SSL证书和eLink
我有时使用eLink进行web浏览,一些https站点由于SSL证书和eLink,ssl,elinks,Ssl,Elinks,我有时使用eLink进行web浏览,一些https站点由于SSL错误而无法加载 一个例子是,它不在eLink中加载,但在chromium和firefox等其他浏览器中运行良好 使用命令行检查证书会给出非常短的输出: $ echo | openssl s_client -connect www.rust-lang.org:443 2>/dev/null CONNECTED(00000003) --- no peer certificate available --- No client ce
SSL错误而无法加载
一个例子是,它不在eLink中加载,但在chromium和firefox等其他浏览器中运行良好
使用命令行检查证书会给出非常短的输出:
$ echo | openssl s_client -connect www.rust-lang.org:443 2>/dev/null
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 297 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1459658221
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
作为比较,google的输出是:
$ echo | openssl s_client -connect www.google.com:443 2>/dev/null
CONNECTED(00000003)
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEgDCCA2igAwIBAgIIF8zP738syB4wDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTYwMzIzMTk0MTQ0WhcNMTYwNjE1MTkyMDAw
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3
Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoxzls
wT/PC9gErDAme+LX9PAdv8270+BHCaNe/YxZE093ryPQq5PPKHsBNSzNvHwNfWuv
H3z/CBvaIiFgBimSm3cWOvjXipqTL5sHGkLr/RNAxmwo2dUKZ0LBUCXB4YvXkMb0
lI3XpgZk1CUzE7jj3HDgA+IOpT8JgbmKH19Z7+lwBzaunztBk8YM/LKrb9XtDzYW
diPkBwm0xx2dj2jCrj49Hvug9qAGQ5Zx8YuNrwR5qYXW/8aVB6MJ8r/ZLKzU39k3
nvp5ZylyGklJAuGneCblChzpR18ab8k2B/26qgCv7T4MLoAGRTbvTrZ0HxTj8aie
yI0+jZjRQjBeYwGPAgMBAAGjggFLMIIBRzAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBQKfpRDWX9xAx1/4SBXfKJdHrqPHjAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMCEGA1UdIAQaMBgwDAYKKwYBBAHW
eQIFATAIBgZngQwBAgIwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29n
bGUuY29tL0dJQUcyLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAiwUNf4uVHi1f8u1m
nd2vEHlOIQkNFLeuj9RPQfsFPL7fX/UzE5HbLzp1y4ICnRuCONKhz08YZ56pQ09A
+MfzIm0/e3yytHRf5f+YWATKkGtEh3pJdkOJM2UYIFFDs382a+bau7dTVyZFgMyS
m2Wlhw/zCLBgIebkSwsrrJAftwKu2AjvG6XJCUd08MSEe6UVF15COudEdVkKoDWR
ZmITWRFSFAeeJ5dKAzRojKVgGYV8tw6ByVKSizl5WS+hrXdD4IHkProKEFbSQgIv
Eyv87d8W8yscamZDU6Da+Djjxf07LkE3qDtd/RQY+IMm4V17ko6WfaV7ibionAA5
uAnzkw==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3727 bytes and written 423 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: BBBB89FD38DF58981900A70A2F92A01E57888CF80B71AE19DE5F92EDE389D7FE
Session-ID-ctx:
Master-Key: 80B4C5C3F81C7AFDAA226BB0285E9F9088737151CCB4EA742328C727363F9663997E68D757CB73B79EF8E3C90B622E12
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - ee 03 90 3e 12 a6 14 ba-f9 db 39 f7 6f 3c bf 58 ...>......9.o<.X
0010 - 32 5d 0a 6f 08 cf 17 f9-16 49 91 c3 4f 99 50 01 2].o.....I..O.P.
0020 - 6a 90 47 0a 7d 62 5e b8-26 ef 21 9f f3 df a9 35 j.G.}b^.&.!....5
0030 - 17 90 53 cf 6a 1e d8 e7-ef d9 7a fc ea 80 c0 74 ..S.j.....z....t
0040 - c2 ee ba e4 5c ef 04 38-45 58 75 f6 7f f4 cd 78 ....\..8EXu....x
0050 - eb 31 5d be c2 c9 bb cd-dc c1 13 cc 81 84 48 39 .1]...........H9
0060 - 12 52 43 ae c6 24 1b 6e-85 7f 23 90 ff 80 9c 11 .RC..$.n..#.....
0070 - 49 e2 b4 c1 bf 32 08 e5-c4 55 84 de 46 77 d0 a1 I....2...U..Fw..
0080 - 92 7b 7c 1b 54 a1 49 c2-b0 d7 b9 f8 65 d2 1d 19 .{|.T.I.....e...
0090 - 2d 8e 5a 66 72 6c c8 50-7c d7 aa b8 58 28 7c 7d -.Zfrl.P|...X(|}
00a0 - 4c 64 1a 85 Ld..
Start Time: 1459659110
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
$echo | openssl s|U客户端-连接www.google.com:443 2>/dev/null
已连接(00000003)
---
证书链
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.Google.com
i:/C=US/O=Google Inc/CN=Google互联网管理局G2
1 s:/C=US/O=Google Inc/CN=Google互联网管理局G2
i:/C=US/O=GeoTrust公司/CN=GeoTrust全球CA
2 s:/C=US/O=GeoTrust公司/CN=GeoTrust全球CA
i:/C=US/O=Equifax/OU=Equifax安全证书颁发机构
---
服务器证书
-----开始证书-----
MIIEGDCCA2IGWIBAGIIF8ZP738SYB4WDQYJKOZHIHVCNAQELBQAWSTELMAKGA1UE
BHMCVVMXZEZARBGNVBAOTCKDVBB2DSZSBJBMMXJTAJBGNVB2DSSBJBNRL
CM5LDCBBDXROB3JPDHKGRZIWHHCNMTYWMZMZMTK0MTQ0WHCNYWNJE1MKYMDAW
WJBOMQSWCQYDVQGEWJVuzetMBEGA1UECAWKQ2FSAWZVCM5YTEWMBQGA1EBWWN
TW91BNRHAW4GVMLLDZETMBEGA1ECGWKR29VZ2XLIELUYZEXMBUGA1EAWWOD3D3
LMDVB2DSZS5JB20WGGEIMA0GCSQGSIB3DQEBAQUA4IBDWAWGGEKAOYBAQCOXZLS
wT/PC9gErDAme+LX9PAdv8270+BHCaNe/YxZE093ryPQq5PPKHsBNSzNvHwNfWuv
H3z/CBVAIIFGBIMS3CWOVJXIPQTL5SHGKLR/RNAXWO2DUKZ0LBUCxB4YVxKMB0
lI3XpgZk1CUzE7jj3HDgA+IOpT8JgbmKH19Z7+lwBzaunztBk8YM/LKrb9XtDzYW
diPkBwm0xx2dj2jCrj49Hvug9qAGQ5Zx8YuNrwR5qYXW/8aVB6MJ8r/ZLKzU39k3
nvp5ZylyGklJAuGneCblChzpR18ab8k2B/26qgCv7T4MLoAGRTbvTrZ0HxTj8aie
yI0+JZJRQJBeywgpagmbaagjggflmiibrzadbgnvhsuefjaubgrgbgefbqcdaqyi
KWYBBKUHAWIWGQYDVR0RBBIWEIIOD3D3LMDVB2DSZS5JB20WAAYKWYBBQUHAQEE
XDBAMCSCGCCSGAQUFBZACHH9ODHRWOI8VCGTPLMDVB2DSS5JB20VR0LBRZIUY3J0
MCSGCCSGAQUFBZABHH9ODHRWOI8VY2XPZW50CZEUZ29VZ2XLMNVBS9VY3NWMB0G
A1UdDgQWBBQKfpRDWX9xAx1/4SBXFKJDHRQPWJAMBGNVHRMBAF8EAJAAMB8GA1UD
Iwqymbaaferdbhybvpzotxb1gba7yhq6woevmcega1udiaqambgwdaykwybahw
EQIFATAIBGZNGQWBAGIWMAYDVR0FBCKWJZALOCOGIYYFAHR0CDOVL3BRA5NB29N
BGUUY29TL0DJQUCYLMNBKQHKIG9W0BAQSFAAOCAQEAIWUNF4UVHI1F8U1M
nd2vEHlOIQkNFLeuj9RPQfsFPL7fX/UzE5HbLzp1y4ICnRuCONKhz08YZ56pQ09A
+MfzIm0/e3yytHRf5f+YWATKkGtEh3pJdkOJM2UYIFFDs382a+bau7dTVyZFgMyS
m2Wlhw/ZCLBGIEBKSWSRJAFTWKU2AJVG6XJCUD08MSEE6UVF15COUDDEDVKKODWR
ZmITWRFSFAeeJ5dKAzRojKVgGYV8tw6ByVKSizl5WS+hrXdD4IHkProKEFbSQgIv
Eyv87d8W8yscamZDU6Da+Djjxf07LkE3qDtd/RQY+IMM4V17KO6WFAV7IBIONA5
uAnzkw==
-----结束证书-----
主题=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.Google.com
发卡机构=/C=US/O=Google Inc/CN=Google互联网管理局G2
---
未发送客户端证书CA名称
---
SSL握手读取3727字节,写入423字节
---
新的TLSv1/SSLv3密码是ECDHE-RSA-AES128-GCM-SHA256
服务器公钥为2048位
支持安全的重新协商
压缩:无
扩展:无
SSL会话:
协议:TLSv1.2
密码:ECDHE-RSA-AES128-GCM-SHA256
会话ID:BBBB89FD38DF58981900A70A2F92A01E57888CF80B71AE19DE5F92EDE389D7FE
会话ID ctx:
主钥匙:80B4C5C3F81C7AFDAA226BB0285E9F9088737151CCB4EA742328C727363F9663997E68D757CB73B79EF8E3C90B622E12
键Arg:无
PSK身份:无
PSK标识提示:无
SRP用户名:无
TLS会话票证生存期提示:100800(秒)
TLS会话票证:
0000-ee 03 90 3e 12 a6 14 ba-f9 db 39 f7 6f 3c bf 58…>…9.o您需要使用才能成功访问www.rust-lang.org。使用openssl s_client
可以通过添加-servername
参数来完成此操作:
$ openssl s_client -connect www.rust-lang.org:443 \
-servername www.rust-lang.org
...
subject=/OU=Domain Control Validated/OU=EssentialSSL Wildcard/CN=*.rust-lang.org
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
...
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
所有现代浏览器都支持SNI,并且在互联网上大量使用。例如,所有Cloudflare免费SSL都需要SNI。我猜您使用的elinks版本还不支持SNI。我在2015年9月对埃林克斯的比赛中发现了一个0.12pre6的进球。考虑到这个版本仍然是最新的版本,而且看起来是这样,我猜这个问题仍然没有解决 来自elinks的最新git版本似乎解决了所有这些问题。请注意:虽然最新版本的发布时间是2012年,但elinks的开发并未停止,最近几年中有几次提交。