SSL_CTX_use_certificate_file与SSL_CTX_use_certificate_chain_file的比较
来源:互联网 发布:重庆淘宝美工学徒 编辑:程序博客网 时间:2024/05/16 17:12
具体的还是要看官网上的解释了:
NOTES The internal certificate store of OpenSSL can hold two private key/certificate pairs at a time(同时): one key/certificate of type RSA and one key/certificate of type DSA. The certificate used depends on the cipher select, see also <A HREF="../ssl/SSL_CTX_set_cipher_list.html#">
SSL_CTX_set_cipher_list(3)</A>.(居然出现这种错误)
When reading certificates and private keys from file, files of type SSL_FILETYPE_ASN1 (also known as DER, binary encoding) can only contain one certificate or private key(这样就比较受限制了), consequently SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting. Files of type SSL_FILETYPE_PEM can contain more than one item.
SSL_CTX_use_certificate_chain_file() adds the first certificate found in the file to the certificate store. The other certificates are added to the store of chain certificates using SSL_CTX_add_extra_chain_cert(3). There exists only one extra chain store, so that the same chain is appended to both types of certificates, RSA and DSA! If it is not intended to use both type of certificate at the same time, it is recommended to use the SSL_CTX_use_certificate_chain_file() instead of the SSL_CTX_use_certificate_file() function in order to allow the use of complete certificate chains even when no trusted CA storage is used or when the CA issuing the certificate shall not be added to the trusted CA storage.
If additional certificates are needed to complete the chain during the TLS negotiation, CA certificates are additionally looked up in the locations of trusted CA certificates, see SSL_CTX_load_verify_locations(3).
The private keys loaded from file can be encrypted(这个是加密). In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see SSL_CTX_set_default_passwd_cb(3). (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.)
- SSL_CTX_use_certificate_file与SSL_CTX_use_certificate_chain_file的比较
- 指针与引用的比较
- CMM与CMMI的比较
- const 与 #define 的比较
- FreeBSD 与 Linux的比较
- ASP与JSP的比较
- Cnblogs与Oblog的比较
- SWT与Swing的比较
- FreeBSD与Linux的比较
- OSPF与EIGRP的比较
- HiveMind与Spring 的比较
- 对象的相等与比较
- const 与 #define的比较
- EasyMock与JMock的比较
- FreeBSD与Linux的比较
- BDE与ADO的比较
- 高考与现在的比较
- C#与Java的比较
- 教你如何给移动硬盘分区
- 广告术语
- 转基金经理
- 中国惠普前总裁 孙振耀的毕生经验之谈
- 前苏联的黑色幽默
- SSL_CTX_use_certificate_file与SSL_CTX_use_certificate_chain_file的比较
- 国内网站WebServer和所用Cache类型统计
- 前苏联的黑色幽默
- 工厂方法轻松解释.
- AFX_MANAGE_STATE(AfxGetStaticModuleState())
- UML中关联、依赖、聚集等关系的异同
- 动态改变控件的位置
- 这个是错在哪里了
- SQL操作全集
