zoukankan      html  css  js  c++  java
  • OpenSSL s_server / s_client 应用实例

    12.6. s_server / s_client

    12.6.1. SSL POP3 / SMTP / IMAP

    SSL POP3 / SMTP / IMAP 端口号

    POP3 995
    SMTP 465
    IMAP 993
    openssl s_client -connect localhost:110 -starttls pop3

    如果提示 CONNECTED(00000003) 侧省去 -starttls pop3 选项

    openssl s_client -connect pop.163.com:995
    openssl s_client -connect smtp.163.com:465
    openssl s_client -connect imap.163.com:993

    12.6.2. server / client 文件传输

    生成证书

    $ openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes

    在一个终端运行以下命令

    openssl s_server -accept 2009 -key server.pem -cert server.pem

    在另外一个终端运行命令如下

    openssl s_client -connect localhost:2009

    Example 12.1. 加密传输文件

    现在我们来尝试使用使用 openssl 加密传输文件

    传输 /etc/passwd 文件

    $ cat /etc/passwd | openssl s_server -accept 2009 -key server.pem -cert server.pem

    输出类似

    $ cat /etc/passwd | openssl s_server -accept 2009 -key server.pem -cert server.pem
    Using default temp DH parameters
    Using default temp ECDH parameters
    ACCEPT
    bad gethostbyaddr
    DONE
    shutdown accept socket
    shutting down SSL
    CONNECTION CLOSED
       0 items in the session cache
       0 client connects (SSL_connect())
       0 client renegotiates (SSL_connect())
       0 client connects that finished
       1 server accepts (SSL_accept())
       0 server renegotiates (SSL_accept())
       1 server accepts that finished
       0 session cache hits
       0 session cache misses
       0 session cache timeouts
       0 callback cache hits
       0 cache full overflows (128 allowed)

    另一个服务器上运行

    openssl s_client -connect 192.168.6.2:2009

    输出类似

    # openssl s_client -connect 192.168.6.2:2009
    CONNECTED(00000003)
    depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
    verify error:num=18:self signed certificate
    verify return:1
    depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
    verify error:num=9:certificate is not yet valid
    notBefore=Sep  2 06:59:06 2013 GMT
    verify return:1
    depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
    notBefore=Sep  2 06:59:06 2013 GMT
    verify return:1
    ---
    Certificate chain
     0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
       i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIDXTCCAkWgAwIBAgIJAM1t1q1Hl5eUMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
    BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
    aWRnaXRzIFB0eSBMdGQwHhcNMTMwOTAyMDY1OTA2WhcNMTQwOTAyMDY1OTA2WjBF
    MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50
    ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
    CgKCAQEAvGWRExTsfte2ys8LYELMpznAEsc11CwPBgE81DgQNxswCyIY2EzhlvX6
    gnv4x+JttexdU1hXTSBY+eZwQmAP9RpJnX+dIxTOPdpgsJQd4SYn2uI1OWWhs0HO
    108DPsxx7WvlCIsLY6sJCGkJYnX0P4DIGNYU0KZSPY9dSSa6QPB2TKLaWwiRXWJq
    m++1N4DF+LAbQb7gPwwacbBKMv8U4ZY4bmLxgQdPa2WahlSTMnwrntQv7+gkLL7R
    snILrXhoEalP1EaOr5awM0CdxT5SaIQwgKGv+5Vssw8KgnzNAtKaHw6uc/jgPGt9
    j6Qpo8+io+yMjypyi7FwEje4Rzl3SQIDAQABo1AwTjAdBgNVHQ4EFgQUFRScMNSC
    tHb8KbDilgijJ2mz2BAwHwYDVR0jBBgwFoAUFRScMNSCtHb8KbDilgijJ2mz2BAw
    DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAQANVwx4rMFPBtlHiWSOU
    wBt2XZvnSfarBpb/A2hWexzXQey9urKH8/8egKgxOCFhI42E2fH6RFhtI7x3CU6i
    1QQwKis9ZIiEEcn9inM0ZJOnaOx2gr/fcXnzKPWZFibAQP6gyGV/EQBCJ0j395cQ
    rHEfpfdKBPb5YN+NxXK1wHIIFV01lcZH2GDwDNDPtRNas/JNbS8X1iA8ti1VZnDp
    pSm8eZrzdJWsIQ/YFRNI/1mklSJr44NuvrbE7ivulBFpeIitc9ppkVa3xzhxM0xl
    cWz6l/jr3Dil5qWcCKsEZ0Hd0sZHuXm5eNJwwTO0XXT+vxJDM8Gf5fMqwx5VdUWZ
    uA==
    -----END CERTIFICATE-----
    subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
    issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 1583 bytes and written 246 bytes
    ---
    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1
        Cipher    : DHE-RSA-AES256-SHA
        Session-ID: 7CA47FFBFC896FC90F7E9E5F3147BC9621C07E10882A7C7831BFA7D61AD24EEF
        Session-ID-ctx: 
        Master-Key: 5CB630D741EA2D209E0DC882A2E5C16E2009138A7DB7920ABEFD1E9CC5D6973F7DC7228295B5AC75F5E7CD1726DC3E5F
        Key-Arg   : None
        Krb5 Principal: None
        PSK identity: None
        PSK identity hint: None
        TLS session ticket lifetime hint: 300 (seconds)
        TLS session ticket:
        0000 - 7d 76 b1 eb bb 9d 63 49-fe 9f 18 c0 78 82 66 bd   }v....cI....x.f.
        0010 - 65 69 ac 27 11 63 05 8a-57 8d 13 23 d8 85 3c fa   ei.'.c..W..#..<.
        0020 - 6b 54 4c 39 92 c4 53 22-16 e3 73 98 a0 fe 15 67   kTL9..S"..s....g
        0030 - c1 5f 47 66 f9 42 50 f5-67 be 91 a8 70 fa ef eb   ._Gf.BP.g...p...
        0040 - 1c 51 c2 94 62 ff b0 97-1b 7b de ac 3a c8 39 52   .Q..b....{..:.9R
        0050 - 85 d6 51 02 33 48 2c 39-fc db f8 55 87 c5 1b 58   ..Q.3H,9...U...X
        0060 - 81 e7 00 0b 9d ae e3 fd-04 dc 0d dd 26 20 3c b2   ............& <.
        0070 - b2 0f 56 e1 7c be d2 89-2a 64 42 b4 9f eb b3 e2   ..V.|...*dB.....
        0080 - ee 3d 51 ac 3f 9e 14 49-52 f4 b6 d7 9f 59 0b c8   .=Q.?..IR....Y..
        0090 - fa f2 74 38 e0 c8 12 1a-b3 81 e8 2f 13 cf 44 44   ..t8......./..DD
    
        Start Time: 1378104227
        Timeout   : 300 (sec)
        Verify return code: 9 (certificate is not yet valid)
    ---
    root:x:0:0:root:/root:/bin/bash
    daemon:x:1:1:daemon:/usr/sbin:/bin/sh
    bin:x:2:2:bin:/bin:/bin/sh
    sys:x:3:3:sys:/dev:/bin/sh
    sync:x:4:65534:sync:/bin:/bin/sync
    games:x:5:60:games:/usr/games:/bin/sh
    man:x:6:12:man:/var/cache/man:/bin/sh
    lp:x:7:7:lp:/var/spool/lpd:/bin/sh
    mail:x:8:8:mail:/var/mail:/bin/sh
    news:x:9:9:news:/var/spool/news:/bin/sh
    uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
    proxy:x:13:13:proxy:/bin:/bin/sh
    www-data:x:33:33:www-data:/var/www:/bin/sh
    backup:x:34:34:backup:/var/backups:/bin/sh
    list:x:38:38:Mailing List Manager:/var/list:/bin/sh
    irc:x:39:39:ircd:/var/run/ircd:/bin/sh
    gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
    nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
    libuuid:x:100:101::/var/lib/libuuid:/bin/sh
    syslog:x:101:103::/home/syslog:/bin/false
    messagebus:x:102:105::/var/run/dbus:/bin/false
    whoopsie:x:103:106::/nonexistent:/bin/false
    landscape:x:104:109::/var/lib/landscape:/bin/false
    sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
    neo:x:1000:1000:neo,,,:/home/neo:/bin/bash
    ntop:x:106:114::/var/lib/ntop:/bin/false
    redis:x:107:116:redis server,,,:/var/lib/redis:/bin/false
    postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
    colord:x:109:120:colord colour management daemon,,,:/var/lib/colord:/bin/false
    mysql:x:110:121:MySQL Server,,,:/nonexistent:/bin/false
    zookeeper:x:111:122:ZooKeeper,,,:/var/lib/zookeeper:/bin/false
    read:errno=0

    http://my.oschina.net/neochen/blog/158631#OSC_h2_1
  • 相关阅读:
    前端打包利器:webpack工具
    asp.net 通过ajax方式调用webmethod方法使用自定义类传参及获取返回参数
    C#报错:创建调试信息文件 ……objDebugmodel.pdb: 拒绝访问
    ts 使用Visual Studio2012和TFS网站管理源代码
    Win7(包括32和64位)使用GitHub
    C#程序开发中经常遇到的10条实用的代码
    简单优化实现大数据量的重复判断和导入
    Asp.Net修改上传文件大小限制(修改web.config)
    XlFileFormat
    Excel 2007中的新文件格式
  • 原文地址:https://www.cnblogs.com/kungfupanda/p/4639386.html
Copyright © 2011-2022 走看看