<分区>
我按照以下说明在 Win7 Pro 32 位上安装了 openSSL openssl-1.0.2e-i386-win32:Installing OpenSSL in Windows 8.1 .
我用这个测试了它:
C:\Programs\OpenSSL-Win32\bin>openssl version
OpenSSL 1.0.2e 3 Dec 2015
我收到一条错误消息,提示 Verify return code: 20 (unable to get local issuer certificate)。
C:\Programs\OpenSSL-Win32\bin>openssl s_client -connect www.openssl.org:443
CONNECTED(00000180)
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Domain Validation CA - SHA256 - G2
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/OU=Domain Control Validated/CN=*.openssl.org
i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgISESHQqr5sLPE1xTXWmA7ABqljMA0GCSqGSIb3DQEBCwUA
MGAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYD
VQQDEy1HbG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g
RzIwHhcNMTQxMDA5MjAyOTAwWhcNMTcxMTEyMTcxNDA1WjA7MSEwHwYDVQQLExhE
b21haW4gQ29udHJvbCBWYWxpZGF0ZWQxFjAUBgNVBAMMDSoub3BlbnNzbC5vcmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkfg71ZYW6VtWDbDEmAfDw
CAKVJ260FAP6gANjS8eO+0drZe6MexIA5htR/sYhG8PIsJnKBuxiQ9KwMbRwLxBU
HcuBACT3MNif1DsFWuNCMFsTDPrfJzLOgoPo+4lQ0QYARwMJhxelA0P9rcTwBACY
6QRZgfAJ5iezz69GJkmrDGZIUoAR+PFF7xR/rzFaBMH7gbok0UJRKFPxO5fyiSfc
ZvSmMV/AZcUGVmxE9HLBQ6QCTbAdGAdVlHHxFPVb9Of9Ze/KJg8VIwFl5Hw+RQCj
+OjtBPkSwNQ9r0Bwc2c7uRnRpojERHxlo7Tn8uJ+LYcCkWcaVc8+JbjF78F8E417
AgMBAAGjggHMMIIByDAOBgNVHQ8BAf8EBAMCBaAwSQYDVR0gBEIwQDA+BgZngQwB
AgEwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVw
b3NpdG9yeS8wJQYDVR0RBB4wHIINKi5vcGVuc3NsLm9yZ4ILb3BlbnNzbC5vcmcw
CQYDVR0TBAIwADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0f
BDwwOjA4oDagNIYyaHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFp
bnZhbHNoYTJnMi5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMEcGCCsGAQUFBzAChjto
dHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2RvbWFpbnZhbHNo
YTJnMnIxLmNydDA5BggrBgEFBQcwAYYtaHR0cDovL29jc3AyLmdsb2JhbHNpZ24u
Y29tL2dzZG9tYWludmFsc2hhMmcyMB0GA1UdDgQWBBQPVUooul4mMU0KrqGTBtQ6
ZtRofjAfBgNVHSMEGDAWgBTqTnzUgC3lFYGGJoyCbcCYpM+XDzANBgkqhkiG9w0B
AQsFAAOCAQEAiJDoinZmR2M9Zlap1DM9WOHgwIMot154eNPZyf27rYxv9kekdTAp
9fesfBScMzq9NCyzy8rtWxMCPyhpCXh9iibkC3Yon+sj/gZSrNNh2nfeKhuroBxi
alaGRjg1WHNKx4Wc5dGm+chJCZFWOk1NzB8JZQQcSNt3IFyDWSScEGXwiVe1VbUa
tYIohSiWzvFMEfj7YoXt6tihYqEJG42jBg7MhaUtI4rUSDC5LB20Zhv0OG5CRORj
Wg8Iz2SUXkH8F1RJo+kMbCC/DFeII/ZTrF+B7qRVvLkctlLcukylqvsE1vibozQb
0A8/RZkfkqobqnkLnYeLUSCWNx/AHm8L5w==
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=*.openssl.org
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Domain Validation CA - SHA256 - G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3094 bytes and written 443 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 2FD38B8D2C8B19A1147EF4EAE05ADCD4EEA173A4AC5DB099EC2068B8C410C447
Session-ID-ctx:
Master-Key: DC29698D8DF1353C367B59E1A5C2ECFF701F008CB0AF065E2645F549DF3C6C2181C75EEB23528B552BD7974F6607EAC4
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 34 17 31 4f 0b 41 66 b3-72 19 aa 32 4c ab dd 2b 4.1O.Af.r..2L..+
0010 - 75 d5 2a 39 5a 83 49 09-8b fb 9a 19 a6 8e d5 cc u.*9Z.I.........
0020 - 92 b6 99 2e e3 4e 7a 48-80 bc a9 ef 76 42 ac 80 .....NzH....vB..
0030 - df 8c e2 4c 26 7a 1c 01-0f e1 6e 58 84 77 55 0c ...L&z....nX.wU.
0040 - b3 ce 21 ed 87 04 03 79-04 99 4d 4a 72 ac db 99 ..!....y..MJr...
0050 - f6 d0 e2 06 f5 6c 27 f2-5b f2 5d 2a b7 be b8 cf .....l'.[.]*....
0060 - ec 05 18 e8 a2 ed a8 5a-8a 53 50 0f 60 dc ce 35 .......Z.SP.`..5
0070 - c8 f6 ec 49 eb 42 46 0a-b8 82 33 28 10 63 d0 9f ...I.BF...3(.c..
0080 - e3 a7 00 db 23 ed c2 1a-46 06 63 58 91 88 b6 e1 ....#...F.cX....
0090 - a2 30 93 22 31 1c b6 43-a9 a7 5e 06 bf ad 0a 99 .0."1..C..^.....
00a0 - 84 ef 63 3f f5 eb 18 bc-88 f4 04 2f d2 4a bf 2c ..c?......./.J.,
00b0 - 62 ad 3e 4f 44 84 7b 87-b0 96 9e d0 19 ed 26 5d b.>OD.{.......&]
Start Time: 1451515804
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
read:errno=0
听起来我的机器上没有证书,所以我去下载了证书: https://support.globalsign.com/customer/portal/articles/1464460-domainssl-intermediate-certificates
我选择了 SHA-256 Orders(默认) 我收到一条消息说: “此证书已作为证书颁发机构安装”
所以我用这个进行了测试:
C:\Programs\OpenSSL-Win32\bin>openssl s_client -CAfile GlobalSign Domain Validation CA - SHA256 - G2
unknown option Domain
usage: s_client args
-host host - use -connect instead
-port port - use -connect instead
-connect host:port - who to connect to (default is localhost:4433)
-verify_host host - check peer certificate matches "host"
-verify_email email - check peer certificate matches "email"
-verify_ip ipaddr - check peer certificate matches "ipaddr"
-verify arg - turn on peer certificate verification
-verify_return_error - return verification errors
-cert arg - certificate file to use, PEM format assumed
-certform arg - certificate format (PEM or DER) PEM default
-key arg - Private key file to use, in cert file if
not specified but cert file is.
-keyform arg - key format (PEM or DER) PEM default
-pass arg - private key file pass phrase source
-CApath arg - PEM format directory of CA's
-CAfile arg - PEM format file of CA's
-no_alt_chains - only ever use the first certificate chain found
-reconnect - Drop and re-make the connection with the same Session-ID
-pause - sleep(1) after each read(2) and write(2) system call
-prexit - print session information even on connection failure
-showcerts - show all certificates in the chain
-debug - extra output
-msg - Show protocol messages
-nbio_test - more ssl protocol testing
-state - print the 'ssl' states
-nbio - Run with non-blocking IO
-crlf - convert LF from terminal into CRLF
-quiet - no s_client output
-ign_eof - ignore input eof (default when -quiet)
-no_ign_eof - don't ignore input eof
-psk_identity arg - PSK identity
-psk arg - PSK in hex (without 0x)
-srpuser user - SRP authentification for 'user'
-srppass arg - password for 'user'
-srp_lateuser - SRP username into second ClientHello message
-srp_moregroups - Tolerate other than the known g N values.
-srp_strength int - minimal length in bits for N (default 1024).
-ssl2 - just use SSLv2
-ssl3 - just use SSLv3
-tls1_2 - just use TLSv1.2
-tls1_1 - just use TLSv1.1
-tls1 - just use TLSv1
-dtls1 - just use DTLSv1
-fallback_scsv - send TLS_FALLBACK_SCSV
-mtu - set the link layer MTU
-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
-bugs - Switch on all SSL implementation bug workarounds
-serverpref - Use server's cipher preferences (only SSLv2)
-cipher - preferred cipher to use, use the 'openssl ciphers'
command to see what is available
-starttls prot - use the STARTTLS command before starting TLS
for those protocols that support it, where
'prot' defines which one to assume. Currently,
only "smtp", "pop3", "imap", "ftp" and "xmpp"
are supported.
-engine id - Initialise and use the specified engine
-rand file;file;...
-sess_out arg - file to write SSL session to
-sess_in arg - file to read SSL session from
-servername host - Set TLS extension servername in ClientHello
-tlsextdebug - hex dump of all TLS extensions received
-status - request certificate status from server
-no_ticket - disable use of RFC4507bis session tickets
-serverinfo types - send empty ClientHello extensions (comma-separated numbers)
-curves arg - Elliptic curves to advertise (colon-separated list)
-sigalgs arg - Signature algorithms to support (colon-separated list)
-client_sigalgs arg - Signature algorithms to support for client
certificate authentication (colon-separated list)
-nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)
-alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)
-legacy_renegotiation - enable use of legacy renegotiation (dangerous)
-use_srtp profiles - Offer SRTP key management with a colon-separated profile list
-keymatexport label - Export keying material using label
-keymatexportlen len - Export len bytes of keying material (default 20)
我做错了什么?
谢谢。
我需要在客户计算机上运行Ruby应用程序。通常需要几天才能完成(复制大备份文件)。问题是如果启用sleep,它会中断应用程序。否则,计算机将持续运行数周,直到我下次访问为止。有什么方法可以防止执行期间休眠并让Windows在执行后休眠吗?欢迎任何疯狂的想法;-) 最佳答案 Here建议使用SetThreadExecutionStateWinAPI函数,使应用程序能够通知系统它正在使用中,从而防止系统在应用程序运行时进入休眠状态或关闭显示。像这样的东西:require'Win32API'ES_AWAYMODE_REQUIRED=0x0
给定这段代码defcreate@upgrades=User.update_all(["role=?","upgraded"],:id=>params[:upgrade])redirect_toadmin_upgrades_path,:notice=>"Successfullyupgradeduser."end我如何在该操作中实际验证它们是否已保存或未重定向到适当的页面和消息? 最佳答案 在Rails3中,update_all不返回任何有意义的信息,除了已更新的记录数(这可能取决于您的DBMS是否返回该信息)。http://ar.ru
我想安装一个带有一些身份验证的私有(private)Rubygem服务器。我希望能够使用公共(public)Ubuntu服务器托管内部gem。我读到了http://docs.rubygems.org/read/chapter/18.但是那个没有身份验证-如我所见。然后我读到了https://github.com/cwninja/geminabox.但是当我使用基本身份验证(他们在他们的Wiki中有)时,它会提示从我的服务器获取源。所以。如何制作带有身份验证的私有(private)Rubygem服务器?这是不可能的吗?谢谢。编辑:Geminabox问题。我尝试“捆绑”以安装新的gem..
为什么4.1%2返回0.0999999999999996?但是4.2%2==0.2。 最佳答案 参见此处:WhatEveryProgrammerShouldKnowAboutFloating-PointArithmetic实数是无限的。计算机使用的位数有限(今天是32位、64位)。因此计算机进行的浮点运算不能代表所有的实数。0.1是这些数字之一。请注意,这不是与Ruby相关的问题,而是与所有编程语言相关的问题,因为它来自计算机表示实数的方式。 关于ruby-为什么4.1%2使用Ruby返
我希望我的UserPrice模型的属性在它们为空或不验证数值时默认为0。这些属性是tax_rate、shipping_cost和price。classCreateUserPrices8,:scale=>2t.decimal:tax_rate,:precision=>8,:scale=>2t.decimal:shipping_cost,:precision=>8,:scale=>2endendend起初,我将所有3列的:default=>0放在表格中,但我不想要这样,因为它已经填充了字段,我想使用占位符。这是我的UserPrice模型:classUserPrice回答before_val
我有一个表单,其中有很多字段取自数组(而不是模型或对象)。我如何验证这些字段的存在?solve_problem_pathdo|f|%>... 最佳答案 创建一个简单的类来包装请求参数并使用ActiveModel::Validations。#definedsomewhere,atthesimplest:require'ostruct'classSolvetrue#youcouldevencheckthesolutionwithavalidatorvalidatedoerrors.add(:base,"WRONG!!!")unlesss
我有一些非常大的模型,我必须将它们迁移到最新版本的Rails。这些模型有相当多的验证(User有大约50个验证)。是否可以将所有这些验证移动到另一个文件中?说app/models/validations/user_validations.rb。如果可以,有人可以提供示例吗? 最佳答案 您可以为此使用关注点:#app/models/validations/user_validations.rbrequire'active_support/concern'moduleUserValidationsextendActiveSupport:
当我的预订模型通过rake任务在状态机上转换时,我试图找出如何跳过对ActiveRecord对象的特定实例的验证。我想在reservation.close时跳过所有验证!叫做。希望调用reservation.close!(:validate=>false)之类的东西。仅供引用,我们正在使用https://github.com/pluginaweek/state_machine用于状态机。这是我的预订模型的示例。classReservation["requested","negotiating","approved"])}state_machine:initial=>'requested
我有一个服务模型/表及其注册表。在表单中,我几乎拥有服务的所有字段,但我想在验证服务对象之前自动设置其中一些值。示例:--服务Controller#创建Action:defcreate@service=Service.new@service_form=ServiceFormObject.new(@service)@service_form.validate(params[:service_form_object])and@service_form.saverespond_with(@service_form,location:admin_services_path)end在验证@ser
我有一个包含多个键的散列和一个字符串,该字符串不包含散列中的任何键或包含一个键。h={"k1"=>"v1","k2"=>"v2","k3"=>"v3"}s="thisisanexamplestringthatmightoccurwithakeysomewhereinthestringk1(withspecialcharacterslike(^&*$#@!^&&*))"检查s是否包含h中的任何键的最佳方法是什么,如果包含,则返回它包含的键的值?例如,对于上面的h和s的例子,输出应该是v1。编辑:只有字符串是用户定义的。哈希将始终相同。 最佳答案