Openssl “是什么意思?”;目的“;它在证书验证中的价值是什么?
有谁能告诉我检查证书时使用的“目的”值是什么以及它们的含义吗?要了解它们的含义,请查看OpenSSL的Openssl “是什么意思?”;目的“;它在证书验证中的价值是什么?,openssl,x509certificate,verification,Openssl,X509certificate,Verification,有谁能告诉我检查证书时使用的“目的”值是什么以及它们的含义吗?要了解它们的含义,请查看OpenSSL的x509手册页中的部分 这是它们与代码的关系(取自): 以编程方式检查目的时,通常只需处理整数常量,例如X509\u purpose\u SSL\u SERVER。这些目的在证书验证期间使用。验证证书(路径),最后OpenSSL检查手头的证书是否包含包含请求的“目的”的ExtendedKeyUsage扩展。否则,证书将被拒绝 OpenSSL在可能的情况下应用合理的默认值,但如果您有特殊要求,您可
x509
手册页中的部分
这是它们与代码的关系(取自):
以编程方式检查目的时,通常只需处理整数常量,例如X509\u purpose\u SSL\u SERVER
。这些目的在证书验证期间使用。验证证书(路径),最后OpenSSL检查手头的证书是否包含包含请求的“目的”的ExtendedKeyUsage
扩展。否则,证书将被拒绝
OpenSSL在可能的情况下应用合理的默认值,但如果您有特殊要求,您可以添加自己的目的,以便在证书验证期间进行检查。如果愿意,也可以检查自定义ExtendedKeyUsage
s,但通常预定义的默认值就足够了
static X509_PURPOSE xstandard[] = {
{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
{X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0, check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign", NULL},
};