Ubuntu
openssl s_client 掛起
我正在嘗試使用 openssl 的 s_client 查看一些 ssl 證書。由於某種原因,它在吐出證書資訊後掛起連接打開。
這是我正在使用的命令和輸出:
mike@sleepycat:~☺ openssl s_client -connect facebook.com:443 CONNECTED(00000003) depth=1 O = VeriSign Trust Network, OU = "VeriSign, Inc.", OU = VeriSign International Server CA - Class 3, OU = www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=www.facebook.com i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign 1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIDzDCCAzWgAwIBAgIQAWX5/4nQsxqIdTfN7yT+BDANBgkqhkiG9w0BAQUFADCB ujEfMB0GA1UEChMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazEXMBUGA1UECxMOVmVy aVNpZ24sIEluYy4xMzAxBgNVBAsTKlZlcmlTaWduIEludGVybmF0aW9uYWwgU2Vy dmVyIENBIC0gQ2xhc3MgMzFJMEcGA1UECxNAd3d3LnZlcmlzaWduLmNvbS9DUFMg SW5jb3JwLmJ5IFJlZi4gTElBQklMSVRZIExURC4oYyk5NyBWZXJpU2lnbjAeFw0x MjA2MjEwMDAwMDBaFw0xMzEyMzEyMzU5NTlaMGoxCzAJBgNVBAYTAlVTMRMwEQYD VQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlQYWxvIEFsdG8xFzAVBgNVBAoTDkZh Y2Vib29rLCBJbmMuMRkwFwYDVQQDExB3d3cuZmFjZWJvb2suY29tMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQC4e9C0eD3zy0YR829bH7fd3PGGDp/3Rd7UR65Q +jcsRoLZaer9k9tPEOd5ZmWR1MTzwVEmZ94fhoWf219K2Nx/v7fQaWYh5U0DETUo bkDfR4zBAe+oMuFDIGrhEkUEdlWUOcpvScrtzRjRLyikTc4twjRlpB5RdnGGFopw CRTNMwIDAQABo4IBIDCCARwwCQYDVR0TBAIwADBEBgNVHSAEPTA7MDkGC2CGSAGG +EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9y cGEwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL1NWUkludGwtY3JsLnZlcmlzaWdu LmNvbS9TVlJJbnRsLmNybDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw CwYDVR0PBAQDAgWgMCkGA1UdEQQiMCCCEHd3dy5mYWNlYm9vay5jb22CDGZhY2Vi b29rLmNvbTA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw LnZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQUFAAOBgQBnkJ5NVI4xzdKlATMc46Jy +l7LY+DZH+HEfBz6e/YWNvwuj40I+GxkqASjGKyyOo8dIS9AydbaWuF9SgGTYnAO J9awxd21Zy8YrDp8dr7TAEeqUwNkVeJloiQUpCQLjqIFsZ/paWxVbjZZlUBbDvwx 2iEmqGo+ziZWHirmhVut0A== -----END CERTIFICATE----- subject=/C=US/ST=California/L=Palo Alto/O=Facebook, Inc./CN=www.facebook.com issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign --- No client certificate CA names sent --- SSL handshake has read 2230 bytes and written 388 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.1 Cipher : AES256-SHA Session-ID: 5FFDA57069D60A3FBEBCC667B76B8CDF649DA6D04656985D828DE2AE74426645 Session-ID-ctx: Master-Key: FA27B6E7A08420EE27F74A01136077C064891D49BA64BE508CD99242F52A482AC6AA44D7D4487A99728C04F2EA547352 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 86000 (seconds) TLS session ticket: 0000 - 9d da 29 68 1c 35 19 21-da 2a 45 eb 17 71 83 42 ..)h.5.!.*E..q.B 0010 - 6d 5c 55 97 82 18 36 9a-b6 7d 10 2c 25 2f 31 43 m\U...6..}.,%/1C 0020 - 57 77 d1 f1 bf 30 26 a8-84 90 d1 6c 91 83 72 7d Ww...0&....l..r} 0030 - 33 e6 a5 bf e3 82 d4 00-8d 44 c8 8a 03 71 58 6c 3........D...qXl 0040 - 28 f4 41 b4 71 67 6c e6-06 39 06 d5 3c 0d ed de (.A.qgl..9..<... 0050 - ba e9 48 2c fe d5 6e a0-a4 cf 27 92 1b 96 79 dc ..H,..n...'...y. 0060 - 9a d8 3c 6e 04 f0 2d 7c-05 d4 7b d5 8a a6 99 76 ..<n..-|..{....v 0070 - c3 57 11 3e 7c 0a 9d 46-a2 01 b9 a7 8a ce 5b 32 .W.>|..F......[2 0080 - 8e 40 30 f3 14 93 b4 e4-55 e0 9c e8 dc 2f 02 a8 .@0.....U..../.. 0090 - ef d9 52 54 d2 16 f9 8d-23 e1 34 14 26 64 29 c8 ..RT....#.4.&d). 00a0 - c8 0a 09 97 24 eb 6c 92-ff 82 f5 e8 a1 6f 2a f2 ....$.l......o*. Start Time: 1347376514 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---這就是沒有完成的地方。我怎樣才能讓這個命令乾淨地完成,以便我可以在腳本中使用它?我在 Ubuntu 上執行。
它正在等待您的 HTTP 命令,
只需 a
GET /並按 Enter 就可以了。
對於完全自動化的解決方案,您可以使用
echo -n:
echo -n | openssl s_client -connect facebook.com:443