通过CURL请求⽰例详解HTTPS协议
curl第⼀步请求如下
1 2 3 4 5 6 7 8 9==Info:SSLv3,TLS handshake,Client hello(1):
<=Send SSL data,84bytes(0x54)
0000:0100005003015a39 c4 54cc f0 0c ed P.. 0010:0d a1 ee 6913cd dc 09c8 e6 c6 891e63 i.........c.. 0020:3e d5 52a2 be 4e00002800390038003500>.R..N..(.9.8.5. 3.2./..... . 0050: ff 020100
服务端响应SeverHello
服务器的回应包含以下内容:
1. 确认使⽤的加密通信协议版本,⽐如TLS 1.0版本。如果浏览器与服务器⽀持的版本不⼀致,服务器关闭加密通信。
2. ⼀个服务器⽣成的随机数,稍后⽤于⽣成”对话密钥”。
3. 确认使⽤的加密⽅法,⽐如RSA公钥加密。
4. 服务器证书。
还有⼀种形式是服务端会校验客户端的证书,⽐如⾦融类⼀般⾦融机构以前⽹银key即包含⼀张客户端证书
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25==Info:SSLv3,TLS handshake,Server hello(2):
<=Recv SSL data,81bytes(0x51)
0000:0200004d03015a39 M..Z9.T.q.. DD 0010:196b c1 12 cd 3e f4 a1 b7 a3 e3 514402 b2 >.....QD... 0020:883a9d245477201339831488 a7 153e eb .:.$ Tw .9.....>. 0030: b3 0609 b4 30cb cb 7e3073671c8b e5 0..~0sg. (1)
0040:ed a3 01d1 bf ef ac 002f000005 /....... 0050:00.
==Info:SSLv3,TLS handshake,CERT(11):
<=Recv SSL data,4760bytes(0x1298)
0..t0. ......省略部分内容
1290:ba c9 8e127e c6 bd ff ....~...
==Info:SSLv3,TLS handshake,Server finished(14):
<=Recv SSL data,4bytes(0x4)
==Info:SSLv3,TLS handshake,Client key exchange(16):
<=Send SSL data,262bytes(0x106)
0000:100001020100 c6 9c69605d3476 i`]4v.; d 0010: a6 1584889412ae d5 7d12227b0357dd bf ........}." {.W.. ......省略部分内容
00e0:958d2a306834128b ab e7 f1 08 db 062a6f..** o
00f0:2c d7 d8 e2 556a74 f3 47 a7 68 cb 69f4 c5 2d,...Ujt.G.h.i..-0100:724e83fe b1 }
客户端回应
1. ⼀个随机数。该随机数⽤服务器公钥加密,防⽌被窃听。
2. 编码改变通知,表⽰随后的信息都将⽤双⽅商定的加密⽅法和密钥发送。
3. 客户端握⼿结束通知,表⽰客户端的握⼿阶段已经结束。这⼀项同时也是前⾯发送的所有内容的hash值,⽤来供服务器校验。三个随机数,⽣成会话密钥。此外,如果前⼀步,服务器要求客户端证书,客户端会在这⼀步发送证书及相关信息。
1 2 3 4 5 6 7==Info:SSLv3,TLS change cipher,Client hello(1):
<=Send SSL data,1bytes(0x1)
0000:01.
==Info:SSLv3,TLS handshake,Finished(20):
<=Send SSL data,16bytes(0x10)
0000:1400000c eb 56 cc 5485f8 b4 18ac db 65 d1 .....
服务器的最后回应
1. 编码改变通知,表⽰随后的信息都将⽤双⽅商定的加密⽅法和密钥发送。
2. 服务器握⼿结束通知,表⽰服务器的握⼿阶段已经结束。这⼀项同时也是前⾯发送的所有内容的hash值,⽤来供客户端校验。
1 2 3 4 5 6 7 8 9 10 11 12==Info:SSLv3,TLS handshake,Finished(20):
<=Recv SSL data,16bytes(0x10)
0000:1400000c6b f7 be 86e4 b1 3a064737bd ae ....k.....:.G7..
==Info:SSL connection using AES128-SHA
==Info:Server certificate:
==Info:subject:/C=CN/ST=beijing/L=beijing/O=BeiJing Baidu Netcom Science Technology Co.,Ltd/OU=service operation department./CN=baidu ==Info:start date:2017-06-2900:00:00GMT
==Info:expire date:2018-08-1723:59:59GMT
==Info:subjectAltName:www.baidu matched
==Info:issuer:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class3Secure Server CA-G4
==Info:SSL certificate verify result:unable to get local issuer certificate(20),continuing anyway.
curl整个请求过程:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76==Info:About to connect()to www.baidu port 443
==Info:Trying 220.181.==Info:connected
==Info:Connected to www.baidu(220.181.112.244) port 443
==Info:successfully set certificate verify locations:
==Info:CAfile:/etc/pki/tls/
CApath:none
==Info:SSLv3,TLS handshake,Client hello(1):
<=Send SSL data,84bytes(0x54)
0000:0100005003015a39 c4 54cc f0 0c ed P..
0010:0d a1 ee 6913cd dc 09c8 e6 c6 891e63 i.........c..
0020:3e d5 52a2 be 4e00002800390038003500>.R..N..(.9.8.5.
3.2./.....curl是什么命令
.
0050:
==Info:SSLv3,TLS handshake,Server hello(2):
<=Recv SSL data,81bytes(0x51)
0000:0200004d03015a39 M..Z9.T.q.. DD
0010:196b c1 12 cd 3e f4 a1 b7 a3 e3 514402 b2 >.....QD...
0020:883a9d245477201339831488 a7 153e eb .:.$ Tw .9.....>.
0030: b3 0609 b4 30cb cb 7e3073671c8b e5 0..~0sg. (1)
0040:ed a3 01d1 bf ef ac 002f000005 /.......
0050:00.
==Info:SSLv3,TLS handshake,CERT(11):
<=Recv SSL data,4760bytes(0x1298)
0..t0.
......省略部分内容
1290:ba c9 8e127e c6 bd ff ....~...
==Info:SSLv3,TLS handshake,Server finished(14):
<=Recv SSL data,4bytes(0x4)
==Info:SSLv3,TLS handshake,Client key exchange(16):
<=Send SSL data,262bytes(0x106)
0000:100001020100 c6 9c69605d3476 i`]4v.; d
0010: a6 1584889412ae d5 7d12227b0357dd bf ........}."{.W..
......省略部分内容
00e0: 95 8d 2a 30 68 34 12 8b ab e7 f1 08 db 06 2a 6f ..**o
00f0: 2c d7 d8 e2 55 6a 74 f3 47 a7 68 cb 69 f4 c5 2d ,...Ujt.G.h.i..-
0100: 72 4e 83 fe b1 7d                              rN...}
== Info: SSLv3, TLS change cipher, Client hello (1):
<= Send SSL data, 1 bytes (0x1)
0000: 01                                              .
== Info: SSLv3, TLS handshake, Finished (20):
<= Send SSL data, 16 bytes (0x10)
0000: 14 00 00 0c eb 56 cc 54 85 f8 b4 18 ac db 65 d1 .....
== Info: SSLv3, TLS change cipher, Client hello (1):
<= Recv SSL data, 1 bytes (0x1)
0000: 01                                              .
== Info: SSLv3, TLS handshake, Finished (20):
<= Recv SSL data, 16 bytes (0x10)
0000: 14 00 00 0c 6b f7 be 86 e4 b1 3a 06 47 37 bd ae ....k.....:.G7..
== Info: SSL connection using AES128-SHA
== Info: Server certificate:
== Info:    subject: /C=CN/ST=beijing/L=beijing/O=BeiJing Baidu Netcom Science Technology Co., Ltd/OU=service operation department./CN=baidu == Info:    start date: 2017-06-29 00:00:00 GMT
== Info:    expire date: 2018-08-17 23:59:59 GMT
== Info:    subjectAltName: www.baidu matched
== Info:    issuer: /C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
== Info: SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
=> Send header, 157 bytes (0x9d)
0000: 47 45 54 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a GET / HTTP/1.1..
0010: 55 73 65 72 2d 41 67 65 6e 74 3a 20 63 75 72 6c User-Agent: curl
0020: 2f 37 2e 31 35 2e 35 20 28 78 38 36 5f 36 34 2d /7.15.5 (x86_64-
0030: 72 65 64 68 61 74 2d 6c 69 6e 75 78 2d 67 6e 75 redhat-linux-gnu
0040: 29 20 6c 69 62 63 75 72 6c 2f 37 2e 31 35 2e 35 ) libcurl/7.15.5
0050: 20 4f 70 65 6e 53 53 4c 2f 30 2e 39 2e 38 62 20  OpenSSL/0.9.8b
0060: 7a 6c 69 62 2f 31 2e 32 2e 33 20 6c 69 62 69 64 zlib/1.2.3 libid
0070: 6e 2f 30 2e 36 2e 35 0d 0a 48 6f 73 74 3a 20 77 n/0.6.5..Host: w
0080: 77 77 2e 62 61 69 64 75 2e 63 6f 6d 0d 0a 41 63 ww.baidu..Ac
0090: 63 65 70 74 3a 20 2a 2f 2a 0d 0a 0d 0a          cept: */*....
<= Recv header, 17 bytes (0x11)
0000: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d HTTP/1.1 200 OK.
0010: 0a                                              .
<= Recv header, 22 bytes (0x16)
0000: 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 Accept-Ranges: b
0010: 79 74 65 73 0d 0a                              ytes..
<= Recv header, 76 bytes (0x4c)
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 1330000: 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 70 Cache-Control: p 0010: 72 69 76 61 74 65 2c 20 6e 6f 2d 63 61 63 68 65 rivate, no-cache 0020: 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 70 72 6f 78 , no-store, prox
0030: 79 2d 72 65 76 61 6c 69 64 61 74 65 2c 20 6e 6f y-revalidate, no 0040: 2d 74 72 61 6e 73 66 6f 72 6d 0d 0a            -transform..
<= Recv header, 24 bytes (0x18)
0000: 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 Connection: Keep 0010: 2d 41 6c 69 76 65 0d 0a                        -Alive..
<= Recv header, 22 bytes (0x16)
0000: 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 Content-Length: 0010: 32 34 34 33 0d 0a                              2443..
<= Recv header, 25 bytes (0x19)
0000: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 Content-Type: te 0010: 78 74 2f 68 74 6d 6c 0d 0a                      xt/html..
<= Recv header, 37 bytes (0x25)
0000: 44 61 74 65 3a 20 57 65 64 2c 20 32 30 20 44 65 Date: Wed, 20 De 0010: 63 20 32 30 31 37 20 30 32 3a 30 30 3a 35 32 20 c 2017 02:00:52 0020: 47 4d 54 0d 0a                                  GMT..
<= Recv header, 22 bytes (0x16)
0000: 45 74 61 67 3a 20 22 35 38 38 36 30 33 65 63 2d Etag: "588603ec-0010:393862220d0a98b" ..
<=Recv header,46bytes(0x2e)
0000:4c6173742d4d6f6469666965643a204d Last-Modified: M 0010:6f6e2c203233204a616e203230313720on,23 Jan 2017 0020:31333a32333a353620474d540d0a13:23:56GMT..
<=Recv header,18bytes(0x12)
0000:507261676d613a206e6f2d6361636865Pragma:no- cache 0010:0d0a..
<=Recv header,22bytes(0x16)
0000:5365727665723a206266652f312e302e Server:bfe/1.0. 0010:382e31380d0a8.18..
<=Recv header,67bytes(0x43)
0000:5365742d436f6f6b69653a2042444f52Set-Cookie: BDOR 0010:5a3d32373331353b206d61782
d616765Z=27315;max- age 0020:3d38363430303b20646f6d61696e3d2e=86400;domain=. 0030:62616964752e636f6d3b20706174683d baidu;path= 0040:2f0d0a/..
<=Recv data,1040bytes(0x410)
0000:3c21444f43545950452068746d6c3e0d<!DOCTYPE html>. 0010:0a3c212d2d535441545553204f4b2d2d.<!--STATUS OK--0020:3e3c68746d6c3e203c686561643e3c6d><html><head>< m ......省略部分内容
0400:3c696e70757420747970653d7375626d<input type=subm
<=Recv data,1bytes(0x1)
0000:69i
<=Recv data,1402bytes(0x57a)
0000:742069643d73752076616c75653d e7 99 t id=su value=.. 0010:be e5 ba a6 e4 b8 80e4 lass ......省略部分内容
0560:3e203c2f6469763e203c2f626f64793e></div></body> 0570:203c2f68746d6c3e0d0a</html>..
==Info:Connection#0 to host www.baidu left intact
==Info:Closing connection#0
==Info:SSLv3,TLS alert,Client hello(1):
<=Send SSL data,2bytes(0x2)
0000:0100..