openssl version" I get "OpenSSL 1.0.2e 3 Dec 2015". This also confirms the path to this version of openssl.</p> <p>Here is my full configure command:</p> <pre><code>./configure --prefix=/usr/lib/php701 \ --with-apxs2=/usr/local/apacheALL2412/bin/apxs \ --sysconfdir=/usr/lib/php701/phpini \ --localstatedir=/var \ --datadir=/usr/share/php \ --mandir=/usr/share/man \ --enable-fpm \ --with-fpm-user=apache2412 \ --with-fpm-group=apache2412 \ --with-config-file-path=/usr/lib/php701/phpini \ --with-zlib \ --enable-bcmath \ --with-bz2 \ --enable-calendar \ --enable-dba=shared \ --with-gdbm \ --with-gmp \ --enable-ftp \ --with-gettext \ --enable-mbstring \ --with-libxml-dir=/usr/lib/php701/xml2 \ --enable-xml \ --with-curl=/opt/curlssl/ \ --with-mysql \ --with-mysql-sock=/var/lib/mysql/mysql.sock \ --with-mysqli \ --enable-mysqlnd \ --with-openssl=/usr \ --with-openssl-dir=/usr/bin \ --with-pdo-mysql \ --with-readline &amp;&amp; \ make </code></pre> <p>I have tried different values of "--with-openssl" and "--with-openssl-dir" but I still get the error below.</p> <p>Here is the error:</p> <pre><code>ext/openssl/.libs/xp_ssl.o: In function `php_openssl_setup_crypto': /Timstmp/PHP701-Source/php-7.0.1/ext/openssl/xp_ssl.c:1599: undefined reference to `SSL_CTX_set_alpn_protos' /Timstmp/PHP701-Source/php-7.0.1/ext/openssl/xp_ssl.c:1604: undefined reference to `SSL_CTX_set_alpn_select_cb' ext/openssl/.libs/xp_ssl.o: In function `php_openssl_sockop_set_option': /Timstmp/PHP701-Source/php-7.0.1/ext/openssl/xp_ssl.c:2305: undefined reference to `SSL_get0_alpn_selected' collect2: ld returned 1 exit status make: *** [sapi/cli/php] Error 1 </code></pre> </div>

hexo d部署报错fatal: unable to access... OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443. Error: Spawn failed

![图片说明](https://img-ask.csdn.net/upload/201911/05/1572956033_106060.png) 问题在弄网页写latex时就出现过,以为是找了个错误教程导致,今天重新把之前的被封复制粘贴过来还是报错,不懂问题出在哪,网上找了一些方法,或者是与自己不同,或者尝试了没用。求大佬出手相救,感激不尽。

聚合‘HMAC_CTX tx’类型不完全,无法被定义

linux环境下(安装了openssl库),我用openssl去解析,hash和MD5,MD5可以解析,但是HMAC_CTX限制不识别。我同时调用了 和,就大神帮忙解决

openssl_pkey_get_public返回false,但密钥确实存在

<div class="post-text" itemprop="text"> <p>I'm using a library that uses openssl_pkey_get_public, but it's returning false. It seems that openssl is enabled, and the key exists. Below are the few lines from the library I'm using, btw which I am debugging but cannot modify as it is not my code base:</p> <pre><code>protected function decrypt($encryptedData) { $publicKey = openssl_pkey_get_public($this-&gt;publicKey-&gt;getKeyPath()); $publicKeyDetails = @openssl_pkey_get_details($publicKey); if ($publicKeyDetails === null) { throw new \LogicException( sprintf('Could not get details of public key: %s', $this-&gt;publicKey-&gt;getKeyPath()) ); } . . . </code></pre> <p>I have the inserted the following debug code:</p> <pre><code>$keyPath = $this-&gt;publicKey-&gt;getKeyPath(); // returns file:///var/www/sso/website/storage/id_rsa.pub var_dump(file_exists($keyPath)); // outputs true var_dump(openssl_pkey_get_public($keyPath)); // returns false </code></pre> <p>Below shows the contents of $keyPath:</p> <pre><code>echo file_get_content($keyPath); ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChY1gtF0Oeku62+4HCisIswcDu9fjZV7fImTlqQej/UsmsJH7jz5EF/ZXCWTKV/bgOwzV2oeHomukITqiR14D01W3mVcpTBAp5AP4JN25am57xdc6Nxd8Lo/NsCKKqQ4/uBmpYBVZm8Ye/hu3ixM6y/xbCGnw/ca4z0DKDa94z1XrRc6FrV1mXx5lItQEo/v8wVKX9NJVAANYZ/jJEk7jGTB9WkSTNR5l/tNBBF3MFuBigjSuaxUsnKT2IwOV5g2ewN4TzXARi2/BI7rweNsUFCWRbkUa7VJc3XOVZbS50TzUpAIqHI9Q8enBs95A1JvSTDvlT3efEHrM2T7KP7QOz ubuntu@ubuntu-xenial </code></pre> <p>I had previously created the keys with the following command:</p> <pre><code>ssh-keygen -f storage/id_rsa -t rsa -N '' </code></pre> <p>Some additional info if it help:</p> <pre><code>$ php -i | grep openssl openssl Openssl default config =&gt; /usr/lib/ssl/openssl.cnf openssl.cafile =&gt; no value =&gt; no value openssl.capath =&gt; no value =&gt; no value $ php -m | grep openssl openssl </code></pre> <p>Is there any reason why this might be happening?</p> </div>

使用openssl_public_encrypt加密的数据每次都不同?

<div class="post-text" itemprop="text"> <p>why is the content of $encrypted every time different? </p> <pre><code>// aquire public key from server $server_public_key = openssl_pkey_get_public(file_get_contents("C:\publickey.pem")); // rsa encrypt openssl_public_encrypt("123", $encrypted, $server_public_key); </code></pre> <hr> <p>also I have tried this one</p> <pre><code>$publicKey = "file://C:/publickey.pem"; $privateKey = "file://C:/privatekey.pem"; $plaintext = "String to encrypt"; openssl_public_encrypt($plaintext, $encrypted, $publicKey); $transfer = base64_encode($encrypted); openssl_private_decrypt($encrypted, $decrypted, $privateKey); echo $transfer; //encrypted string </code></pre> <p>and $transfer is everytime a different string:...</p> <p>Z1xyMUquARxcGjqjjSHNAm41CnHI02GXxLyFivvta8YhDkhRJdD4i3kx+8GElljdiSY/NMF9UD3ritWMLGmscdq/QyIf+geYxJFePNd1dNWg+V6zbAKRLaEpsU+aB87jiM/GjytLEkI63dku02BS0ZBgz9UZw/FDNaynV5bTTDM=</p> <p>mRgLPsPtMoV9la7zzuU+cLzS5xMDp7QUmH6Iv4Sv4/FNjt62zcv9ZMWkfG3uVhS8Z1UDtGl+met1CYjBTcfjHCR6hahbwOkTCICXtkRQcc371vURW04XhQzMNgIIbvN5BBdmIyYI6alrS2vKUq7b3T0h8sJf36zh5CynYzyDCFU=</p> <p>G5FhMoJGiUwEBvEOeZpDDrEXdxbWX5iaJ6F+VdYJ3CURPRMftskZNlDhat8gA5V0G+3nXVQZptkHjxMkOqPlmwJHjgIqAiFppHLpEKohyT9qNwkAR00Y6PiWrNUJPiEIZqXHAb8TS0AA0Quhc0UAwcc+I8NGOD59k8BrZE6Z5Ew=</p> </div>

如何修复PHP中的openssl_private_decrypt()错误?

<div class="post-text" itemprop="text"> <p>I need finish this part of school project.</p> <p><strong>Create openssl public and private key</strong></p> <pre><code>function openssl($text){ # privaten Schlüssel erzeugen $res=openssl_pkey_new(); # privaten Schlüssel zu String openssl_pkey_export($res, $privatekey); # öffentlichen Schlüssel $publickey=openssl_pkey_get_details($res); $publickey=$publickey["key"]; openssl_public_encrypt($text, $crypttext, $publickey); $filenameCrypttext = "crypttext.txt"; $filenamePrivatekeyText = "privatekey.txt"; $files = [$filenameCrypttext, $filenamePrivatekeyText]; createFile($crypttext, $filenameCrypttext); createFile($privatekey,$filenamePrivatekeyText); downloadZip($files); } function createFile($crypttext, $filename){ file_put_contents($filename, $crypttext.PHP_EOL , FILE_APPEND | LOCK_EX); } function downloadZip($files){ $zipname = "packet.zip"; $zip = new ZipArchive; $zip-&gt;open($zipname, ZipArchive::CREATE); foreach ($files as $file){ $zip-&gt;addFile($file); } $zip-&gt;close(); foreach ($files as $file) { unlink($file); } header("Location: download.php?filename=$zipname"); } </code></pre> <p>I download my 2 files <em>crypttext.txt</em> and <em>privatekey.txt</em> as zip. Later I want to upload them.</p> <p><a href="https://pastebin.com/LAvGLdFf" rel="nofollow noreferrer"><strong>Encrypted</strong></a></p> <p><a href="https://pastebin.com/0awFyxQx" rel="nofollow noreferrer"><strong>Privatekey</strong></a></p> <p><strong>And the following code is my decryption function</strong></p> <pre><code>&lt;div class="container"&gt; &lt;br&gt; &lt;form action="&lt;?php echo $_SERVER['PHP_SELF']; ?&gt;" method="post"&gt; &lt;label&gt;Encrypted Text&lt;/label&gt; &lt;textarea name="encrypted_text" placeholder="Text einfügen" class="form-control" rows="3"&gt;&lt;/textarea&gt; &lt;label&gt;Private Key &lt;/label&gt; &lt;textarea name="private_key" placeholder="Text einfügen" class="form-control" rows="3"&gt;&lt;/textarea&gt; &lt;br&gt; &lt;button type="submit" class="btn btn-primary"&gt;Hochladen&lt;/button&gt; &lt;/form&gt; &lt;?php if(isset($_POST['encrypted_text'], $_POST['private_key'])){ echo 'isset'; $encrypted = $_POST['encrypted_text']; $privatekey = $_POST['private_key']; $res = openssl_get_privatekey($privatekey); openssl_private_decrypt($encrypted, $decrypted, $res); echo '&lt;br&gt;'; echo $decrypted; echo '&lt;br&gt;'; } ?&gt; </code></pre> <p></p> <p>I dont get a result. Where is my misstake?</p> </div>

nginx多个server配置,ssl_protocols不生效的问题

服务器上安装了一个nginx,server的配置如下: ``` server { listen 443 ssl; server_name 域名1; ssl_protocols SSLv3 SSLv2 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; } server { listen 443 ssl; server_name 域名2; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers on; } ``` 问题描述: 同一个nginx下配置不同域名监听443端口,每个域名有不同的TLS协议和加密方式;但是去服务器上通过命令openssl s_client -connect 域名2:443 -tls1查看,域名2配置的ssl_protocols和ssl_ciphers没有生效,依旧按照域名1的走;我又尝试改域名1的ssl_protocols和ssl_ciphers,结果会影响域名2;请问哪位大佬知道这是为啥?

安装 tengine异常,求解

请教大神!!! 安装tengine-2.2.0 异常 src/event/ngx_event_openssl.c: In function ‘ngx_ssl_init’: src/event/ngx_event_openssl.c:112:5: error: ‘OPENSSL_config’ is deprecated [-Werror=deprecated-declarations] OPENSSL_config(NULL); ^ In file included from /usr/local/include/openssl/ct.h:13:0, from /usr/local/include/openssl/ssl.h:61, from src/event/ngx_event_openssl.h:15, from src/core/ngx_core.h:85, from src/event/ngx_event_openssl.c:9: /usr/local/include/openssl/conf.h:92:1: note: declared here DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name)) ^ src/event/ngx_event_openssl.c: In function ‘ngx_ssl_rsa512_key_callback’: src/event/ngx_event_openssl.c:753:9: error: ‘RSA_generate_key’ is deprecated [-Werror=deprecated-declarations] key = RSA_generate_key(512, RSA_F4, NULL, NULL); ^ In file included from /usr/local/include/openssl/rsa.h:13:0, from /usr/local/include/openssl/x509.h:31, from /usr/local/include/openssl/ssl.h:50, from src/event/ngx_event_openssl.h:15, from src/core/ngx_core.h:85, from src/event/ngx_event_openssl.c:9: /usr/local/include/openssl/rsa.h:193:1: note: declared here DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void ^ src/event/ngx_event_openssl.c: In function ‘ngx_ssl_dhparam’: src/event/ngx_event_openssl.c:943:11: error: dereferencing pointer to incomplete type ‘DH {aka struct dh_st}’ dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL); ^ src/event/ngx_event_openssl.c: In function ‘ngx_ssl_handshake’: src/event/ngx_event_openssl.c:1166:31: error: dereferencing pointer to incomplete type ‘SSL {aka struct ssl_st}’ if (c->ssl->connection->s3) { ^ src/event/ngx_event_openssl.c: In function ‘ngx_ssl_connection_error’: src/event/ngx_event_openssl.c:1928:21: error: ‘SSL_R_NO_CIPHERS_PASSED’ undeclared (first use in this function) || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ ^ src/event/ngx_event_openssl.c:1928:21: note: each undeclared identifier is reported only once for each function it appears in src/event/ngx_event_openssl.c: In function ‘ngx_ssl_session_cache’: src/event/ngx_event_openssl.c:2122:43: error: passing argument 2 of ‘SSL_CTX_sess_set_get_cb’ from incompatible pointer type [-Werror=incompatible-pointer-types] SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session); ^ In file included from src/event/ngx_event_openssl.h:15:0, from src/core/ngx_core.h:85, from src/event/ngx_event_openssl.c:9: /usr/local/include/openssl/ssl.h:637:6: note: expected ‘SSL_SESSION * (*)(struct ssl_st *, const unsigned char *, int, int *) {aka struct ssl_session_st * (*)(struct ssl_st *, const unsigned char *, int, int *)}’ but argument is of type ‘SSL_SESSION * (*)(SSL *, u_char *, int, int *) {aka struct ssl_session_st * (*)(struct ssl_st *, unsigned char *, int, int *)}’ void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, ^ src/event/ngx_event_openssl.c: In function ‘ngx_ssl_session_id_context’: src/event/ngx_event_openssl.c:2144:27: error: storage size of ‘md’ isn’t known EVP_MD_CTX md; ^ src/event/ngx_event_openssl.c:2210:5: error: implicit declaration of function ‘EVP_MD_CTX_cleanup’ [-Werror=implicit-function-declaration] EVP_MD_CTX_cleanup(&md); ^ src/event/ngx_event_openssl.c: In function ‘ngx_ssl_session_ticket_key_callback’: src/event/ngx_event_openssl.c:2872:9: error: ‘RAND_pseudo_bytes’ is deprecated [-Werror=deprecated-declarations] RAND_pseudo_bytes(iv, 16); ^ In file included from /usr/local/include/openssl/engine.h:19:0, from src/event/ngx_event_openssl.h:22, from src/core/ngx_core.h:85, from src/event/ngx_event_openssl.c:9: /usr/local/include/openssl/rand.h:47:1: note: declared here DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num)) ^ cc1: all warnings being treated as errors objs/Makefile:827: recipe for target 'objs/src/event/ngx_event_openssl.o' failed make[1]: *** [objs/src/event/ngx_event_openssl.o] Error 1 make[1]: Leaving directory '/home/hvm/桌面/Lib/tengine-tengine-2.2.0' Makefile:15: recipe for target 'install' failed make: *** [install] Error 2

openssl_public_encrypt和JSON

<div class="post-text" itemprop="text"> <p>Let's say we need to store in a crypted way some confidential data into a db. And say that we need them into <code>json</code> format as will be more suitable for data reconstruction.</p> <p>There's something that I miss that is driving me crazy.</p> <p>Take that json for instance</p> <pre><code>$json = {"customer":{"customer_address":"Fake address 123","customer_city":"Fake City","customer_company":"","customer_countrycode":"it","customer_email":"","customer_telephone":"+39.347.xxxxxxx","customer_zip":"yyyyy"},"currency_code":"EUR","commision_amount":"84"} </code></pre> <p>now I want to crypt this <code>json</code> and I do the following</p> <pre><code>$pubKey = openssl_pkey_get_public($puk); openssl_public_encrypt($json, $json_crypted, $pubKey); </code></pre> <p>if I <code>echo $json_crypted</code> it doesn't show anything, but if I remove some field (like <code>customer_company</code>, that is empty) all seems to work. I've tried to find something into documentation about this strange behaviour but I can't find anything.</p> <p>Is someone aware of the reason behind that result?</p> <h2>Edit</h2> <p>Even if I remove other field (not an empty one) all seems to work. I'm speechless because it has to be a silly thing that I can't understand</p> </div>

openssl_private_decrypt()返回false

openssl_private_decrypt()函数一直返回false

使用php解密ssl加密的pcap文件

<div class="post-text" itemprop="text"> <p>I have to build a rest api, which can receive an ssl encrypted pcap file and the ssl key for it from an android device in a multipart/formdata post. The php should decrypt and store the file. I'm trying to use openssl for it like this:</p> <pre><code>$method = "AES-128-CBC"; $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length($method)); $decrypted = openssl_decrypt(file_get_contents($encryptedFile), $method, file_get_contents($sslKeyFile), OPENSSL_RAW_DATA, $iv); if ($decrypted === false) { while ($msg = openssl_error_string()) echo $msg . "&lt;br /&gt; "; exit; } </code></pre> <p>Testing with the snakeoil packet from <a href="https://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys" rel="nofollow noreferrer">https://wiki.wireshark.org/SampleCaptures#SSL_with_decryption_keys</a> , i'm getting errors like below: </p> <pre><code>error:0607A082:digital envelope routines:EVP_CIPHER_CTX_set_key_length:invalid key length error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length </code></pre> <p>Can somebody advice what am i doing wrong, or how to do this properly?</p> </div>

如何使用PHP实现OpenSSL的SSL_Write()

<div class="post-text" itemprop="text"> <p>I am trying to connect to a server using PHP script. The server is set by SSLv3, I think maybe I need use <code>SSL_Write()</code> to process the message which will send to the server. But I do not find the related function in PHP. So, I wonder which function should I use.</p> </div>

在中国程序员是青春饭吗?

今年,我也32了 ,为了不给大家误导,咨询了猎头、圈内好友,以及年过35岁的几位老程序员……舍了老脸去揭人家伤疤……希望能给大家以帮助,记得帮我点赞哦。 目录: 你以为的人生 一次又一次的伤害 猎头界的真相 如何应对互联网行业的「中年危机」 一、你以为的人生 刚入行时,拿着傲人的工资,想着好好干,以为我们的人生是这样的: 等真到了那一天,你会发现,你的人生很可能是这样的: ...

程序员请照顾好自己,周末病魔差点一套带走我。

程序员在一个周末的时间,得了重病,差点当场去世,还好及时挽救回来了。

和黑客斗争的 6 天!

互联网公司工作,很难避免不和黑客们打交道,我呆过的两家互联网公司,几乎每月每天每分钟都有黑客在公司网站上扫描。有的是寻找 Sql 注入的缺口,有的是寻找线上服务器可能存在的漏洞,大部分都...

点沙成金:英特尔芯片制造全过程揭密

“亚马逊丛林里的蝴蝶扇动几下翅膀就可能引起两周后美国德州的一次飓风……” 这句人人皆知的话最初用来描述非线性系统中微小参数的变化所引起的系统极大变化。 而在更长的时间尺度内,我们所生活的这个世界就是这样一个异常复杂的非线性系统…… 水泥、穹顶、透视——关于时间与技艺的蝴蝶效应 公元前3000年,古埃及人将尼罗河中挖出的泥浆与纳特龙盐湖中的矿物盐混合,再掺入煅烧石灰石制成的石灰,由此得来了人...

上班一个月,后悔当初着急入职的选择了

最近有个老铁,告诉我说,上班一个月,后悔当初着急入职现在公司了。他之前在美图做手机研发,今年美图那边今年也有一波组织优化调整,他是其中一个,在协商离职后,当时捉急找工作上班,因为有房贷供着,不能没有收入来源。所以匆忙选了一家公司,实际上是一个大型外包公司,主要派遣给其他手机厂商做外包项目。**当时承诺待遇还不错,所以就立马入职去上班了。但是后面入职后,发现薪酬待遇这块并不是HR所说那样,那个HR自...

女程序员,为什么比男程序员少???

昨天看到一档综艺节目,讨论了两个话题:(1)中国学生的数学成绩,平均下来看,会比国外好?为什么?(2)男生的数学成绩,平均下来看,会比女生好?为什么?同时,我又联想到了一个技术圈经常讨...

副业收入是我做程序媛的3倍,工作外的B面人生是怎样的?

提到“程序员”,多数人脑海里首先想到的大约是:为人木讷、薪水超高、工作枯燥…… 然而,当离开工作岗位,撕去层层标签,脱下“程序员”这身外套,有的人生动又有趣,马上展现出了完全不同的A/B面人生! 不论是简单的爱好,还是正经的副业,他们都干得同样出色。偶尔,还能和程序员的特质结合,产生奇妙的“化学反应”。 @Charlotte:平日素颜示人,周末美妆博主 大家都以为程序媛也个个不修边幅,但我们也许...

如果你是老板,你会不会踢了这样的员工?

有个好朋友ZS,是技术总监,昨天问我:“有一个老下属,跟了我很多年,做事勤勤恳恳,主动性也很好。但随着公司的发展,他的进步速度,跟不上团队的步伐了,有点...

我入职阿里后,才知道原来简历这么写

私下里,有不少读者问我:“二哥,如何才能写出一份专业的技术简历呢?我总感觉自己写的简历太烂了,所以投了无数份,都石沉大海了。”说实话,我自己好多年没有写过简历了,但我认识的一个同行,他在阿里,给我说了一些他当年写简历的方法论,我感觉太牛逼了,实在是忍不住,就分享了出来,希望能够帮助到你。 01、简历的本质 作为简历的撰写者,你必须要搞清楚一点,简历的本质是什么,它就是为了来销售你的价值主张的。往深...

外包程序员的幸福生活

今天给你们讲述一个外包程序员的幸福生活。男主是Z哥,不是在外包公司上班的那种,是一名自由职业者,接外包项目自己干。接下来讲的都是真人真事。 先给大家介绍一下男主,Z哥,老程序员,是我十多年前的老同事,技术大牛,当过CTO,也创过业。因为我俩都爱好喝酒、踢球,再加上住的距离不算远,所以一直也断断续续的联系着,我对Z哥的状况也有大概了解。 Z哥几年前创业失败,后来他开始干起了外包,利用自己的技术能...

C++11:一些微小的变化(新的数据类型、template表达式内的空格、nullptr、std::nullptr_t)

本文介绍一些C++的两个新特性,它们虽然微小,但对你的编程十分重要 一、Template表达式内的空格 C++11标准之前建议在“在两个template表达式的闭符之间放一个空格”的要求已经过时了 例如: vector&lt;list&lt;int&gt; &gt;; //C++11之前 vector&lt;list&lt;int&gt;&gt;; //C++11 二、nullptr ...

优雅的替换if-else语句

场景 日常开发,if-else语句写的不少吧??当逻辑分支非常多的时候,if-else套了一层又一层,虽然业务功能倒是实现了,但是看起来是真的很不优雅,尤其是对于我这种有强迫症的程序"猿",看到这么多if-else,脑袋瓜子就嗡嗡的,总想着解锁新姿势:干掉过多的if-else!!!本文将介绍三板斧手段: 优先判断条件,条件不满足的,逻辑及时中断返回; 采用策略模式+工厂模式; 结合注解,锦...

深入剖析Springboot启动原理的底层源码,再也不怕面试官问了!

大家现在应该都对Springboot很熟悉,但是你对他的启动原理了解吗?

离职半年了,老东家又发 offer,回不回?

有小伙伴问松哥这个问题,他在上海某公司,在离职了几个月后,前公司的领导联系到他,希望他能够返聘回去,他很纠结要不要回去? 俗话说好马不吃回头草,但是这个小伙伴既然感到纠结了,我觉得至少说明了两个问题:1.曾经的公司还不错;2.现在的日子也不是很如意。否则应该就不会纠结了。 老实说,松哥之前也有过类似的经历,今天就来和小伙伴们聊聊回头草到底吃不吃。 首先一个基本观点,就是离职了也没必要和老东家弄的苦...

为什么你不想学习?只想玩?人是如何一步一步废掉的

不知道是不是只有我这样子,还是你们也有过类似的经历。 上学的时候总有很多光辉历史,学年名列前茅,或者单科目大佬,但是虽然慢慢地长大了,你开始懈怠了,开始废掉了。。。 什么?你说不知道具体的情况是怎么样的? 我来告诉你: 你常常潜意识里或者心理觉得,自己真正的生活或者奋斗还没有开始。总是幻想着自己还拥有大把时间,还有无限的可能,自己还能逆风翻盘,只不是自己还没开始罢了,自己以后肯定会变得特别厉害...

为什么程序员做外包会被瞧不起?

二哥,有个事想询问下您的意见,您觉得应届生值得去外包吗?公司虽然挺大的,中xx,但待遇感觉挺低,马上要报到,挺纠结的。

当HR压你价,说你只值7K,你该怎么回答?

当HR压你价,说你只值7K时,你可以流畅地回答,记住,是流畅,不能犹豫。 礼貌地说:“7K是吗?了解了。嗯~其实我对贵司的面试官印象很好。只不过,现在我的手头上已经有一份11K的offer。来面试,主要也是自己对贵司挺有兴趣的,所以过来看看……”(未完) 这段话主要是陪HR互诈的同时,从公司兴趣,公司职员印象上,都给予对方正面的肯定,既能提升HR的好感度,又能让谈判气氛融洽,为后面的发挥留足空间。...

面试:第十六章:Java中级开发(16k)

HashMap底层实现原理,红黑树,B+树,B树的结构原理 Spring的AOP和IOC是什么?它们常见的使用场景有哪些?Spring事务,事务的属性,传播行为,数据库隔离级别 Spring和SpringMVC,MyBatis以及SpringBoot的注解分别有哪些?SpringMVC的工作原理,SpringBoot框架的优点,MyBatis框架的优点 SpringCould组件有哪些,他们...

面试阿里p7,被按在地上摩擦,鬼知道我经历了什么?

面试阿里p7被问到的问题(当时我只知道第一个):@Conditional是做什么的?@Conditional多个条件是什么逻辑关系?条件判断在什么时候执...

面试了一个 31 岁程序员,让我有所触动,30岁以上的程序员该何去何从?

最近面试了一个31岁8年经验的程序猿,让我有点感慨,大龄程序猿该何去何从。

【阿里P6面经】二本,curd两年,疯狂复习,拿下阿里offer

二本的读者,在老东家不断学习,最后逆袭

大三实习生,字节跳动面经分享,已拿Offer

说实话,自己的算法,我一个不会,太难了吧

程序员垃圾简历长什么样?

已经连续五年参加大厂校招、社招的技术面试工作,简历看的不下于万份 这篇文章会用实例告诉你,什么是差的程序员简历! 疫情快要结束了,各个公司也都开始春招了,作为即将红遍大江南北的新晋UP主,那当然要为小伙伴们做点事(手动狗头)。 就在公众号里公开征简历,义务帮大家看,并一一点评。《启舰:春招在即,义务帮大家看看简历吧》 一石激起千层浪,三天收到两百多封简历。 花光了两个星期的所有空闲时...

《经典算法案例》01-08:如何使用质数设计扫雷(Minesweeper)游戏

我们都玩过Windows操作系统中的经典游戏扫雷(Minesweeper),如果把质数当作一颗雷,那么,表格中红色的数字哪些是雷(质数)?您能找出多少个呢?文中用列表的方式罗列了10000以内的自然数、质数(素数),6的倍数等,方便大家观察质数的分布规律及特性,以便对算法求解有指导意义。另外,判断质数是初学算法,理解算法重要性的一个非常好的案例。

《Oracle Java SE编程自学与面试指南》最佳学习路线图(2020最新版)

正确选择比瞎努力更重要!

面试官:你连SSO都不懂,就别来面试了

大厂竟然要考我SSO,卧槽。

微软为一人收购一公司?破解索尼程序、写黑客小说,看他彪悍的程序人生!...

作者 | 伍杏玲出品 | CSDN(ID:CSDNnews)格子衬衫、常掉发、双肩包、修电脑、加班多……这些似乎成了大众给程序员的固定标签。近几年流行的“跨界风”开始刷新人们对程序员的...

终于,月薪过5万了!

来看几个问题想不想月薪超过5万?想不想进入公司架构组?想不想成为项目组的负责人?想不想成为spring的高手,超越99%的对手?那么本文内容是你必须要掌握的。本文主要详解bean的生命...

我说我懂多线程,面试官立马给我发了offer

不小心拿了几个offer,有点烦

自从喜欢上了B站这12个UP主,我越来越觉得自己是个废柴了!

不怕告诉你,我自从喜欢上了这12个UP主,哔哩哔哩成为了我手机上最耗电的软件,几乎每天都会看,可是吧,看的越多,我就越觉得自己是个废柴,唉,老天不公啊,不信你看看…… 间接性踌躇满志,持续性混吃等死,都是因为你们……但是,自己的学习力在慢慢变强,这是不容忽视的,推荐给你们! 都说B站是个宝,可是有人不会挖啊,没事,今天咱挖好的送你一箩筐,首先啊,我在B站上最喜欢看这个家伙的视频了,为啥 ,咱撇...

立即提问
相关内容推荐