{"id":13422,"date":"2023-12-25T15:43:54","date_gmt":"2023-12-25T07:43:54","guid":{"rendered":"https:\/\/www.yimenyun.cn\/emen\/?p=13422"},"modified":"2023-12-25T15:43:54","modified_gmt":"2023-12-25T07:43:54","slug":"ubuntuopenssl%e5%bc%80%e5%8f%91%e6%b3%a8%e6%84%8f%e4%ba%8b%e9%a1%b9%e4%bb%8b%e7%bb%8d","status":"publish","type":"post","link":"https:\/\/www.yimenyun.cn\/emen\/13422\/","title":{"rendered":"ubuntuopenssl\u5f00\u53d1\u6ce8\u610f\u4e8b\u9879\u4ecb\u7ecd"},"content":{"rendered":"

OpenSSL\u662f\u4e00\u4e2a\u7528\u4e8e\u52a0\u5bc6\u548c\u89e3\u5bc6\u6570\u636e\u7684\u5f00\u6e90\u8f6f\u4ef6\u5e93\u3002\u5b83\u662f\u4e00\u4e2a\u901a\u7528\u7684\u52a0\u5bc6\u5e93\uff0c\u652f\u6301\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u5305\u62ec\u5bf9\u79f0\u52a0\u5bc6\u548c\u975e\u5bf9\u79f0\u52a0\u5bc6\u3002OpenSSL\u5e93\u53ef\u4ee5\u7528\u4e8e\u5f00\u53d1\u5b89\u5168\u7684\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u548c\u534f\u8bae\uff0c\u5982SSL\u3001TLS\u3001SSH\u7b49\u3002<\/p>\n

Ubuntu\u662f\u4e00\u79cd\u57fa\u4e8eLinux\u7684\u64cd\u4f5c\u7cfb\u7edf\uff0c\u5b83\u4f7f\u7528OpenSSL\u5e93\u6765\u63d0\u4f9b\u5b89\u5168\u7684\u6570\u636e\u4f20\u8f93\u548c\u901a\u4fe1\u3002\u5728Ubuntu\u7cfb\u7edf\u4e2d\uff0c\u5f00\u53d1\u4eba\u5458\u53ef\u4ee5\u4f7f\u7528OpenSSL\u5e93\u6765\u7f16\u5199\u5b89\u5168\u7684\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u548c\u534f\u8bae\u3002\u672c\u6587\u5c06\u4ecb\u7ecd\u5982\u4f55\u5728Ubuntu\u7cfb\u7edf\u4e2d\u4f7f\u7528OpenSSL\u5e93\u8fdb\u884c\u5f00\u53d1\u3002<\/p>\n

1. \u5b89\u88c5OpenSSL\u5e93<\/p>\n

\u5728Ubuntu\u7cfb\u7edf\u4e2d\uff0c\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u5b89\u88c5OpenSSL\u5e93\uff1a<\/p>\n

“`<\/p>\n

sudo apt-get update<\/p>\n

sudo apt-get install openssl libssl-dev<\/p>\n

“`<\/p>\n

2. \u521b\u5efa\u4e00\u4e2aSSL\u4e0a\u4e0b\u6587<\/p>\n

\u5728\u4f7f\u7528OpenSSL\u5e93\u4e4b\u524d\uff0c\u9700\u8981\u521b\u5efa\u4e00\u4e2aSSL\u4e0a\u4e0b\u6587\u3002SSL\u4e0a\u4e0b\u6587\u5305\u542b\u4e86SSL\u534f\u8bae\u7684\u914d\u7f6e\u4fe1\u606f\uff0c\u5982\u52a0\u5bc6\u7b97\u6cd5\u3001\u8bc1\u4e66\u7b49\u3002\u4f7f\u7528\u4ee5\u4e0b\u4ee3\u7801\u521b\u5efa\u4e00\u4e2aSSL\u4e0a\u4e0b\u6587\uff1a<\/p>\n

“`<\/p>\n

SSL_CTX *ctx;<\/p>\n

ctx = SSL_CTX_new(TLSv1_2_server_method());<\/p>\n

“`<\/p>\n

\u4e0a\u9762\u7684\u4ee3\u7801\u521b\u5efa\u4e86\u4e00\u4e2aTLSv1.2\u7248\u672c\u7684SSL\u4e0a\u4e0b\u6587\u3002<\/p>\n

3. \u52a0\u8f7d\u8bc1\u4e66\u548c\u79c1\u94a5<\/p>\n

\u5728\u4f7f\u7528SSL\u534f\u8bae\u8fdb\u884c\u901a\u4fe1\u4e4b\u524d\uff0c\u9700\u8981\u52a0\u8f7d\u670d\u52a1\u5668\u8bc1\u4e66\u548c\u79c1\u94a5\u3002\u8bc1\u4e66\u7528\u4e8e\u9a8c\u8bc1\u670d\u52a1\u5668\u7684\u8eab\u4efd\uff0c\u79c1\u94a5\u7528\u4e8e\u52a0\u5bc6\u548c\u89e3\u5bc6\u6570\u636e\u3002\u4f7f\u7528\u4ee5\u4e0b\u4ee3\u7801\u52a0\u8f7d\u8bc1\u4e66\u548c\u79c1\u94a5\uff1a<\/p>\n

“`<\/p>\n

SSL_CTX_use_ce\u5982\u4f55\u6253\u5305\u6587\u4ef6<\/a>rtificate_file(ctx, “server.crt”, SSL_FILETYPE_PEM);<\/p>\n

SSL_CTX_use_PrivateKey_file(ctx, “server.key”, SSL_FILETYPE_PEM);<\/p>\n

“`<\/p>\n

\u4e0a\u9762\u7684\u4ee3\u7801\u52a0\u8f7d\u4e86\u540d\u4e3a\u201cserver.crt\u201d\u548c\u201cserver.key\u201d\u7684PEM\u683c\u5f0f\u7684\u8bc1\u4e66\u548c\u79c1\u94a5\u3002<\/p>\n

4. \u521b\u5efa\u4e00\u4e2aSSL\u5957\u63a5\u5b57<\/p>\n

\u5728\u4f7f\u7528SSL\u534f\u8bae\u8fdb\u884c\u901a\u4fe1\u4e4b\u524d\uff0c\u9700\u8981\u521b\u5efa\u4e00\u4e2aSSL\u5957\u63a5\u5b57\u3002SSL\u5957\u63a5\u5b57\u662f\u4e00\u4e2a\u666e\u901a\u7684TCP\u5957\u63a5\u5b57\uff0c\u4f46\u5b83\u4f7f\u7528SSL\u534f\u8bae\u8fdb\u884c\u6570\u636e\u4f20\u8f93\u3002\u4f7f\u7528\u4ee5\u4e0b\u4ee3\u7801\u521b\u5efa\u4e00\u4e2aSSL\u5957\u63a5\u5b57\uff1a<\/p>\n

“`<\/p>\n

int sockfd;<\/p>\n

sockfd = socket(AF_INET, SOCK_STREAM, 0);<\/p>\n

SSL *ssl;<\/p>\n

ssl = SSL_new(ctx);<\/p>\n

SSL_set_fd(ssl, sockfd);<\/p>\n

“`<\/p>\n

\u4e0a\u9762\u7684\u4ee3\u7801\u521b\u5efa\u4e86\u4e00\u4e2aTCP\u5957\u63a5\u5b57\uff0c\u5e76\u5c06\u5176\u7ed1\u5b9a\u5230SSL\u4e0a\u4e0b\u6587\u3002<\/p>\n

5. SSL\u63e1\u624b<\/p>\n

\u5728SSL\u5957\u63a5\u5b57\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u9700\u8981\u8fdb\u884cSSL\u63e1\u624b\u3002SSL\u63e1\u624b\u662f\u5efa\u7acbSSL\u8fde\u63a5\u7684\u8fc7\u7a0b\uff0c\u5b83\u5305\u542b\u4e86\u4ee5\u4e0b\u6b65\u9aa4\uff1a<\/p>\n

– \u5ba2\u6237\u7aef\u53d1\u9001\u201cClientHello\u201d\u6d88\u606f\uff0c\u5305\u542b\u4e86\u52a0\u5bc6\u7b97\u6cd5\u3001\u968f\u673a\u6570\u7b49\u4fe1\u606f\u3002<\/p>\n

– \u670d\u52a1\u5668\u53d1\u9001\u201cServerHello\u201d\u6d88\u606f\uff0c\u5305\u542b\u4e86\u52a0\u5bc6\u7b97\u6cd5\u3001\u8bc1\u4e66\u7b49\u4fe1\u606f\u3002<\/p>\n

– \u670d\u52a1\u5668<\/p>\n

<\/figure>\n<\/p>\n

\u53d1\u9001\u201cCertificateRequest\u201d\u6d88\u606f\uff0c\u8bf7\u6c42\u5ba2\u6237\u7aef\u53d1\u9001\u8bc1\u4e66\u3002<\/p>\n

– \u5ba2\u6237\u7aef\u53d1\u9001\u201cCertificate\u201d\u6d88\u606f\uff0c\u5305\u542b\u4e86\u5ba2\u6237\u7aef\u8bc1\u4e66\u3002<\/p>\n

– \u5ba2\u6237\u7aef\u53d1\u9001\u201cClientKeyExchange\u201d\u6d88\u606f\uff0c\u5305\u542b\u4e86\u7528\u4e8e\u751f\u6210\u4f1a\u8bdd\u5bc6\u94a5\u7684\u4fe1\u606f\u3002<\/p>\n

– \u670d\u52a1\u5668\u53d1\u9001\u201cServerDone\u201d\u6d88\u606f\uff0c\u8868\u793a\u63e1\u624b\u7ed3\u675f\u3002<\/p>\n

– \u5ba2\u6237\u7aef\u53d1\u9001\u201cChangeCipherSpec\u201d\u6d88\u606f\uff0c\u8868\u793a\u4f1a\u8bdd\u5bc6\u94a5\u5df2\u751f\u6210\u3002<\/p>\n

– \u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u53d1\u9001\u201cFinishlinux\u7684\u5f00\u53d1\u5de5\u5177<\/a>ed\u201d\u6d88\u606f\uff0c\u8868\u793a\u63e1\u624b\u6210\u529f\u3002<\/p>\n

\u4f7f\u7528\u4ee5\u4e0b\u4ee3\u7801\u8fdb\u884cSSL\u63e1\u624b\uff1a<\/p>\n

“`<\/p>\n

SSL_connect(ssl);<\/p>\n

“`<\/p>\n

6. SSL\u6570\u636e\u4f20\u8f93<\/p>\n

\u5728SSL\u63e1\u624b\u6210\u529f\u540e\uff0c\u53ef\u4ee5\u4f7f\u7528SSL\u5957\u63a5\u5b57\u8fdb\u884c\u6570\u636e\u4f20\u8f93\u3002SSL\u5957\u63a5\u5b57\u4f7f\u7528SSL\u534f\u8bae\u8fdb\u884c\u52a0\u5bc6\u548c\u89e3\u5bc6\u6570\u636e\uff0c\u4fdd\u8bc1\u6570\u636e\u4f20\u8f93\u7684\u5b89\u5168\u6027\u3002\u4f7f\u7528\u4ee5\u4e0b\u4ee3\u7801\u8fdb\u884cSSL\u6570\u636e\u4f20\u8f93\uff1a<\/p>\n

“`<\/p>\n

char buf[1024];<\/p>\n

SSL_read(ssl, buf, sizeof(buf));<\/p>\n

SSL_write(ssl, buf, sizeof(buf));<\/p>\n

“`<\/p>\n

\u4e0a\u9762\u7684\u4ee3\u7801\u4eceSSL\u5957\u63a5\u5b57\u8bfb\u53d6\u6570\u636e\uff0c\u5e76\u5c06\u6570\u636e\u5199\u5165SSL\u5957\u63a5\u5b57\u3002<\/p>\n

7. SSL\u5173\u95ed<\/p>\n

\u5728SSL\u6570\u636e\u4f20\u8f93\u5b8c\u6210\u540e\uff0c\u9700\u8981\u5173\u95edSSL\u8fde\u63a5\u3002\u4f7f\u7528\u4ee5\u4e0b\u4ee3\u7801\u5173\u95edSSL\u8fde\u63a5\uff1a<\/p>\n

“`<\/p>\n

SSL_shutdown(ssl);<\/p>\n

“`<\/p>\n

\u4e0a\u9762\u7684\u4ee3\u7801\u5173\u95edSSL\u8fde\u63a5\uff0c\u5e76\u91ca\u653e\u76f8\u5e94\u7684\u8d44\u6e90\u3002<\/p>\n

\u603b\u7ed3<\/p>\n

\u672c\u6587\u4ecb\u7ecd\u4e86\u5728Ubuntu\u7cfb\u7edf\u4e2d\u4f7f\u7528OpenSSL\u5e93\u8fdb\u884c\u5f00\u53d1\u7684\u65b9\u6cd5\u3002\u5728\u4f7f\u7528OpenSSL\u5e93\u8fdb\u884c\u5f00\u53d1\u65f6\uff0c\u9700\u8981\u521b\u5efaSSL\u4e0a\u4e0b\u6587\u3001\u52a0\u8f7d\u8bc1\u4e66\u548c\u79c1\u94a5\u3001\u521b\u5efaSSL\u5957\u63a5\u5b57\u3001\u8fdb\u884cSSL\u63e1\u624b\u3001\u8fdb\u884cSSL\u6570\u636e\u4f20\u8f93\u548c\u5173\u95edSSL\u8fde\u63a5\u3002\u901a\u8fc7\u5b66\u4e60\u672c\u6587\uff0c\u8bfb\u8005\u53ef\u4ee5\u4e86\u89e3\u5982\u4f55\u4f7f\u7528OpenSSL\u5e93\u8fdb\u884c\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u548c\u534f\u8bae\u7684\u5f00\u53d1\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"

OpenSSL\u662f\u4e00\u4e2a\u7528\u4e8e\u52a0\u5bc6\u548c\u89e3\u5bc6\u6570\u636e\u7684\u5f00\u6e90\u8f6f\u4ef6\u5e93\u3002\u5b83\u662f\u4e00\u4e2a\u901a\u7528\u7684\u52a0\u5bc6\u5e93\uff0c\u652f\u6301\u591a\u79cd\u52a0\u5bc6\u7b97\u6cd5\uff0c\u5305\u62ec\u5bf9\u79f0\u52a0\u5bc6\u548c\u975e\u5bf9\u79f0\u52a0\u5bc6\u3002OpenSSL\u5e93\u53ef\u4ee5\u7528\u4e8e\u5f00\u53d1\u5b89\u5168\u7684\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u548c\u534f\u8bae\uff0c\u5982SSL\u3001TLS\u3001SSH\u7b49<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[18109,29,4686,18110,1145],"topic":[],"class_list":{"0":"post-13422","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"hentry","6":"category-exekf","7":"tag-18109","8":"tag-29","9":"tag-exe","11":"tag-1145"},"_links":{"self":[{"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/posts\/13422","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/comments?post=13422"}],"version-history":[{"count":1,"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/posts\/13422\/revisions"}],"predecessor-version":[{"id":13483,"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/posts\/13422\/revisions\/13483"}],"wp:attachment":[{"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/media?parent=13422"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/categories?post=13422"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/tags?post=13422"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.yimenyun.cn\/emen\/wp-json\/wp\/v2\/topic?post=13422"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}