我尝试使用twisted.protocols.tls一个使用内存BIO的OpenSSL接口来实现一个可以通过TLS运行TLS的协议.
我实现此作为协议封装器的是大多看起来像一个普通的TCP传输,但其具有startTLS与stopTLS用于添加和去除分别TLS的层的方法.这适用于第一层TLS.如果我在"原生"Twisted TLS传输上运行它也可以正常工作.但是,如果我尝试使用startTLS此包装器提供的方法添加第二个TLS层,则会立即出现握手错误,并且连接最终会处于某种未知的不可用状态.
包装器和让它工作的两个帮助器看起来像这样:
from twisted.python.components import proxyForInterface
from twisted.internet.error import ConnectionDone
from twisted.internet.interfaces import ITCPTransport, IProtocol
from twisted.protocols.tls import TLSMemoryBIOFactory, TLSMemoryBIOProtocol
from twisted.protocols.policies import ProtocolWrapper, WrappingFactory
class TransportWithoutDisconnection(proxyForInterface(ITCPTransport)):
"""
A proxy for a normal transport that disables actually closing the connection.
This is necessary so that when TLSMemoryBIOProtocol notices the SSL EOF it
doesn't actually close the underlying connection.
All methods except loseConnection are proxied directly to the real transport.
""" …我有一个.key文件,它是PEM格式的私钥文件.我没有制作这个文件,但我从某个地方得到了这个.
我希望看到它的MD5哈希与openssl工具,如下面的命令.
openssl rsa -in server.key -modulus -noout
但这会产生以下错误.
unable to load Private Key
13440:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:648:Expecting: ANY PRIVATE KEY
这是.key文件的一些asn1parse.
openssl asn1parse -in server.key
0:d=0 hl=4 l= 603 cons: SEQUENCE
4:d=1 hl=2 l= 1 prim: INTEGER :00
7:d=1 hl=3 l= 129 prim: INTEGER :C141201603899993919CBAA56985E9C7
C6A2AF713A02F5FE88D38CEFBED9304599689280B84B0AB577A9719CA20DDA1246A894AF397A2C57
EE5A582B036CC367E3667454DCD82DBDBF187C35FE39F61C71B517DDDF576F5471B4EC2E045E0F9D
619F5616C4E832F00CBD0DBF41B4BA3CBC4B4B603AE1FE61965917DA732E0DEF
139:d=1 hl=2 l= 3 prim: INTEGER :010001
144:d=1 hl=3 l= 128 prim: INTEGER :1687B9AE67562CEDEBDD7A531B84CDB7
093CE138519B93C34B7F626076FF0A262B16EA71904ACB6251A39307C04ADE202055BA13DD9F1539
6123EE408183361A9BC08B9413FA360EA928E48CC3F52B33ACF2980758F02BA2139F652F30A257C2
2E45D7C25835FC4D22B9ECECC12AB632318D4F47E1EBDAD9781B96BCFF03A2D1
...
还有什么我可以尝试的吗?
openssl s_client -connect some.https.server:443 -showcerts
当您想要检查服务器的证书及其证书链时,这是一个很好的命令.
当您在HTTP/HTTPS代理后面时,有没有办法运行此命令?
我正在编写一小段代码,用于读取存储在.pem文件中的公钥和私钥.我使用以下命令来生成密钥.
下面的命令生成一对密钥.
$openssl genrsa -out mykey.pem 2048
此命令用于生成私钥
$openssl pkcs8 -topk8 -inform PEM -outform PEM -in mykey.pem \
-out private_key.pem -nocrypt
和此命令获取公钥.
$ openssl rsa -in mykey.pem -pubout -outform DER -out public_key.der
我写了两个分别读取私钥和公钥的方法.
public PrivateKey getPemPrivateKey(String filename, String algorithm) throws Exception {
File f = new File(filename);
FileInputStream fis = new FileInputStream(f);
DataInputStream dis = new DataInputStream(fis);
byte[] keyBytes = new byte[(int) f.length()];
dis.readFully(keyBytes);
dis.close();
String temp = new String(keyBytes);
String privKeyPEM = temp.replace("-----BEGIN PRIVATE KEY-----\n", "");
privKeyPEM = privKeyPEM.replace("-----END …我试图在iOS 6教程:第1/2部分中运行Apple推送通知服务中的Ray Wenderlich教程.
我在本地目录中创建了AppID和SSL证书以及密钥和PEM文件.之后,我到了测试证书是否有效的步骤,我从这个本地目录调用了以下命令:
$ openssl s_client -connect gateway.sandbox.push.apple.com:2195
-cert PushChatCert.pem -key PushChatKey.pem
这产生了很多输出.在输出的中间是以下内容:
verify error:num=20:unable to get local issuer certificate
verify return:0
这是一个错误,还是一个错误的测试?如果是错误,原因是什么或者您建议解决什么?
这是完整的输出(减去证书数据):
Enter pass phrase for PushChatKey.pem:
CONNECTED(00000003)
depth=1 /C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Cupertino/O=Apple Inc./OU=iTMS Engineering/CN=gateway.sandbox.push.apple.com
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
1 s:/C=US/O=Entrust, …我正在运行Windows Vista并尝试通过https连接以多部分形式上传文件,但我在使用本地颁发者证书时遇到了一些问题.我只是想弄清楚为什么它现在不起作用,并在此之后再回到我的cURL代码.我正在运行命令:
openssl s_client -connect connect_to_site.com:443
它给了我VeriSign公司的数字证书,但也发出错误:
Verify return code: 20 (unable to get local issuer certificate)
什么是本地发行人证书?这是我自己电脑的证书吗?有没有解决的办法?我试过使用-CAfile mozilla.pem文件,但仍然给我同样的错误.
我在Ubuntu 12.10上使用OpenSSL 1.0.1c,python 2.7.3,请求 1.0.3和1.0.4(尝试过两者),并尝试使用以下代码连接到url变量中的网站.
def SendInitialRequest(xmlmessage, redirecturl):
url = 'https://centineltest.cardinalcommerce.com/maps/txns.asp'
payload = 'cmpi_msg=' + ET.tostring(xmlmessage)
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
}
r = requests.post(url, data=payload, headers=headers, verify=None)
print r.text
它会引发以下错误:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "clams/libs/centinel/thinclient.py", line 134, in SendInitialRequest
r = requests.post(url, data=payload, headers=headers, verify=None)
File "/home/jasonamyers/.virtualenv/clams/lib/python2.7/site-packages/requests/api.py", line 87, in post
return request('post', url, data=data, **kwargs)
File "/home/jasonamyers/.virtualenv/clams/lib/python2.7/site-packages/requests/api.py", line 44, in request
return session.request(method=method, url=url, **kwargs)
File "/home/jasonamyers/.virtualenv/clams/lib/python2.7/site-packages/requests/sessions.py", line 269, …使用pip安装python包时遇到HTTPSHandler错误,以下是堆栈跟踪,
--------desktop:~$ pip install Django==1.3
Traceback (most recent call last):
File "/home/env/.genv/bin/pip", line 9, in <module>
load_entry_point('pip==1.4.1', 'console_scripts', 'pip')()
File "/home/env/.genv/lib/python2.7/site-packages/pkg_resources.py", line 378, in load_entry_point
return get_distribution(dist).load_entry_point(group, name)
File "/home/env/.genv/lib/python2.7/site-packages/pkg_resources.py", line 2566, in load_entry_point
return ep.load()
File "/home/env/.genv/lib/python2.7/site-packages/pkg_resources.py", line 2260, in load
entry = __import__(self.module_name, globals(),globals(), ['__name__'])
File "/home/env/.genv/lib/python2.7/site-packages/pip/__init__.py", line 10, in <module>
from pip.util import get_installed_distributions, get_prog
File "/home/env/.genv/lib/python2.7/site-packages/pip/util.py", line 17, in <module>
from pip.vendor.distlib import version
File "/home/env/.genv/lib/python2.7/site-packages/pip/vendor/distlib/version.py", line 13, in <module>
from .compat import string_types
File "/home/env/.genv/lib/python2.7/site-packages/pip/vendor/distlib/compat.py", …如何在CentOS 6.5中升级OpenSSL?
我使用过这些命令,但没有发生:
cd /usr/src
wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz
tar -zxf openssl-1.0.1g.tar.gz
cd openssl-1.0.1g
./config
make
make test
make install
cd /usr/src
rm -rf openssl-1.0.1g.tar.gz
rm -rf openssl-1.0.1g
使用此命令后,我得到旧版本
openssl version
我正在使用OpenSSL(而不是makecert)生成自签名SSL证书,以便在IIS中使用.
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '//CN=myhost'
(双斜杠是正确的.没有它,上面的命令不起作用.)
openssl pkcs12 -export -out key.pfx -inkey key.pem -in cert.pem -name 'myhost'
第一个命令运行成功完成.然而第二次陷入困境
将"屏幕"加载到随机状态 -
我正在使用Git for Windows(2.6.3)附带的OpenSSL(1.0.2d).有人遇到同样的问题吗?
澄清:问题如何在openssl中修复"无法写入'随机状态'"描述了与写入.rnd文件有关的问题.这里的问题似乎是产生随机状态.(仅在第二个命令中.)