Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
对客户端证书URL的OpenSSL支持_Ssl_Openssl_X509_Rfc_Pkix - Fatal编程技术网
Fatal编程技术网
  • ssl/
  • 对客户端证书URL的OpenSSL支持

对客户端证书URL的OpenSSL支持

ssl openssl

对客户端证书URL的OpenSSL支持,ssl,openssl,x509,rfc,pkix,Ssl,Openssl,X509,Rfc,Pkix,我正在尝试确定OpenSSL库是否支持。我在OpenSSL文档中找不到任何信息 在文件tls.h中,我可以看到以下定义: /* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */ # define TLSEXT_TYPE_server_name 0 # define TLSEXT_TYPE_max_fragment_length 1 # define TLSEXT_TYPE_client

我正在尝试确定OpenSSL库是否支持。我在OpenSSL文档中找不到任何信息

在文件
tls.h
中,我可以看到以下定义:

/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
# define TLSEXT_TYPE_server_name                 0
# define TLSEXT_TYPE_max_fragment_length         1
# define TLSEXT_TYPE_client_certificate_url      2
# define TLSEXT_TYPE_trusted_ca_keys             3
# define TLSEXT_TYPE_truncated_hmac              4
# define TLSEXT_TYPE_status_request              5
还有一种使用客户端扩展的方法:

int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
                                  custom_ext_add_cb add_cb,
                                  custom_ext_free_cb free_cb,
                                  void *add_arg,
                                  custom_ext_parse_cb parse_cb,
                                  void *parse_arg);
我已经查看了OpenSSL源代码,
TLSEXT\u TYPE\u client\u certificate\u url
仅在文件
s\u cb.c
中用作回调支持:

void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
                     unsigned char *data, int len,
                     void *arg)
{
    BIO *bio = arg;
    char *extname;

    switch(type)
    {
    case TLSEXT_TYPE_server_name:
    extname = "server name";
    break;

    case TLSEXT_TYPE_client_certificate_url:
    extname = "client certificate URL";
    break;

    (...)

    default:
    extname = "unknown";
    break;

    }

    BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
         client_server ? "server": "client",
         extname, type, len);
    BIO_dump(bio, (char *)data, len);
    (void)BIO_flush(bio);
}
当我搜索
TLSEXT\u TYPE\u server\u name
时,我可以看到此标志的用法 文件
t1_lib.c

unsigned char ssl_add_serverhello_tlsext(SSL s, unsigned char *buf,
                                          unsigned char *limit)
{
    int extdatalen = 0;
    unsigned char *orig = buf;
    unsigned char *ret = buf;
# ifndef OPENSSL_NO_NEXTPROTONEG
    int next_proto_neg_seen;
# endif

    /*
     * don't add extensions for SSLv3, unless doing secure renegotiation
     */
    if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
        return orig;

    ret += 2;
    if (ret >= limit)
        return NULL;            / this really never occurs, but ... /

    if (!s->hit && s->servername_done == 1
        && s->session->tlsext_hostname != NULL) {
        if ((long)(limit - ret - 4) < 0)
            return NULL;

        s2n(TLSEXT_TYPE_server_name, ret);
        s2n(0, ret);

unsigned char ssl\u add\u serverhello\u tlsext(ssl s,unsigned char*buf,
无符号字符*限制)
{
int extdatalen=0;
无符号字符*orig=buf;
无符号字符*ret=buf;
#ifndef OPENSSL\u否\u下一个协议
int next_proto_neg_seen;
#恩迪夫
/*
*不要为SSLv3添加扩展,除非进行安全的重新协商
*/
如果(s->version==SSL3\u version&&!s->s3->send\u connection\u binding)
返回原点;
ret+=2;
如果(ret>=限制)
return NULL;/n这实际上从未发生过,但是/
如果(!s->hit&&s->servername\u done==1
&&s->session->tlsext\u主机名!=NULL){
如果((长)(限值-ret-4)<0)
返回NULL;
s2n(TLSEXT类型服务器名称,ret);
s2n(0,ret);
这让我想到一点,即支持
TLSEXT\u-TYPE\u-server\u-name
扩展,但没有关于
TLSEXT\u-TYPE\u-client\u-certificate\u-url

的明确信息。不,任何OpenSSL版本都不支持此扩展