File: README.SSL

package info (click to toggle)
w3m 0.5.2-9
  • links: PTS
  • area: main
  • in suites: squeeze
  • size: 12,848 kB
  • ctags: 8,848
  • sloc: ansic: 56,194; perl: 4,278; sh: 3,716; makefile: 847; ruby: 776; awk: 85; sed: 16
file content (114 lines) | stat: -rw-r--r-- 4,409 bytes parent folder | download | duplicates (9) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
SSL ݡȤˤĤ

                                                         (2000/11/07)  
                                                        okabek@guitar.ocn.ne.jp
                                                         (2001/12/27)  ʸ
                                                              ukai@debian.or.jp

  OpenSSL 饤֥̤, SSL 򥵥ݡȤƤޤ.
    餫ᥤ󥹥ȡ뤷ƤƤ.
   
  OpenSSL 饤֥꤬󥹥ȡ뤵Ƥ configure ץȼ¹Ի˼
    ưŪ˸ФѲǽȤʤޤ.
    ⤷ޤưʤȤ, config.h åƤߤƤ. SSL Ѥ
    뤿ˤ, config.h , USE_SSL ޥƤɬפޤ.
    , SSL ǧڥݡȤѤ, USE_SSL_VERIFY ޥå
    ƤߤƤ.
    ѥǥ顼Ф, 󥫥ե饰 `-lssl -lcrypto', ѥ
    ե饰 '-I(SSLeay/OpenSSL Υإåǥ쥯ȥ)' 뤫ǧƤ
    .
   
    SSL ݡȤͭˤʤäƤ뤫ɤ, Option Setting Panel ˡSSL
    פޤޤƤ뤫ɤdzǧǤޤ.
   
  SSL ˴ؤưʲ꤬ǽˤʤäƤޤ:

    ssl_forbid_method
        ȤʤSSL᥽åɤΥꥹ(2: SSLv2, 3: SSLv3, t: TLSv1)
        (ǥեȤ<NULL>).
    ssl_verify_server ON/OFF
        SSLΥǧڤԤ(ǥեȤOFF).
    ssl_cert_file ե̾
        SSLΥ饤PEMե(ǥեȤ<NULL>).
    ssl_key_file ե̾
        SSLΥ饤PEM̩ե(ǥեȤ<NULL>).
    ssl_ca_path ǥ쥯ȥ̾
        SSLǧڶɤPEM񷲤Τǥ쥯ȥؤΥѥ
        (ǥեȤ<NULL>).
    ssl_ca_file ե̾
        SSLǧڶɤPEM񷲤Υե(ǥեȤ<NULL>).
    SSLEAY_VERSION_NUMBER >= 0x0800פʴĶǤʤ̵̤ʥɤ
    ʤΤ, configuredisableƤۤ褤Ǥ礦.

    ޤºݤǧڤԤ, ssl_ca_pathޤssl_ca_file, Фθ
    ̾Ƥǧڶɤξ (ssl_verify_serverON/OFF˴ط̵) 
    ʤȥǧڤޤ

    ̾ȤƤǧڶɤξϰʲΤȤʤɤǤޤ

    * mozillaΥ˴ޤޤƤ 
       mozilla/security/nss/lib/ckfw/builtins/certdata.txt
      źդ ruby script  *.pemեȤƤȤ

	% ruby certdata2pem.rb < certdata.txt

      ǥȥǥ쥯ȥ *.pemեȤ
      openssl c_rehash ޥɤ hash symlink ޤ
      Υǥ쥯ȥ ssl_ca_path ꤹ뤳ȤǤޤ
      ⤷ϡ*.pem ޤȤ᤿ĤΥեƤ
       ssl_ca_file ꤹ뤳ȤǤޤ

   * mod_sslΥ˴ޤޤƤ pkg.sslcfg/ca-bundle.crt
       PEMʤΤǡΥեΥեѥ̾ ssl_ca_file 
      ꤹ뤳ȤǤޤ

  С 0.9.5 ʹߤ OpenSSL 饤֥, 뤿˴Ĥ
    Υɤꤹɬפޤ.
    ǥեȤǤ /dev/urandom ФѤޤ, ̵ w3m 
    ޤ. ⤷, EGD (Entropy Gathering Daemon) ޤ PRNGD (Pseudo
    Random Number Generator Daemon) ѤǤĶǤȤ,
    USE_EGD ޥåƤߤƤ.

  URL

    OpenSSL - http://www.openssl.org/
    PRNGD - http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html

----------------------------------------------------------------
#!/usr/bin/ruby
# Copyright (c) 2001 Fumitoshi UKAI <ukai@debian.or.jp>
#     All rights reserved.
#     This is free software with ABSOLUTELY NO WARRANTY.
#
# You can redistribute it and/or modify it under the terms of 
# the Ruby's licence.
#
# certdata2pem.rb

while line = $stdin.gets
  next if line =~ /^#/
  next if line =~ /^\s*$/
  line.chomp!
  if line =~ /CKA_LABEL/
    label,type,val = line.split(' ',3)
    val.sub!(/^"/, "")
    val.sub!(/"$/, "")
    fname = val.gsub(/\//,"_").gsub(/\s+/, "_").gsub(/[()]/, "=") + ".pem"
    next
  end
  if line =~ /CKA_VALUE MULTILINE_OCTAL/
    data=''
    while line = $stdin.gets
      break if /^END/
      line.chomp!
      line.gsub(/\\([0-3][0-7][0-7])/) { data += $1.oct.chr }
    end
    open(fname, "w") do |fp|
      fp.puts "-----BEGIN CERTIFICATE-----"
      fp.puts [data].pack("m*")
      fp.puts "-----END CERTIFICATE-----"
    end
    puts "Created #{fname}"
  end
end
system("c_rehash", ".")