Bundle of old SSLeay documentation files [OBSOLETE!]
*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***
OBSOLETE means that nothing in this document should be trusted. This
document is provided mostly for historical purposes (it wasn't even up
to date at the time SSLeay 0.8.1 was released) and as inspiration. If
you copy some snippet of code from this document, please _check_ that
it really is correct from all points of view. For example, you can
check with the other documents in this directory tree, or by comparing
with relevant parts of the include files.
People have done the mistake of trusting what's written here. Please
don't do that.
*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***
==== readme ========================================================
This is the old 0.6.6 docuementation. Most of the cipher stuff is still
relevent but I'm working (very slowly) on new documentation.
The current version can be found online at
http://www.cryptsoft.com/ssleay/doc
==== API.doc ========================================================
SSL - SSLv2/v3/v23 etc.
BIO - methods and how they plug together
MEM - memory allocation callback
CRYPTO - locking for threads
EVP - Ciphers/Digests/signatures
RSA - methods
X509 - certificate retrieval
X509 - validation
X509 - X509v3 extensions
Objects - adding object identifiers
ASN.1 - parsing
PEM - parsing
==== ssl/readme =====================================================
22 Jun 1996
This file belongs in ../apps, but I'll leave it here because it deals
with SSL :-) It is rather dated but it gives you an idea of how
things work.
===
17 Jul 1995
I have been changing things quite a bit and have not fully updated
this file, so take what you read with a grain of salt
eric
===
The s_client and s_server programs can be used to test SSL capable
IP/port addresses and the verification of the X509 certificates in use
by these services. I strongly advise having a look at the code to get
an idea of how to use the authentication under SSLeay. Any feedback
on changes and improvements would be greatly accepted.
This file will probably be gibberish unless you have read
rfc1421, rfc1422, rfc1423 and rfc1424 which describe PEM
authentication.
A Brief outline (and examples) how to use them to do so.
NOTE:
The environment variable SSL_CIPER is used to specify the prefered
cipher to use, play around with setting it's value to combinations of
RC4-MD5, EXP-RC4-MD5, CBC-DES-MD5, CBC3-DES-MD5, CFB-DES-NULL
in a : separated list.
This directory contains 3 X509 certificates which can be used by these programs.
client.pem: a file containing a certificate and private key to be used
by s_client.
server.pem :a file containing a certificate and private key to be used
by s_server.
eay1024.pem:the certificate used to sign client.pem and server.pem.
This would be your CA's certificate. There is also a link
from the file a8556381.0 to eay1024.PEM. The value a8556381
is returned by 'x509 -hash -noout <eay1024.pem' and is the
value used by X509 verification routines to 'find' this
certificte when search a directory for it.
[the above is not true any more, the CA cert is
../certs/testca.pem which is signed by ../certs/mincomca.pem]
When testing the s_server, you may get
bind: Address already in use
errors. These indicate the port is still being held by the unix
kernel and you are going to have to wait for it to let go of it. If
this is the case, remember to use the port commands on the s_server and
s_client to talk on an alternative port.
=====
s_client.
This program can be used to connect to any IP/hostname:port that is
talking SSL. Once connected, it will attempt to authenticate the
certificate it was passed and if everything works as expected, a 2
directional channel will be open. Any text typed will be sent to the
other end. type Q<cr> to exit. Flags are as follows.
-host arg : Arg is the host or IP address to connect to.
-port arg : Arg is the port to connect to (https is 443).
-verify arg : Turn on authentication of the server certificate.
: Arg specifies the 'depth', this will covered below.
-cert arg : The optional certificate to use. This certificate
: will be returned to the server if the server
: requests it for client authentication.
-key arg : The private key that matches the certificate
: specified by the -cert option. If this is not
: specified (but -cert is), the -cert file will be
: searched for the Private key. Both files are
: assumed to be in PEM format.
-CApath arg : When to look for certificates when 'verifying' the
: certificate from the server.
-CAfile arg : A file containing certificates to be used for
: 'verifying' the server certificate.
-reconnect : Once a connection has been made, drop it and
: reconnect with same session-id. This is for testing :-).
The '-verify n' parameter specifies not only to verify the servers
certificate but to also only take notice of 'n' levels. The best way
to explain is to show via examples.
Given
s_server -cert server.PEM is running.
s_client
CONNECTED
depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
verify error:num=1:unable to get issuer certificate
verify return:1
CIPHER is CBC-DES-MD5
What has happened is that the 'SSLeay demo server' certificate's
issuer ('CA') could not be found but because verify is not on, we
don't care and the connection has been made anyway. It is now 'up'
using CBC-DES-MD5 mode. This is an unauthenticate secure channel.
You may not be talking to the right person but the data going to them
is encrypted.
s_client -verify 0
CONNECTED
depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
verify error:num=1:unable to get issuer certificate
verify return:1
CIPHER is CBC-DES-MD5
We are 'verifying' but only to depth 0, so since the 'SSLeay demo server'
certificate passed the date and checksum, we are happy to proceed.
s_client -verify 1
CONNECTED
depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
verify error:num=1:unable to get issuer certificate
verify return:0
ERROR
verify error:unable to get issuer certificate
In this case we failed to make the connection because we could not
authenticate the certificate because we could not find the
'CA' certificate.
s_client -verify 1 -CAfile eay1024.PEM
CONNECTED
depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
verify return:1
depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
verify return:1
CIPHER is CBC-DES-MD5
We loaded the certificates from the file eay1024.PEM. Everything
checked out and so we made the connection.
s_client -verify 1 -CApath .
CONNECTED
depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
verify return:1
depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
verify return:1
CIPHER is CBC-DES-MD5
We looked in out local directory for issuer certificates and 'found'
a8556381.0 and so everything is ok.
It is worth noting that 'CA' is a self certified certificate. If you
are passed one of these, it will fail to 'verify' at depth 0 because
we need to lookup the certifier of a certificate from some information
that we trust and keep locally.
SSL_CIPHER=CBC3-DES-MD5:RC4-MD5
export SSL_CIPHER
s_client -verify 10 -CApath . -reconnect
CONNECTED
depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
verify return:1
depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
verify return:1
drop the connection and reconnect with the same session id
CIPHER is CBC3-DES-MD5
This has done a full connection and then re-estabished it with the
same session id but a new socket. No RSA stuff occures on the second
connection. Note that we said we would prefer to use CBC3-DES-MD5
encryption and so, since the server
没有合适的资源?快使用搜索试试~ 我知道了~
node-v0.9.1.tar.gz
0 下载量 114 浏览量
2024-05-05
22:43:41
上传
评论
收藏 10.92MB GZ 举报
温馨提示
共2000个文件
c:1031个
h:578个
js:168个
Node.js,简称Node,是一个开源且跨平台的JavaScript运行时环境,它允许在浏览器外运行JavaScript代码。Node.js于2009年由Ryan Dahl创立,旨在创建高性能的Web服务器和网络应用程序。它基于Google Chrome的V8 JavaScript引擎,可以在Windows、Linux、Unix、Mac OS X等操作系统上运行。 Node.js的特点之一是事件驱动和非阻塞I/O模型,这使得它非常适合处理大量并发连接,从而在构建实时应用程序如在线游戏、聊天应用以及实时通讯服务时表现卓越。此外,Node.js使用了模块化的架构,通过npm(Node package manager,Node包管理器),社区成员可以共享和复用代码,极大地促进了Node.js生态系统的发展和扩张。 Node.js不仅用于服务器端开发。随着技术的发展,它也被用于构建工具链、开发桌面应用程序、物联网设备等。Node.js能够处理文件系统、操作数据库、处理网络请求等,因此,开发者可以用JavaScript编写全栈应用程序,这一点大大提高了开发效率和便捷性。 在实践中,许多大型企业和组织已经采用Node.js作为其Web应用程序的开发平台,如Netflix、PayPal和Walmart等。它们利用Node.js提高了应用性能,简化了开发流程,并且能更快地响应市场需求。
资源推荐
资源详情
资源评论
收起资源包目录
node-v0.9.1.tar.gz (2000个子文件)
ares_platform.c 481KB
ec_curve.c 87KB
ev.c 87KB
s3_srvr.c 83KB
ssl_lib.c 81KB
s3_clnt.c 78KB
kssl.c 68KB
s3_lib.c 65KB
eio.c 64KB
deflate.c 63KB
ssltest.c 62KB
aes_core.c 59KB
http_parser.c 57KB
tty.c 56KB
test.c 55KB
ares_init.c 53KB
t1_lib.c 53KB
x509_vfy.c 52KB
ssl_ciph.c 49KB
unzip.c 48KB
d1_pkt.c 48KB
inflate.c 48KB
fs.c 47KB
hw_zencod.c 47KB
pipe.c 46KB
str_lib.c 44KB
ectest.c 44KB
e_capi.c 43KB
trees.c 43KB
test-fs.c 43KB
s3_pkt.c 41KB
ecp_smpl.c 40KB
d1_srvr.c 40KB
tcp.c 40KB
ares_process.c 40KB
d1_clnt.c 39KB
d1_both.c 39KB
bntest.c 39KB
e_chil.c 37KB
zip.c 37KB
v3_addr.c 36KB
ssl_err.c 36KB
aes_x86core.c 36KB
tunala.c 35KB
ec_asn1.c 34KB
t1_enc.c 33KB
eng_cryptodev.c 33KB
ssl_sess.c 32KB
e_padlock.c 32KB
s2_srvr.c 31KB
easy-tls.c 31KB
tasn_dec.c 31KB
stream.c 31KB
gzio.c 31KB
e_cswift.c 31KB
e_sureware.c 30KB
e_ubsec.c 30KB
s2_clnt.c 30KB
err.c 29KB
mttest.c 29KB
destest.c 29KB
pk7_doit.c 29KB
ts_rsp_sign.c 29KB
hw_ibmca.c 28KB
e_aep.c 28KB
process.c 28KB
camellia.c 27KB
bn_gf2m.c 27KB
ec_lib.c 27KB
ec2_smpl.c 26KB
rand_win.c 26KB
bn_exp.c 26KB
bn_nist.c 26KB
wp_block.c 25KB
cryptlib.c 25KB
e_4758cca.c 25KB
bn_mul.c 25KB
rsa_eay.c 25KB
s3_enc.c 24KB
ssl_stat.c 24KB
s3_both.c 24KB
asn_mime.c 24KB
b_sock.c 24KB
b_print.c 23KB
ec_mult.c 23KB
mem_dbg.c 23KB
util.c 23KB
bn_asm.c 23KB
cms_sd.c 23KB
v3_asid.c 22KB
v3_purp.c 22KB
gost_ameth.c 22KB
udp.c 22KB
infback.c 22KB
ts_rsp_verify.c 21KB
ssl_cert.c 21KB
pvkfmt.c 21KB
ex_data.c 21KB
pcy_tree.c 21KB
test-spawn.c 21KB
共 2000 条
- 1
- 2
- 3
- 4
- 5
- 6
- 20
资源评论
程序员Chino的日记
- 粉丝: 3032
- 资源: 4万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功