分享
 
 
 

linuxOPENSSL服务器

王朝system·作者佚名  2008-05-18
窄屏简体版  字體: |||超大  

概述

OpenSSL项目是一个合作的项目,开发一个健壮的、商业等级的、完整的开发源代码的工具包,用强大的加密算法来实现安全的Socket层(Secure Sockets Layer,SSL v2/v3)和传输层的安全性(Transport Layer Security,TLS v1)。

这个项目是由全世界的志愿者管理的,他们通过Internet相互交流、制定计划和开发OpenSSL工具包和相关文档。

加密的优势

数据的保密性

信息加密就是把纯文本的输入文件用加密算法转换成加密的文件以实现数据的保密。加密的过程需要用到密匙来加密数据然后再解密。没有了密匙,就无法解开加密的数据。数据加密之后,只有密匙要用一个安全的方法传送。加密过的数据可以公开地传送。

数据的一致性

加密也能保证数据的一致性。例如:加密的校验码,也叫做消息验证码(Message Authentication Code,MAC),能够校验用户提供的加密信息。加密的数据和MAC一起发送给接收者,接收者就可以用MAC来校验加密数据,保证数据没有被窜改过。

安全验证

加密的另外一个用途是用来作为个人的标识,用户的密匙可以作为他的安全验证的标识。

专利

各种各样的公司在世界各地拥有各种各样算法的专利。在使用加密算法之前必须检查一下这个算法有没有受到本国专利的限制。下面列出一些受到专利保护的算法(可能不确切):

RSA Data Security在美国和日本拥有RSA和RC5算法的专利。必须和RSA Data Security联系以得到许可条例。其主页是:http://www.rsa.com/。

RC4是RSA Data Security的商标,使用这个标志必须得到RSA Data Security的许可。

IDEA算法在澳大利亚、法国、德国、意大利、日本、荷兰、西班牙、瑞典、瑞士、英国和美国受专利保护。如果要使用这个算法必须得到许可,其主页是:http://www.ascom.ch/。

注意事项

下面所有的命令都是Unix兼容的命令。

源路径都为“/var/tmp”(当然在实际情况中也可以用其它路径)。

安装在RedHat linux 6.1下测试通过。

要用“root”用户进行安装。

OpenSSL的版本是0.9.4。

安装软件包需要注意的问题

最好在编译前和编译后都做一张系统中所有文件的列表,然后用“diff”命令去比较它们,找出其中的差别并知道到底把软件安装在哪里。只要简单地在编译之前运行一下命令“find /* >ssl1”,在编译和安装完软件之后运行命令“find /* > ssl2”,最后用命令“diff ssl1 ssl2 > ssl”找出变化。

软件包的来源

OpenSSL的主页是:http://www.openssl.org/。

下载:openssl-0.9.4.tar.gz

编译

把软件包(tar.Z)解压缩:

[root@deep]# cp openssl_version.tar.gz /var/tmp

[root@deep]# cd /var/tmp

[root@deep]# tar xzpf openssl_version.tar.gz

编译与优化

转到OpenSSL目录下。

第一步

编辑“c_rehash”文件(vi +11 tools/c_rehash),把:

DIR=/usr/local/ssl

改为:

DIR=/usr

这个改变是使编译和安装OpenSSL时用“/usr”这个默认目录。

第二步

在默认情况下OpenSSL把Perl程序的目录设置为“/usr/local/bin/perl”目录。必须改变所有脚本中的“#!/usr/local/bin/perl”这一行,因为在RedHat linux中Perl的路径是“/usr/bin”。用下面的命令:

[root@deep]# perl util/perlpath.pl /usr/bin (where your perl program reside).

第三步

为了成功编译OpenSSL,必须知道函数库所在的路径。用下面的命令设置PATH环境变量:

[root@deep]# export LD_LIBRARY_PATH=`pwd`

设置编译器的编译参数:

CC="egcs"

./Configure linux-elf -DSSL_FORBID_ENULL

--prefix=/usr

--openssldir=/etc/ssl

注意:因为安全方面的原因要禁止“不加密”,所以“-DSSL_FORBID_ENULL”参数是必须的。

编辑“Makefile.ssl”文件(vi +52 Makefile.ssl),加入:

CFLAG= -DTHREADS -D_REENTRANT -DSSL_FORBID_ENULL -DL_ENDIAN -DTERMIO -O9 -funroll-loops -ffast-math -malign-double -mcpu=pentiumpro -march=pentiumpro -fomit-frame-pointer -fno-exceptions -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM

这是编译OpenSSL的优化参数。

编辑“Makefile.ssl”文件(vi +77 Makefile.ssl),加入:

PROCESSOR= 686

注意:如果CPU是Pentium,用586表示,PentiumPro/II/III用686,486用486。

[root@deep]# make -f Makefile

[root@deep]# make test

[root@deep]# make install

[root@deep]# mv /etc/ssl../misc/* /usr/bin/

[root@deep]# rm -rf /etc/ssl../misc/

[root@deep]# rm -rf /etc/ssl/lib/

[root@deep]# rm -f /usr/bin/CA.pl

[root@deep]# rm -f /usr/bin/CA.sh

[root@deep]# install -m 644 libRSAglue.a /usr/lib/

[root@deep]# install -m 644 rsaref/rsaref.h /usr/include/openssl/

[root@deep]# strip /usr/bin/openssl

[root@deep]# mkdir -p /etc/ssl/crl

“make -f”命令编译OpenSSL函数库(libcrypto.a和libssl.a)以及OpenSSL的二进制文件“openssl”。编译完之后函数库在顶层目录,二进制程序在“apps”子目录。成编译之后,“make test”测试函数库是否正常。最后,“make install”安装OpenSSL。

“mv”命令把“/etc/ssl../misc”目录下的所有文件移到“/usr/bin”目录下。因为在我们的系统中所有的二进制文件都在“/usr/bin”目录下,所以要把二进制文件都移到这个目录下。

“rm”命令删除“/etc/ssl../misc”和“/etc/ssl/lib”目录,因为这个目录中的文件都在别的地方了。“CA.pl”和“CA.sh”文件是小的脚本文件用来创建CA认证。这个脚本和“openssl ca”命令相关,而且有一些奇怪的要求。在默认情况下,OpenSSL的配置不能很容易地使用“openssl ca”。所以我们后面会用“sign.sh”脚本来替换它们。

清除不必要的文件

[root@deep]# cd /var/tmp

[root@deep]# rm -rf openssl-version/ openssl_version.tar.gz

“rm”命令删除所有的编译和安装OpenSSL软件所需的源文件,并把OpenSSL软件的压缩包删除。

配置

可以到这去下载“floppy.tgz”文件:http://pages.infinit.net/lotus1/doc/opti/floppy.tgz。把“floppy.tgz”文件解开之后,可以在相应的目录下发现我们在这本书中介绍的所有软件的配置文件。这样就没有必要手工重新生成这些文件,或者用拷贝粘贴的方法把它们粘贴到配置文件中去。不管是打算自己动手生成配置文件还是拷贝现成的,你都要学会自己修改配置文件并且把配置文件拷贝到正确的目录下。下面将具体说明。

为了运行OpenSSL服务器,必须创建或者把下面的文件拷贝到相应的目录下:

l 把“openssl.cnf”文件拷贝到“/etc/ssl”目录下

l 把“sign.sh”文件拷贝到“/usr/bin”目录下

可以把“floppy.tgz”解压之后,找到上面列出来的文件,并拷贝到相应的目录下,或者用拷贝粘贴的方法从本书中直接粘贴出。

配置“/etc/ssl/openssl.cnf”文件

这是openssl程序总的配置文件,可以配置密匙的过期时间、公司的名称、地址,等等。需要改变得配置在[CA_default]和[req_distinguished_name]这两个section里。

编辑“openssl.cnf”文件(vi /etc/ssl/openssl.cnf),加入并改变:

# OpenSSL example configuration file.

# This is mostly being used for generation of certificate requests.

#

RANDFILE = $ENV::HOME/.rnd

oid_file = $ENV::HOME/.oid

oid_section = new_oids

# To use this configuration file with the "-extfile" option of the

# "openssl x509" utility, name here the section containing the

# X.509v3 extensions to use:

# extensions =

# (Alternatively, use a configuration file that has only

# X.509v3 extensions in its main [= default] section.)

[ new_oids ]

# We can add new OIDs in here for use by 'ca' and 'req'.

# Add a simple OID like this:

# testoid1=1.2.3.4

# Or use config file substitution like this:

# testoid2=${testoid1}.5.6

####################################################################

[ ca ]

default_ca = CA_default # The default ca section

####################################################################

[ CA_default ]

dir = /etc/ssl # Where everything is kept

certs = $dir/certs # Where the issued certs are kept

crl_dir = $dir/crl # Where the issued crl are kept

database = $dir/ca.db.index # database index file.

new_certs_dir = $dir/ca.db.certs # default place for new certs.

certificate = $dir/certs/ca.crt # The CA certificate

serial = $dir/ca.db.serial # The current serial number

crl = $dir/crl.pem # The current CRL

private_key = $dir/private/ca.key # The private key

RANDFILE = $dir/ca.db.rand # private random number file

x509_extensions = usr_cert # The extentions to add to the cert

# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs

# so this is commented out by default to leave a V1 CRL.

# crl_extensions = crl_ext

default_days = 365 # how long to certify for

default_crl_days = 30 # how long before next CRL

default_md = md5 # which md to use.

Preserve = no # keep passed DN ordering

# A few difference way of specifying how similar the request should look

# For type CA, the listed attributes must be the same, and the optional

# and supplied fields are just that

policy = policy_match

# For the CA policy

[ policy_match ]

countryName = match

stateOrProvinceName = match

organizationName = match

organizationalUnitName = optional

commonName = supplied

emailAddress = optional

# For the 'anything' policy

# At this point in time, you must list all acceptable 'object'

# types.

[ policy_anything ]

countryName = optional

stateOrProvinceName = optional

localityName = optional

organizationName = optional

organizationalUnitName = optional

commonName = supplied

emailAddress = optional

####################################################################

[ req ]

default_bits = 1024

default_keyfile = privkey.pem

distinguished_name = req_distinguished_name

attributes = req_attributes

x509_extensions = v3_ca # The extentions to add to the self signed cert

[ req_distinguished_name ]

countryName = Country Name (2 letter code)

countryName_default = CA

countryName_min = 2

countryName_max = 2

stateOrProvinceName = State or Province Name (full name)

stateOrProvinceName_default = Quebec

localityName = Locality Name (eg, city)

localityName_default = Montreal

0.organizationName = Organization Name (eg, company)

0.organizationName_default = Open Network Architecture

# we can do this but it is not needed normally

#1.organizationName = Second Organization Name (eg, company)

#1.organizationName_default = World Wide Web Pty Ltd

organizationalUnitName = Organizational Unit Name (eg, section)

organizationalUnitName_default = Internet Department

commonName = Common Name (eg, YOUR name)

commonName_default = www.openarch.com

commonName_max = 64

emailAddress = Email Address

emailAddress_default = admin@openarch.com

emailAddress_max = 40

# SET-ex3 = SET extension number 3

[ req_attributes ]

challengePassword = A challenge password

challengePassword_min = 4

challengePassword_max = 20

unstructuredName = An optional company name

[ usr_cert ]

# These extensions are added when 'ca' signs a request.

# This goes against PKIX guidelines but some CAs do it and some software

# requires this to avoid interpreting an end user certificate as a CA.

basicConstraints=CA:FALSE

# Here are some examples of the usage of nsCertType. If it is omitted

# the certificate can be used for anything *except* object signing.

# This is OK for an SSL server.

# nsCertType = server

# For an object signing certificate this would be used.

# nsCertType = objsign

# For normal client use this is typical

# nsCertType = client, email

# and for everything including object signing:

# nsCertType = client, email, objsign

# This is typical in keyUsage for a client certificate.

# keyUsage = nonRepudiation, digitalSignature, keyEncipherment

# This will be displayed in Netscape's comment listbox.

nsComment = "OpenSSL Generated Certificate"

# PKIX recommendations harmless if included in all certificates.

subjectKeyIdentifier=hash

authorityKeyIdentifier=keyid,issuer:always

# This stuff is for subjectAltName and issuerAltname.

# Import the email address.

# subjectAltName=email:copy

# Copy subject details

# issuerAltName=issuer:copy

#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem

#nsBaseUrl

#nsRevocationUrl

#nsRenewalUrl

#nsCaPolicyUrl

#nsSslServerName

[ v3_ca]

# Extensions for a typical CA

# PKIX recommendation.

subjectKeyIdentifier=hash

authorityKeyIdentifier=keyid:always,issuer:always

# This is what PKIX recommends but some broken software chokes on critical

# extensions.

#basicConstraints = critical,CA:true

# So we do this instead.

basicConstraints = CA:true

# Key usage: this is typical for a CA certificate. However since it will

# prevent it being used as an test self-signed certificate it is best

# left out by default.

# keyUsage = cRLSign, keyCertSign

# Some might want this also

# nsCertType = sslCA, emailCA

# Include email address in subject alt name: another PKIX recommendation

# subjectAltName=email:copy

# Copy issuer details

# issuerAltName=issuer:copy

# RAW DER hex encoding of an extension: beware experts only!

# 1.2.3.5=RAW:02:03

# You can even override a supported extension:

# basicConstraints= critical, RAW:30:03:01:01:FF

[ crl_ext ]

# CRL extensions.

# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.

# issuerAltName=issuer:copy

authorityKeyIdentifier=keyid:always,issuer:always

注意:编译和安装完OpenSSL程序之后,“openssl.cnf”文件在服务器上已经存在了,可以在“/et/ssl”目录下找到。没有必要改变这个文件中所有的默认配置,经常需要修改的只是[CA_default]和[req_distinguished_name]这两个section。

创建“/usr/bin/sign.sh”脚本文件

“openssl ca”命令有一些奇怪的要求,OpenSSL默认的配置并不是很容易直接使用“openssl ca”,因此我们用“sign.sh”脚本文件替代它。

创建“sign.sh”脚本(touch /usr/bin/sign.sh),加入:

#!/bin/sh

##

## sign.sh -- Sign a SSL Certificate Request (CSR)

## Copyright (c) 1998-1999 Ralf S. Engelschall, All Rights Reserved.

##

# argument line handling

CSR=$1

if [ $# -ne 1 ]; then

echo "Usage: sign.sign <whatever>.csr"; exit 1

fi

if [ ! -f $CSR ]; then

echo "CSR not found: $CSR"; exit 1

fi

case $CSR in

*.csr ) CERT="`echo $CSR | sed -e 's/.csr/.crt/'`" ;;

* ) CERT="$CSR.crt" ;;

esac

# make sure environment exists

if [ ! -d ca.db.certs ]; then

mkdir ca.db.certs

fi

if [ ! -f ca.db.serial ]; then

echo '01' >ca.db.serial

fi

if [ ! -f ca.db.index ]; then

cp /dev/null ca.db.index

fi

# create an own SSLeay config

cat >ca.config <<EOT

[ ca ]

default_ca = CA_own

[ CA_own ]

dir = /etc/ssl

certs = /etc/ssl/certs

new_certs_dir = /etc/ssl/ca.db.certs

database = /etc/ssl/ca.db.index

serial = /etc/ssl/ca.db.serial

RANDFILE = /etc/ssl/ca.db.rand

certificate = /etc/ssl/certs/ca.crt

private_key = /etc/ssl/private/ca.key

default_days = 365

default_crl_days = 30

default_md = md5

preserve = no

policy = policy_anything

[ policy_anything ]

countryName = optional

stateOrProvinceName = optional

localityName = optional

organizationName = optional

organizationalUnitName = optional

commonName = supplied

emailAddress = optional

EOT

# sign the certificate

echo "CA signing: $CSR -> $CERT:"

openssl ca -config ca.config -out $CERT -infiles $CSR

echo "CA verifying: $CERT <-> CA cert"

openssl verify -CAfile /etc/ssl/certs/ca.crt $CERT

# cleanup after SSLeay

rm -f ca.config

rm -f ca.db.serial.old

rm -f ca.db.index.old

# die gracefully

exit 0

现在,让这个脚本可执行并改变它的默认权限:

[root@deep]# chmod 755 /usr/bin/sign.sh

注意:解开“floppy.tgz”文件之后,可以在“mod_ssl-version/pkg.contrib”目录下找到“sign.sh”文件。要根据实际情况改变[CA_own]这一节,而且不要忘了改变“openssl verify -CAfile /etc/ssl/certs/ca.crt $CERT”这一行。

保证OPENSSL的安全

把密匙设置成只能被超级用户“root”可执行和可写。必须保证其他人不能访问这个文件。

用下面的命令使得密匙只能被“root”可执行和可写:

[root@deep]# chmod 600 /etc/ssl/certs/ca.crt

[root@deep]# chmod 600 /etc/ssl/certs/server.crt

[root@deep]# chmod 600 /chroot/httpd/etc/ssl/private/ca.key

[root@deep]# chmod 600 /chroot/httpd/etc/ssl/private/server.key

命令

下面列出的是一些我们经常要用到的命令,当然还有很多其它的命令,更详细的信息可以查看man帮助页或其它文档。

在下面这个例子中,我们指导你如何为Apache Web服务器创建认证:

注意:下面所有的命令都在“/etc/ssl”目录下运行的。

为Apache服务器创建用口令保护的RSA私人密匙。

[root@deep]# openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus

......................+++++

.....+++++

e is 65537 (0x10001)

Enter PEM pass phrase:

Verifying password - Enter PEM pass phrase:

请把“server.key”文件备份起来,记住只有在安全的地方才能输入口令。

用服务器的RSA私人密匙创建Certificate Signing Request(CSR)

[root@deep]# openssl req -new -key server.key -out server.csr

Enter PEM pass phrase:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CA]:

State or Province Name (full name) [Quebec]:

Locality Name (eg, city) [Montreal]:

Organization Name (eg, company) [Open Network Architecture]:

Organizational Unit Name (eg, section) [Internet Department]:

Common Name (eg, YOUR name) [www.openarch.com]:

Email Address [admin@openarch.com]:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:.

An optional company name []:.

现在可以把这个CSR(Certificate Signing Request)发送给认证机构(Certifying Authority, CA),让它签订这个CSR。CSR被签订之后,就成为真正的证书(Certificate),可以被Apache使用。有下面两种选择。第一:可以让商业的CA,如:Verisign或Thawte签订CSR。通常需要在Web上登记CSR,然后支付签订所需的费用,接着等待签订后的证书,最后收到证书把它存成server.crt文件。第二:可以用自己的CA来签订证书。下面介绍如何用自己的CA签订CSR。

首先确信当OpenSSL提示输入“CommonName”的时候,输入服务器的FQDN(Fully Qualified Domain Name,完全合格的域名)。例如:如果要为今后用http://www.mydomain.com访问的站点创建CSR,在这里就需要输入www.mydomain.com。

为自己的CA创建RSA私人密匙

[root@deep]# openssl genrsa -des3 -out ca.key 1024

Generating RSA private key, 1024 bit long modulus

...........................+++++

............................................+++++

e is 65537 (0x10001)

Enter PEM pass phrase:

备份好ca.key文件。注意只有在安全的地方才能输入口令。

用CA的RSA密匙创建自我签订的证书(x509 结构)

[root@deep]# openssl req -new -x509 -days 365 -key ca.key -out ca.crt

Enter PEM pass phrase:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CA]:

State or Province Name (full name) [Quebec]:

Locality Name (eg, city) [Montreal]:

Organization Name (eg, company) [Open Network Architecture]:

Organizational Unit Name (eg, section) [Internet Department]:CA Marketing

Common Name (eg, YOUR name) [www.openarch.com]:

Email Address [admin@openarch.com]:

[root@deep]# mv server.key private/

[root@deep]# mv ca.key private/

[root@deep]# mv ca.crt certs/

注意:当使用“-x509”参数的时候,“req”命令创建了自我签订的证书。

签订一个证书请求(用自己的CA)

准备一个用于签订证书的脚本是必须的,因为“openssl ca”命令有一些很怪的要求而且在默认情况下OpenSSL的配置不是很容易就可以直接使用“openssl ca”。这就需要一个名为“sign.sh”的脚本文件,解开“floppy.tgz”之后就可以在相应的目录中找到。用这个脚本完成签订。

现在用这个CA签订服务器的CSR,这样就能为Apache服务器创建真正的SSL证书(假定你已经有了“server.csr”这个文件)。

[root@deep]# /usr/bin/sign.sh server.csr

Using configuration from ca.config

Enter PEM pass phrase:

Check that the request matches the signature

Signature ok

The Subjects Distinguished Name is as follows

countryName :PRINTABLE:'CA'

stateOrProvinceName :PRINTABLE:'Quebec'

localityName :PRINTABLE:'Montreal'

organizationName :PRINTABLE:'Open Network Architecture'

organizationalUnitName :PRINTABLE:'Internet Department'

commonName :PRINTABLE:'www.openarch.com'

emailAddress :IA5STRING:'admin@openarch.com'

Certificate is to be certified until Dec 1 14:59:29 2000 GMT (365 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

CA verifying: server.crt <-> CA cert

server.crt: OK

上面的命令签订了CSR并把结果存成“server.crt”文件。

[root@deep]# mv server.crt certs/

现在有两个文件:“server.key”和“server.crt”。可以在Apache的配置文件“httpd.conf”文件中加上:

SSLCertificateFile /etc/ssl/certs/server.crt

SSLCertificateKeyFile /etc/ssl/private/server.key

“server.csr”文件可以不要了。

[root@deep]# rm -f server.csr

安装到系统中的文件

> /etc/ssl

> /etc/ssl/crl

> /etc/ssl/certs

> /etc/ssl/private

> /etc/ssl/openssl.cnf

> /usr/bin/openssl

> /usr/bin/c_rehash

> /usr/bin/sign.sh

> /usr/bin/c_hash

> /usr/bin/c_info

> /usr/bin/c_issuer

> /usr/bin/c_name

> /usr/bin/der_chop

> /usr/include/openssl

> /usr/include/openssl/e_os.h

> /usr/include/openssl/e_os2.h

> /usr/include/openssl/crypto.h

> /usr/include/openssl/tmdiff.h

> /usr/include/openssl/opensslv.h

> /usr/include/openssl/opensslconf.h

> /usr/include/openssl/ebcdic.h

> /usr/include/openssl/md2.h

> /usr/include/openssl/md5.h

> /usr/include/openssl/sha.h

> /usr/include/openssl/mdc2.h

> /usr/include/openssl/hmac.h

> /usr/include/openssl/ripemd.h

> /usr/include/openssl/des.h

> /usr/include/openssl/rc2.h

> /usr/include/openssl/rc4.h

> /usr/include/openssl/rc5.h

> /usr/include/openssl/idea.h

> /usr/include/openssl/blowfish.h

> /usr/include/openssl/cast.h

> /usr/include/openssl/bn.h

> /usr/include/openssl/rsa.h

> /usr/include/openssl/dsa.h

> /usr/include/openssl/dh.h

> /usr/include/openssl/buffer.h

> /usr/include/openssl/bio.h

> /usr/include/openssl/stack.h

> /usr/include/openssl/safestack.h

> /usr/include/openssl/lhash.h

> /usr/include/openssl/rand.h

> /usr/include/openssl/err.h

> /usr/include/openssl/objects.h

> /usr/include/openssl/evp.h

> /usr/include/openssl/asn1.h

> /usr/include/openssl/asn1_mac.h

> /usr/include/openssl/pem.h

> /usr/include/openssl/pem2.h

> /usr/include/openssl/x509.h

> /usr/include/openssl/x509_vfy.h

> /usr/include/openssl/x509v3.h

> /usr/include/openssl/conf.h

> /usr/include/openssl/txt_db.h

> /usr/include/openssl/pkcs7.h

> /usr/include/openssl/pkcs12.h

> /usr/include/openssl/comp.h

> /usr/include/openssl/ssl.h

> /usr/include/openssl/ssl2.h

> /usr/include/openssl/ssl3.h

> /usr/include/openssl/ssl23.h

> /usr/include/openssl/tls1.h

> /usr/include/openssl/rsaref.h

> /usr/lib/libcrypto.a

> /usr/lib/libssl.a

> /usr/lib/libRSAglue.a

> /var/lock/subsys/named'

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有