• HTTPS 验证访问略记

    背景

    互联网刚刚兴起的时候,网络安全并没有被很好的重视。HTTP 是明文传输的,这为意图谋不道德之事者提供了诸多的便利。当越来越多的人利益受到侵害的时候,开始重视网络传输的安全问题了。

    HTTPS 加密过程

    1. 加密算法

      1)对称加密算法: 加密和解密都是使用同一个密钥进行的。

      2)非对称加密算法:加密和解密使用的是两个不同的密钥。

    2. HTTPS 通信过程的加密关键在于密钥的保密性,因为通信过程被监听之后,所有的信息都有可能是被伪造的,所以这也包括密钥也可能被截持,伪造。为了能够鉴别服务器或者客户端的真实身份,需要一个第三方来做担保人。当然,担保人也有可能是不可靠的,这是后话。在第三方可靠的情况之下,看看 HTTPS 的通信过程:

    3. 证书类型

      1. .DER
      The DER extension is used for binary DER encoded certificates. These files may also bear the CER or the CRT extension.   Proper English usage would be “I have a DER encoded certificate” not “I have a DER certificate”.
      1. .PEM
      The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a “—– BEGIN …” line.
      1. .CRT
       The CRT extension is used for certificates. The certificates may be encoded as binary DER or as ASCII PEM. The CER and CRT extensions are nearly synonymous.  Most common among *nix systems
      1. .CER
      alternate form of .crt (Microsoft Convention) You can use MS to convert .crt to .cer (.both DER encoded .cer, or base64[PEM] encoded .cer)  The .cer file extension is also recognized by IE as a command to run a MS cryptoAPI command (specifically rundll32.exe cryptext.dll,CryptExtOpenCER) which displays a dialogue for importing and/or viewing certificate contents.
      1. .KEY
      The KEY extension is used both for public and private PKCS#8 keys. The keys may be encoded as binary DER or as ASCII PEM.

    4. 证书的来源

      有些证书的颁发机构是不被信任的。如果颁发证书的机构不能被信任,那么证书的存在就没有意义了。在我们使用的浏览器里面,内置有一些被信任Ca颁发机构,通过这些信息,可以验证服务器证书的是否可以被信任。

    PHP 代码

    $ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,6);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, ["X-API-KEY:$api_key", "Content-Type: application/json; charset=utf-8"]);
curl_setopt($ch, CURLOPT_POSTFIELDS,json_encode(['user_token' => $token]));

curl_setopt($ch,CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch,CURLOPT_SSLCERTTYPE,'PEM');
curl_setopt($ch,CURLOPT_SSLKEYTYPE,'PEM');
curl_setopt($ch,CURLOPT_SSLCERT, __DIR__ .'/wog.cer');
curl_setopt($ch,CURLOPT_SSLKEY, __DIR__ .'/wog.key');
curl_setopt($ch, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_1);
$result = curl_exec($ch);
curl_exec($ch);

    请见资料

    1. HTTPS的加密过程
    2. 证书类型
  • 相关阅读:
    C++类继承内存布局(二)
    C++类继承内存布局(一)
    排序算法
    python 文件路径问题
    python map对象
    python reduce() 函数
    python eval 用法
    PyCharm引入自定义类报错
    Python中的lambda的简单介绍
    python time模块和datetime模块
  • 原文地址:https://www.cnblogs.com/jingjingdidunhe/p/11088659.html
Copyright © 2020-2023  润新知