{"id":1193,"date":"2014-09-05T16:02:00","date_gmt":"2014-09-05T08:02:00","guid":{"rendered":"http:\/\/wx.wosign.com\/?p=1193"},"modified":"2014-09-05T16:06:23","modified_gmt":"2014-09-05T08:06:23","slug":"ssl%e8%bf%9e%e6%8e%a5%e5%bb%ba%e7%ab%8b%e8%bf%87%e7%a8%8b%e5%88%86%e6%9e%901-mengfanrong","status":"publish","type":"post","link":"https:\/\/wx.wosign.com\/?p=1193","title":{"rendered":"SSL\u8fde\u63a5\u5efa\u7acb\u8fc7\u7a0b\u5206\u6790(1) – mengfanrong"},"content":{"rendered":"

Https\u534f\u8bae<\/a>:SSL\u5efa\u7acb\u8fc7\u7a0b\u5206\u6790<\/strong><\/b><\/p>\n

web\u8a2a\u95ee\u7684\u4e24\u79cd\u65b9\u5f0f<\/strong><\/b>\u00a0:<\/p>\n

http\u534f\u8bae<\/strong><\/b>\u00a0,\u6211\u4eec\u666e\u901a\u60c5\u51b5\u4e0b\u662f\u901a\u8fc7\u5b83\u8a2a\u95eeweb,\u7531\u4e8e\u5b83\u4e0d\u8981\u6c42\u592a\u591a\u7684\u5b89\u5168\u673a\u5236,\u4f7f\u7528\u8d77\u6765\u4e5f\u7b80\u5355,\u975e\u5e38\u591aweb\u7f51\u7ad9\u4e5f\u4ec5\u4ec5\u652f\u6301\u8fd9\u6837\u7684\u65b9\u5f0f\u4e0b\u7684\u8a2a\u95ee.<\/p>\n

https\u534f\u8bae<\/strong><\/b>\u00a0(Hypertext Transfer Protocol over Secure Socket Layer),\u5bf9\u4e8e\u5b89\u5168\u6027\u8981\u6c42\u6bd4\u8f03\u9ad8\u7684\u60c5\u51b5,\u80fd\u591f\u901a\u8fc7\u5b83\u8a2a\u95eeweb,\u6bd4\u65b9\u5de5\u5546\u94f6\u884c\u00a0https:\/\/www.icbc.com.cn\/icbc\/\u00a0<\/a><\/i><\/b>(\u5f53\u7136\u4e5f\u80fd\u591f\u901a\u8fc7http\u534f\u8bae\u8a2a\u95ee,\u4ec5\u4ec5\u662f\u6ca1\u90a3\u4e48\u5b89\u5168\u4e86).\u5176\u5b89\u5168\u57fa\u7840\u662fSSL\u534f\u8bae.<\/p>\n

SSL\u534f\u8bae<\/strong><\/b><\/a>\u00a0,\u5f53\u524d\u7248\u672c\u53f7\u4e3a3.1(SSL3.1\u5c31\u662fTLS1.0)\u3002\u5b83\u5df2\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8eWeb\u6d4f\u89c8\u5668\u4e0eserver\u4e4b\u95f4\u7684\u8eab\u4efd\u8ba4\u8bc1\u548c\u52a0\u5bc6\u4f20\u8f93\u6570\u636e.\u5b83\u4f4d\u4e8eTCP\/IP\u534f\u8bae\u4e0e\u5404\u79cd\u5e94\u7528\u5c42\u534f\u8bae\u4e4b\u95f4\uff0c\u4e3a\u6570\u636e\u901a\u8baf\u63d0\u4f9b\u5b89\u5168\u652f\u6301\u3002SSL\u534f\u8bae\u53ef\u5206\u4e3a\u4e24\u5c42\uff1a SSL\u8bb0\u5f55\u534f\u8bae\uff08SSL Record Protocol\uff09\uff1a\u5b83\u5efa\u7acb\u5728\u53ef\u9760\u7684\u4f20\u8f93\u534f\u8bae\uff08\u5982TCP\uff09\u4e4b\u4e0a\uff0c\u4e3a\u9ad8\u5c42\u534f\u8bae\u63d0\u4f9b\u6570\u636e\u5c01\u88c5\u3001\u538b\u7f29\u3001\u52a0\u5bc6\u7b49\u57fa\u672c\u529f\u80fd\u7684\u652f\u6301\u3002 SSL\u63e1\u624b\u534f\u8bae\uff08SSL Handshake Protocol\uff09\uff1a\u5b83\u5efa\u7acb\u5728SSL\u8bb0\u5f55\u534f\u8bae\u4e4b\u4e0a\uff0c\u7528\u4e8e\u5728\u5b9e\u9645\u7684\u4f20\u8f93\u6570\u636e\u958b\u59cb\u524d\uff0c\u901a\u8baf\u4e24\u65b9\u8fdb\u884c\u8eab\u4efd\u8ba4\u8bc1\u3001\u534f\u5546\u52a0\u5bc6\u7b97\u6cd5\u3001\u4ea4\u6362\u52a0\u5bc6\u5bc6\u94a5\u7b49\u3002<\/p>\n

\u4e3a\u4e86\u4e86\u89e3\u5177\u4f53\u8fc7\u7a0b,\u80fd\u591f\u901a\u8fc7\u7f51\u7edc\u6293\u5305\u5de5\u5177(Commview,Iris)\u5206\u6790https\u534f\u8bae,SSL\u8fde\u63a5\u5efa\u7acb\u8fc7\u7a0b\u4e2d,\u6570\u636e\u5305\u4ea4\u6362\u60c5\u51b5.<\/p>\n

\u6570\u636e\u5305\u5206\u6790\u8fc7\u7a0b\u7528\u5230\u7684\u51e0\u4e2a\u56fe.<\/strong><\/b><\/p>\n

\u56fe,SSL Protocol Stack<\/p>\n

\"bA7Ffy\"<\/a><\/p>\n

\u56fe.SSL Record Format<\/p>\n

\"2ABBzi\"<\/a><\/p>\n

\u56fe.SSL Record Protocol Payload<\/p>\n

\"7ZzYra\"<\/a><\/p>\n

\u56fe.Handshake Protocol Action<\/strong><\/b><\/p>\n

\"uMv22a\"<\/a><\/p>\n

\u5b83\u4eec\u6765\u4e4b.\u00a0Cryptography and Network Security Principles and Practices, Fourth Edition-Chapter 17. Web Security-17.2. Secure Socket Layer and Transport Layer Security(password\u5b66\u4e0e\u7f51\u7edc\u5b89\u5168 \u539f\u7406\u4e0e\u5b9e\u8df5\u7b2c\u56db\u7248,17\u7ae0web\u5b89\u5168,17.2\u8282,SSL\u4e0eTLS)\u8be6\u7ec6\u7ec6\u8282\u53c3\u8003\u672c\u4e66.<\/p>\n

\u4ee5\u4e0b\u8ddf\u8e2a\u63e1\u624b\u8fc7\u7a0b(\u56fe\u00a0Handshake Protocol Action<\/strong><\/b>\u00a0)\u4e2d,\u6570\u636e\u5305\u7684\u4ea4\u6362.<\/p>\n

\u4ee5\u4e3ahttps\u65b9\u5f0f\u8a2a\u95ee\u00a0www.sun.com\u00a0<\/a><\/i><\/b>\u4e3a\u6837\u4f8b,\u4e00\u822c\u5927\u578b\u516c\u53f8,\u94f6\u884c\u7684web\u90fd\u652f\u6301https\u8a2a\u95ee,\u5982\u5de5\u5546\u94f6\u884c,sun,\u5fae\u8f6f,IBM.<\/p>\n

\u5728IE\u4e2d\u8f93\u5165:https:\/\/wwww.sun.com,\u7531\u4e8e\u8fd9\u662fhttps\u534f\u8bae,\u6240\u4ee5\u5728\u5b9e\u9645\u8a2a\u95eeweb\u524d,\u4f1a\u5efa\u7acbSSL\u8fde\u63a5.<\/p>\n

\u901a\u8fc7Commview\u6293\u5305\u5de5\u5177,\u8fc7\u6ee4443port(\u666e\u901a\u60c5\u51b5\u4e0b,HTTPS\u4f7f\u7528\u00a0port\u00a0<\/a><\/i><\/b>443\uff0cHTTP\u4f7f\u7528port80)\u80fd\u591f\u5f97\u5230\u6570\u636e\u5305.<\/p>\n

\u6570\u636e\u5305\u5927\u81f4\u60c5\u51b5\u548c(\u56fe\u00a0Handshake Protocol Action)<\/strong><\/b>\u00a0\u76f8\u5e94\u00a0.<\/strong><\/b><\/p>\n

SSL\u8fde\u63a5\u5efa\u7acb\u8fc7\u7a0b\u5206\u6790(1)<\/p>\n

1. \u5e94\u7528\u7a0b\u5e8f\u63a5\u53e3<\/p>\n

1.1 SSL\u521d\u59cb\u5316<\/p>\n

SSL_CTX* InitSSL(int server, char *cert, char *key, char *pw)<\/p>\n

{<\/p>\n

SSL_CTX* ctx;<\/p>\n

SSL_METHOD *meth;<\/p>\n

int status;<\/p>\n

\/\/ \u7b97\u6cd5\u521d\u59cb\u5316<\/p>\n

\/\/ \u8f7d\u5165SSL\u9519\u8bef\u4fe1\u606f<\/p>\n

SSL_load_error_strings();<\/p>\n

\/\/ \u52a0\u5165SSL\u7684\u52a0\u5bc6\/HASH\u7b97\u6cd5<\/p>\n

SSLeay_add_ssl_algorithms();<\/p>\n

\/\/ \u670d\u52a1\u5668\u8fd8\u662f\u5ba2\u6237\u7aef<\/p>\n

If(server)<\/p>\n

meth = SSLv23_server_method();<\/p>\n

else<\/p>\n

meth = SSLv23_client_method();<\/p>\n

\/\/ \u5efa\u7acb\u65b0\u7684SSL\u4e0a\u4e0b\u6587<\/p>\n

ctx = SSL_CTX_new (meth);<\/p>\n

if(!ctx) return NULL;<\/p>\n

\/\/ \u8bbe\u7f6e\u8bc1\u4e66\u6587\u4ef6\u7684\u53e3\u4ee4<\/p>\n

SSL_CTX_set_default_passwd_cb_userdata(ctx, pw);<\/p>\n

\/\/\u8f7d\u5165\u672c\u5730\u8bc1\u4e66\u6587\u4ef6<\/p>\n

status=SSL_CTX_use_certificate_file(ctx, cert, SSL_FILETYPE_ASN1);<\/p>\n

if (status <= 0) {<\/p>\n

frintf(stderr, “Use cert fail, status=%d\/n”, status);<\/p>\n

goto bad;<\/p>\n

}<\/p>\n

\/\/ \u8f7d\u5165\u79c1\u94a5\u6587\u4ef6<\/p>\n

if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0) {<\/p>\n

fprintf(stderr, “Use private key fail\/n”);<\/p>\n

goto bad;<\/p>\n

}<\/p>\n

\/\/ \u68c0\u67e5\u8bc1\u4e66\u548c\u79c1\u94a5\u662f\u5426\u5339\u914d<\/p>\n

if (!SSL_CTX_check_private_key(ctx)) {<\/p>\n

fprintf(“Private key does not match the certificate public key\/n”);<\/p>\n

goto bad;<\/p>\n

}<\/p>\n

fprintf(“Cert and key OK\/n”);<\/p>\n

return ctx;<\/p>\n

bad:<\/p>\n

SSL_CTX_free (ctx);<\/p>\n

return NULL;<\/p>\n

}<\/p>\n

1.2 \u5efa\u7acbSSL\u65b0\u8fde\u63a5<\/p>\n

server\uff1a<\/p>\n

\/\/ \u5efa\u7acbSSL<\/p>\n

ssl = SSL_new (ctx);<\/p>\n

\/\/ \u5c06SSL\u4e0eTCP socket\u8fde\u63a5<\/p>\n

SSL_set_fd (ssl, sd);<\/p>\n

\/\/\u63a5\u53d7\u65b0SSL\u8fde\u63a5<\/p>\n

err = SSL_accept (ssl);<\/p>\n

client\uff1a<\/p>\n

\/\/ \u5efa\u7acbSSL<\/p>\n

ssl = SSL_new (ctx);<\/p>\n

\/\/ \u5c06SSL\u4e0eTCP socket\u8fde\u63a5<\/p>\n

SSL_set_fd (ssl, sd);<\/p>\n

\/\/ SSL\u8fde\u63a5<\/p>\n

err = SSL_connect (ssl);<\/p>\n

server\u7684SSL_accept()\u548cclient\u7684SSL_connect()\u51fd\u6570\u5171\u540c\u5b8c\u6bd5SSL\u7684\u63e1\u624b\u534f\u5546\u8fc7\u7a0b\u3002<\/p>\n

1.3 SSL\u901a\u4fe1<\/p>\n

\u548c\u666e\u901a\u7684read()\/write()\u8c03\u7528\u4e00\u6837\uff0c\u7528\u4ee5\u4e0b\u7684\u51fd\u6570\u5b8c\u6bd5\u6570\u636e\u7684SSL\u53d1\u9001\u548c\u63a5\u6536\uff0c\u51fd\u6570\u8f93\u5165\u6570\u636e\u662f\u660e\u6587\uff0cSSL\u81ea\u5df1\u4e3b\u52a8\u5c06\u6570\u636e\u5c01\u88c5\u8fdbSSL\u4e2d\uff1a<\/p>\n

\u8bfb\/\u63a5\u6536\uff1aSSL_read() \u5199\/\u53d1\u9001\uff1aSSL_write()<\/p>\n

1.4 SSL\u91ca\u653e<\/p>\n

SSL\u91ca\u653e\u975e\u5e38easy\uff1a<\/p>\n

SSL_free (ssl);<\/p>\n

2. SSL\u5b9e\u73b0\u5206\u6790<\/p>\n

\u4e0b\u9762SSL\u6e90\u7801\u53d6\u81eaopenssl-0.9.7b\u3002<\/p>\n

2.1 SSL_load_error_strings<\/p>\n

\u8be5\u51fd\u6570\u8f7d\u5165\u9519\u8bef\u5b57\u7b26\u4e32\u4fe1\u606f\uff1a<\/p>\n

void SSL_load_error_strings(void)<\/p>\n

{<\/p>\n

#ifndef OPENSSL_NO_ERR<\/p>\n

ERR_load_crypto_strings();<\/p>\n

ERR_load_SSL_strings();<\/p>\n

#endif<\/p>\n

}<\/p>\n

\u6700\u540e\u5c06\u4f1a\u8fdb\u5165\u51fd\u6570\uff1a<\/p>\n

static void err_load_strings(int lib, ERR_STRING_DATA *str)<\/p>\n

{<\/p>\n

while (str->error)<\/p>\n

{<\/p>\n

str->error|=ERR_PACK(lib,0,0);<\/p>\n

ERRFN(err_set_item)(str);<\/p>\n

str++;<\/p>\n

}<\/p>\n

}<\/p>\n

\u5f53\u4e2d\uff1a<\/p>\n

#define ERR_PACK(l,f,r)\u00a0\u00a0(((((unsigned long)l)&0xffL)*0x1000000)| \/<\/p>\n

((((unsigned long)f)&0xfffL)*0x1000)| \/<\/p>\n

((((unsigned long)r)&0xfffL)))<\/p>\n

#define ERRFN(a) err_fns->cb_##a<\/p>\n

ERRFN(err_set_item)(str)\u7684\u5b9e\u9645\u51fd\u6570\u5b9e\u73b0\u4e3a\uff1a<\/p>\n

static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)<\/p>\n

{<\/p>\n

ERR_STRING_DATA *p;<\/p>\n

LHASH *hash;<\/p>\n

err_fns_check();<\/p>\n

hash = ERRFN(err_get)(1);<\/p>\n

if (!hash)<\/p>\n

return NULL;<\/p>\n

CRYPTO_w_lock(CRYPTO_LOCK_ERR);<\/p>\n

p = (ERR_STRING_DATA *)lh_insert(hash, d);<\/p>\n

CRYPTO_w_unlock(CRYPTO_LOCK_ERR);<\/p>\n

return p; }<\/p>\n

Lh_insert()\u5c06\u9519\u8bef\u4fe1\u606f\u63d2\u5165\u5230\u4e00\u4e2a\u94fe\u8868\u4e2d<\/p>\n

\u5982\u5173\u4e8e\u52a0\u5bc6\u7b97\u6cd5\u7684\u9519\u8bef\u4fe1\u606f\uff1a<\/p>\n

\/* crypto\/err\/err.c *\/<\/p>\n

static ERR_STRING_DATA ERR_str_functs[]=<\/p>\n

\u2026\u2026<\/p>\n

static ERR_STRING_DATA ERR_str_libraries[]=<\/p>\n

\u2026\u2026<\/p>\n

static ERR_STRING_DATA ERR_str_reasons[]=<\/p>\n

\u2026\u2026<\/p>\n

2.2 SSLeay_add_ssl_algorithms()<\/p>\n

\u8fd9\u5b9e\u9645\u662f\u4e2a\u5b8f\uff1a<\/p>\n

#define OpenSSL_add_ssl_algorithms()\u00a0\u00a0\u00a0 SSL_library_init()<\/p>\n

#define SSLeay_add_ssl_algorithms() SSL_library_init()<\/p>\n

\u5b9e\u9645\u51fd\u6570\u4e3aSSL_library_init()\uff0c\u51fd\u6570\u6bd4\u8f03\u7b80\u5355\uff0c\u5c31\u662f\u8f7d\u5165\u5404\u79cd\u52a0\u5bc6\u548cHASH\u7b97\u6cd5\uff1a<\/p>\n

\/* ssl\/ssl_algs.c *\/<\/p>\n

int SSL_library_init(void)<\/p>\n

{<\/p>\n

#ifndef OPENSSL_NO_DES<\/p>\n

EVP_add_cipher(EVP_des_cbc());<\/p>\n

EVP_add_cipher(EVP_des_ede3_cbc());<\/p>\n

#endif<\/p>\n

#ifndef OPENSSL_NO_IDEA<\/p>\n

EVP_add_cipher(EVP_idea_cbc());<\/p>\n

#endif<\/p>\n

#ifndef OPENSSL_NO_RC4<\/p>\n

EVP_add_cipher(EVP_rc4());<\/p>\n

#endif<\/p>\n

#ifndef OPENSSL_NO_RC2<\/p>\n

EVP_add_cipher(EVP_rc2_cbc());<\/p>\n

#endif<\/p>\n

#ifndef OPENSSL_NO_AES<\/p>\n

EVP_add_cipher(EVP_aes_128_cbc());<\/p>\n

EVP_add_cipher(EVP_aes_192_cbc());<\/p>\n

EVP_add_cipher(EVP_aes_256_cbc());<\/p>\n

#endif<\/p>\n

#ifndef OPENSSL_NO_MD2<\/p>\n

EVP_add_digest(EVP_md2());<\/p>\n

#endif<\/p>\n

#ifndef OPENSSL_NO_MD5<\/p>\n

EVP_add_digest(EVP_md5());<\/p>\n

EVP_add_digest_alias(SN_md5,”ssl2-md5″);<\/p>\n

EVP_add_digest_alias(SN_md5,”ssl3-md5″);<\/p>\n

#endif<\/p>\n

#ifndef OPENSSL_NO_SHA<\/p>\n

EVP_add_digest(EVP_sha1()); \/* RSA with sha1 *\/<\/p>\n

EVP_add_digest_alias(SN_sha1,”ssl3-sha1″);<\/p>\n

EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);<\/p>\n

#endif<\/p>\n

#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)<\/p>\n

EVP_add_digest(EVP_dss1()); \/* DSA with sha1 *\/<\/p>\n

EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);<\/p>\n

EVP_add_digest_alias(SN_dsaWithSHA1,”DSS1″);<\/p>\n

EVP_add_digest_alias(SN_dsaWithSHA1,”dss1″);<\/p>\n

#endif<\/p>\n

\/* If you want support for phased out ciphers, add the following *\/<\/p>\n

#if 0<\/p>\n

EVP_add_digest(EVP_sha());<\/p>\n

EVP_add_digest(EVP_dss());<\/p>\n

#endif<\/p>\n

return(1);<\/p>\n

}<\/p>\n

2.3 SSL23_server_method()<\/p>\n

\u5efa\u7acb\u670d\u52a1\u5668\u7aef\u7684\u65b9\u6cd5\u5e93\uff0c\u8fd9\u662f\u4e2a\u901a\u7528\u51fd\u6570\uff0c\u53ef\u52a8\u6001\u9009\u62e9SSL\u534f\u8bae\u3002\u5047\u8bbe\u60f3\u56fa\u5b9a\u534f\u8bae\uff0c\u80fd\u591f\u4ec5\u4ec5\u7528SSLv2_server_method(), SSLv3_server_method() \u7b49\u51fd\u6570\u6765\u521d\u59cb\u5316\uff0c\u8be5\u51fd\u6570\u8fd4\u56de\u4e00\u4e2aSSL_METHOD\u7ed3\u6784\uff1a<\/p>\n

\/* ssl\/ssl.h *\/<\/p>\n

\/* Used to hold functions for SSLv2 or SSLv3\/TLSv1 functions *\/<\/p>\n

typedef struct ssl_method_st<\/p>\n

{<\/p>\n

int version; \/\/ \u7248\u672c\u53f7\u53f7<\/p>\n

int (*ssl_new)(SSL *s); \/\/ \u5efa\u7acb\u65b0SSL<\/p>\n

void (*ssl_clear)(SSL *s); \/\/ \u6e05\u9664SSL<\/p>\n

void (*ssl_free)(SSL *s);\u00a0 \/\/ \u91ca\u653eSSL<\/p>\n

int (*ssl_accept)(SSL *s); \/\/ server\u63a5\u53d7SSL\u8fde\u63a5<\/p>\n

int (*ssl_connect)(SSL *s); \/\/ client\u7684SSL\u8fde\u63a5<\/p>\n

int (*ssl_read)(SSL *s,void *buf,int len); \/\/ SSL\u8bfb<\/p>\n

int (*ssl_peek)(SSL *s,void *buf,int len); \/\/ SSL\u67e5\u770b\u6570\u636e<\/p>\n

int (*ssl_write)(SSL *s,const void *buf,int len); \/\/ SSL\u5199<\/p>\n

int (*ssl_shutdown)(SSL *s); \/\/ SSL\u534a\u5173\u95ed<\/p>\n

int (*ssl_renegotiate)(SSL *s); \/\/ SSL\u91cd\u534f\u5546<\/p>\n

int (*ssl_renegotiate_check)(SSL *s); \/\/ SSL\u91cd\u534f\u5546\u68c0\u67e5<\/p>\n

long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); \/\/ SSL\u63a7\u5236<\/p>\n

long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); \/\/SSL\u4e0a\u4e0b\u6587\u63a7\u5236<\/p>\n

SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); \/\/ \u901a\u8fc7\u540d\u79f0\u83b7\u53d6SSL\u7684\u7b97\u6cd5<\/p>\n

int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);<\/p>\n

int (*ssl_pending)(SSL *s);<\/p>\n

int (*num_ciphers)(void); \/\/ \u7b97\u6cd5\u6570<\/p>\n

SSL_CIPHER *(*get_cipher)(unsigned ncipher); \/\/ \u83b7\u53d6\u7b97\u6cd5<\/p>\n

struct ssl_method_st *(*get_ssl_method)(int version);<\/p>\n

long (*get_timeout)(void); \/\/ \u8d85\u65f6<\/p>\n

struct ssl3_enc_method *ssl3_enc; \/* Extra SSLv3\/TLS stuff *\/ \/\/ SSL3\u52a0\u5bc6<\/p>\n

int (*ssl_version)(); \/\/ SSL\u7248\u672c\u53f7<\/p>\n

long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)()); \/\/ SSL\u63a7\u5236\u56de\u8c03\u51fd\u6570<\/p>\n

long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)()); \/\/SSL\u4e0a\u4e0b\u6587\u63a7\u5236\u56de\u8c03\u51fd\u6570<\/p>\n

} SSL_METHOD;<\/p>\n

\/* ssl\/s23_srvr.c *\/<\/p>\n

SSL_METHOD *SSLv23_server_method(void)<\/p>\n

{<\/p>\n

static int init=1;<\/p>\n

\/\/ \u9759\u6001\u91cf\uff0c\u6bcf\u4e00\u4e2a\u8fdb\u7a0b\u4ec5\u4ec5\u521d\u59cb\u5316\u4e00\u6b21<\/p>\n

static SSL_METHOD SSLv23_server_data;<\/p>\n

if (init)<\/p>\n

{<\/p>\n

CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);<\/p>\n

if (init)<\/p>\n

{<\/p>\n

\/\/ ssl23\u7684\u57fa\u672c\u65b9\u6cd5\u7ed3\u6784<\/p>\n

memcpy((char *)&SSLv23_server_data,<\/p>\n

(char *)sslv23_base_method(),sizeof(SSL_METHOD));<\/p>\n

\/\/ \u670d\u52a1\u5668,\u6240\u4ee5\u8981\u5b9a\u4e49accept\u65b9\u6cd5<\/p>\n

SSLv23_server_data.ssl_accept=ssl23_accept;<\/p>\n

\/\/ \u4f9d\u636eSSL\u7684\u7248\u672c\u53f7\u8bbe\u7f6eSSL\u7684\u8be6\u7ec6\u65b9\u6cd5\u51fd\u6570<\/p>\n

SSLv23_server_data.get_ssl_method=ssl23_get_server_method;<\/p>\n

init=0;<\/p>\n

}<\/p>\n

CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);<\/p>\n

}<\/p>\n

return(&SSLv23_server_data);<\/p>\n

}<\/p>\n

static SSL_METHOD *ssl23_get_server_method(int ver)<\/p>\n

{<\/p>\n

#ifndef OPENSSL_NO_SSL2<\/p>\n

if (ver == SSL2_VERSION)<\/p>\n

return(SSLv2_server_method());<\/p>\n

#endif<\/p>\n

if (ver == SSL3_VERSION)<\/p>\n

return(SSLv3_server_method());<\/p>\n

else if (ver == TLS1_VERSION)<\/p>\n

return(TLSv1_server_method());<\/p>\n

\/\/ \u968f\u7740TLS1.1(RFC4346)\u7684\u63a8\u51fa\uff0c\u9884\u8ba1\u4e0d\u4e45\u5c06\u51fa\u73b0TLSv1_1_server_method()<\/p>\n

else<\/p>\n

return(NULL);<\/p>\n

}<\/p>\n

\/\/ SSL23\u7684\u65b9\u6cd5\u57fa\u672c\u6570\u636e\u5b9a\u4e49<\/p>\n

\/* ssl\/s23_lib.c *\/<\/p>\n

SSL_METHOD *sslv23_base_method(void)<\/p>\n

{<\/p>\n

return(&SSLv23_data);<\/p>\n

}<\/p>\n

static SSL_METHOD SSLv23_data= {<\/p>\n

TLS1_VERSION,<\/p>\n

tls1_new,<\/p>\n

tls1_clear,<\/p>\n

tls1_free,<\/p>\n

ssl_undefined_function,<\/p>\n

ssl_undefined_function,<\/p>\n

ssl23_read,<\/p>\n

ssl23_peek,<\/p>\n

ssl23_write,<\/p>\n

ssl_undefined_function,<\/p>\n

ssl_undefined_function,<\/p>\n

ssl_ok,<\/p>\n

ssl3_ctrl,<\/p>\n

ssl3_ctx_ctrl,<\/p>\n

ssl23_get_cipher_by_char,<\/p>\n

ssl23_put_cipher_by_char,<\/p>\n

ssl_undefined_function,<\/p>\n

ssl23_num_ciphers,<\/p>\n

ssl23_get_cipher,<\/p>\n

ssl_bad_method,<\/p>\n

ssl23_default_timeout,<\/p>\n

&ssl3_undef_enc_method,<\/p>\n

ssl_undefined_function,<\/p>\n

ssl3_callback_ctrl,<\/p>\n

ssl3_ctx_callback_ctrl,<\/p>\n

};<\/p>\n

\u4ee5SSL3\u7684server\u65b9\u6cd5\u51fd\u6570\u4e3a\u4f8b\uff0c\u5176\u5b83\u65b9\u6cd5\u76f8\u4f3c\uff1a<\/p>\n

\/* ssl\/s3_srvr.c *\/<\/p>\n

SSL_METHOD *SSLv3_server_method(void)<\/p>\n

{<\/p>\n

static int init=1;<\/p>\n

static SSL_METHOD SSLv3_server_data;<\/p>\n

\/\/ \u4ec5\u4ec5\u521d\u59cb\u5316\u4e00\u6b21<\/p>\n

if (init)<\/p>\n

{<\/p>\n

CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);<\/p>\n

if (init)<\/p>\n

{<\/p>\n

\/\/ ssl3\u7684\u57fa\u672c\u65b9\u6cd5\u7ed3\u6784<\/p>\n

memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),<\/p>\n

sizeof(SSL_METHOD));<\/p>\n

\/\/ ssl3\u7684\u63a5\u53d7\u65b9\u6cd5<\/p>\n

SSLv3_server_data.ssl_accept=ssl3_accept;<\/p>\n

\/\/ ssl3\u83b7\u53d6\u670d\u52a1\u5668\u7684\u65b9\u6cd5\u51fd\u6570<\/p>\n

SSLv3_server_data.get_ssl_method=ssl3_get_server_method;<\/p>\n

init=0;<\/p>\n

}<\/p>\n

CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);<\/p>\n

}<\/p>\n

return(&SSLv3_server_data);<\/p>\n

}<\/p>\n

\/\/ SSL3\u7684\u65b9\u6cd5\u57fa\u672c\u6570\u636e\u5b9a\u4e49<\/p>\n

\/* ssl\/s3_lib.c *\/<\/p>\n

static SSL_METHOD SSLv3_data= {<\/p>\n

SSL3_VERSION,<\/p>\n

ssl3_new,<\/p>\n

ssl3_clear,<\/p>\n

ssl3_free,<\/p>\n

ssl_undefined_function,<\/p>\n

ssl_undefined_function,<\/p>\n

ssl3_read,<\/p>\n

ssl3_peek,<\/p>\n

ssl3_write,<\/p>\n

ssl3_shutdown,<\/p>\n

ssl3_renegotiate,<\/p>\n

ssl3_renegotiate_check,<\/p>\n

ssl3_ctrl,<\/p>\n

ssl3_ctx_ctrl,<\/p>\n

ssl3_get_cipher_by_char,<\/p>\n

ssl3_put_cipher_by_char,<\/p>\n

ssl3_pending,<\/p>\n

ssl3_num_ciphers,<\/p>\n

ssl3_get_cipher,<\/p>\n

ssl_bad_method,<\/p>\n

ssl3_default_timeout,<\/p>\n

&SSLv3_enc_data,<\/p>\n

ssl_undefined_function,<\/p>\n

ssl3_callback_ctrl,<\/p>\n

ssl3_ctx_callback_ctrl,<\/p>\n

};<\/p>\n

2.4 SSL23_client_method()<\/p>\n

\u548cserver\u7aef\u7684\u4e8b\u5b9e\u4e0a\u662f\u540c\u6837\u7684\uff0c\u4ec5\u4ec5\u662f\u4e0d\u5b9a\u4e49\u7ed3\u6784\u4e2d\u7684ssl_accept\u800c\u662f\u5b9a\u4e49ssl_connnect\uff1a<\/p>\n

SSL_METHOD *SSLv23_client_method(void)<\/p>\n

{<\/p>\n

static int init=1;<\/p>\n

static SSL_METHOD SSLv23_client_data;<\/p>\n

if (init)<\/p>\n

{<\/p>\n

CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);<\/p>\n

if (init)<\/p>\n

{<\/p>\n

memcpy((char *)&SSLv23_client_data,<\/p>\n

(char *)sslv23_base_method(),sizeof(SSL_METHOD));<\/p>\n

SSLv23_client_data.ssl_connect=ssl23_connect;<\/p>\n

SSLv23_client_data.get_ssl_method=ssl23_get_client_method;<\/p>\n

init=0;<\/p>\n

}<\/p>\n

CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);<\/p>\n

}<\/p>\n

return(&SSLv23_client_data);<\/p>\n

}<\/p>\n

2.5 SSL_CTX_new ()<\/p>\n

\u8be5\u51fd\u6570\u4f9d\u636eSSL\u65b9\u6cd5\u83b7\u53d6\u4e00\u4e2aSSL\u4e0a\u4e0b\u6587\u7ed3\u6784\uff0c\u8be5\u7ed3\u6784\u5b9a\u4e49\u4e3a\uff1a<\/p>\n

\/* ssl\/ssl.h *\/<\/p>\n

struct ssl_ctx_st<\/p>\n

{<\/p>\n

SSL_METHOD *method;<\/p>\n

STACK_OF(SSL_CIPHER) *cipher_list;<\/p>\n

\/* same as above but sorted for lookup *\/<\/p>\n

STACK_OF(SSL_CIPHER) *cipher_list_by_id;<\/p>\n

struct x509_store_st \/* X509_STORE *\/ *cert_store;<\/p>\n

struct lhash_st \/* LHASH *\/ *sessions;\u00a0\/* a set of SSL_SESSIONs *\/<\/p>\n

\/* Most session-ids that will be cached, default is<\/p>\n

* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. *\/<\/p>\n

unsigned long session_cache_size;<\/p>\n

struct ssl_session_st *session_cache_head;<\/p>\n

struct ssl_session_st *session_cache_tail;<\/p>\n

\/* This can have one of 2 values, ored together,<\/p>\n

* SSL_SESS_CACHE_CLIENT,<\/p>\n

* SSL_SESS_CACHE_SERVER,<\/p>\n

* Default is SSL_SESSION_CACHE_SERVER, which means only<\/p>\n

* SSL_accept which cache SSL_SESSIONS. *\/<\/p>\n

int session_cache_mode;<\/p>\n

\/* If timeout is not 0, it is the default timeout value set<\/p>\n

* when SSL_new() is called.\u00a0 This has been put in to make<\/p>\n

* life easier to set things up *\/<\/p>\n

long session_timeout;<\/p>\n

\/* If this callback is not null, it will be called each<\/p>\n

* time a session id is added to the cache.\u00a0 If this function<\/p>\n

* returns 1, it means that the callback will do a<\/p>\n

* SSL_SESSION_free() when it has finished using it.\u00a0 Otherwise,<\/p>\n

* on 0, it means the callback has finished with it.<\/p>\n

* If remove_session_cb is not null, it will be called when<\/p>\n

* a session-id is removed from the cache.\u00a0 After the call,<\/p>\n

* OpenSSL will SSL_SESSION_free() it. *\/<\/p>\n

int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);<\/p>\n

void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);<\/p>\n

SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,<\/p>\n

unsigned char *data,int len,int *copy);<\/p>\n

struct<\/p>\n

{<\/p>\n

int sess_connect;\u00a0\/* SSL new conn – started *\/<\/p>\n

int sess_connect_renegotiate;\/* SSL reneg – requested *\/<\/p>\n

int sess_connect_good;\u00a0\/* SSL new conne\/reneg – finished *\/<\/p>\n

int sess_accept;\u00a0\/* SSL new accept – started *\/<\/p>\n

int sess_accept_renegotiate;\/* SSL reneg – requested *\/<\/p>\n

int sess_accept_good;\u00a0\/* SSL accept\/reneg – finished *\/<\/p>\n

int sess_miss;\u00a0\u00a0\/* session lookup misses\u00a0 *\/<\/p>\n

int sess_timeout;\u00a0\/* reuse attempt on timeouted session *\/<\/p>\n

int sess_cache_full;\u00a0\/* session removed due to full cache *\/<\/p>\n

int sess_hit;\u00a0\u00a0\/* session reuse actually done *\/<\/p>\n

int sess_cb_hit;\u00a0\/* session-id that was not<\/p>\n

* in the cache was<\/p>\n

* passed back via the callback.\u00a0 This<\/p>\n

* indicates that the application is<\/p>\n

* supplying session-id’s from other<\/p>\n

* processes – spooky \ud83d\ude42 *\/<\/p>\n

} stats;<\/p>\n

int references;<\/p>\n

\/* if defined, these override the X509_verify_cert() calls *\/<\/p>\n

int (*app_verify_callback)(X509_STORE_CTX *, void *);<\/p>\n

void *app_verify_arg;<\/p>\n

\/* before OpenSSL 0.9.7, ‘app_verify_arg’ was ignored<\/p>\n

* (‘app_verify_callback’ was called with just one argument) *\/<\/p>\n

\/* Default password callback. *\/ pem_password_cb *default_passwd_callback;<\/p>\n

\/* Default password callback user data. *\/ void *default_passwd_callback_userdata;<\/p>\n

\/* get client cert callback *\/ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);<\/p>\n

CRYPTO_EX_DATA ex_data;<\/p>\n

const EVP_MD *rsa_md5;\/* For SSLv2 – name is ‘ssl2-md5’ *\/<\/p>\n

const EVP_MD *md5;\u00a0\/* For SSLv3\/TLSv1 ‘ssl3-md5’ *\/<\/p>\n

const EVP_MD *sha1;\u00a0\u00a0 \/* For SSLv3\/TLSv1 ‘ssl3->sha1’ *\/<\/p>\n

STACK_OF(X509) *extra_certs; STACK_OF(SSL_COMP) *comp_methods; \/* stack of SSL_COMP, SSLv3\/TLSv1 *\/<\/p>\n

\/* Default values used when no per-SSL value is defined follow *\/<\/p>\n

void (*info_callback)(const SSL *ssl,int type,int val); \/* used if SSL’s info_callback is NULL *\/<\/p>\n

\/* what we put in client cert requests *\/ STACK_OF(X509_NAME) *client_CA;<\/p>\n

\/* Default values to use in SSL structures follow (these are copied by SSL_new) *\/<\/p>\n

unsigned long options;<\/p>\n

unsigned long mode;<\/p>\n

long max_cert_list;<\/p>\n

struct cert_st \/* CERT *\/ *cert; int read_ahead;<\/p>\n

\/* callback that allows applications to peek at protocol messages *\/<\/p>\n

void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);<\/p>\n

void *msg_callback_arg;<\/p>\n

int verify_mode;<\/p>\n

int verify_depth;<\/p>\n

unsigned int sid_ctx_length;<\/p>\n

unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];<\/p>\n

int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); \/* called ‘verify_callback’ in the SSL *\/<\/p>\n

\/* Default generate session ID callback. *\/ GEN_SESSION_CB generate_session_id;<\/p>\n

int purpose;\u00a0\u00a0\/* Purpose setting *\/ int trust;\u00a0\u00a0\/* Trust setting *\/<\/p>\n

int quiet_shutdown; };<\/p>\n

typedef struct ssl_ctx_st SSL_CTX;<\/p>\n

\/* ssl\/ssl_lib.h *\/<\/p>\n

SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)<\/p>\n

{<\/p>\n

SSL_CTX *ret=NULL;<\/p>\n

if (meth == NULL)<\/p>\n

{<\/p>\n

SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);<\/p>\n

return(NULL);<\/p>\n

}<\/p>\n

if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)<\/p>\n

{<\/p>\n

SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);<\/p>\n

goto err;<\/p>\n

}<\/p>\n

\/\/ \u5206\u914d\u4e0a\u4e0b\u6587\u7684\u5185\u5b58\u7a7a\u95f4<\/p>\n

ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));<\/p>\n

if (ret == NULL)<\/p>\n

goto err;<\/p>\n

memset(ret,0,sizeof(SSL_CTX));<\/p>\n

\/\/ \u521d\u59cb\u5316\u4e0a\u4e0b\u6587\u7684\u7ed3\u6784\u53c3\u6570 ret->method=meth;<\/p>\n

ret->cert_store=NULL;<\/p>\n

ret->session_cache_mode=SSL_SESS_CACHE_SERVER;<\/p>\n

ret->session_cache_size=SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;<\/p>\n

ret->session_cache_head=NULL;<\/p>\n

ret->session_cache_tail=NULL;<\/p>\n

\/* We take the system default *\/ ret->session_timeout=meth->get_timeout();<\/p>\n

ret->new_session_cb=0;<\/p>\n

ret->remove_session_cb=0;<\/p>\n

ret->get_session_cb=0;<\/p>\n

ret->generate_session_id=0;<\/p>\n

memset((char *)&ret->stats,0,sizeof(ret->stats));<\/p>\n

ret->references=1; ret->quiet_shutdown=0;<\/p>\n

\/*\u00a0ret->cipher=NULL;*\/<\/p>\n

\/*\u00a0ret->s2->challenge=NULL;<\/p>\n

ret->master_key=NULL;<\/p>\n

ret->key_arg=NULL;<\/p>\n

ret->s2->conn_id=NULL; *\/<\/p>\n

ret->info_callback=NULL;<\/p>\n

ret->app_verify_callback=0; ret->app_verify_arg=NULL;<\/p>\n

ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;<\/p>\n

ret->read_ahead=0;<\/p>\n

ret->msg_callback=0;<\/p>\n

ret->msg_callback_arg=NULL;<\/p>\n

ret->verify_mode=SSL_VERIFY_NONE;<\/p>\n

ret->verify_depth=-1; \/* Don’t impose a limit (but x509_lu.c does) *\/<\/p>\n

ret->sid_ctx_length=0;<\/p>\n

ret->default_verify_callback=NULL;<\/p>\n

if ((ret->cert=ssl_cert_new()) == NULL)<\/p>\n

goto err;<\/p>\n

ret->default_passwd_callback=0;<\/p>\n

ret->default_passwd_callback_userdata=NULL;<\/p>\n

ret->client_cert_cb=0;<\/p>\n

ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),<\/p>\n

LHASH_COMP_FN(SSL_SESSION_cmp));<\/p>\n

if (ret->sessions == NULL) goto err;<\/p>\n

ret->cert_store=X509_STORE_new();<\/p>\n

if (ret->cert_store == NULL) goto err;<\/p>\n

\/\/ \u5efa\u7acb\u52a0\u5bc6\u7b97\u6cd5\u94fe\u8868<\/p>\n

ssl_create_cipher_list(ret->method,<\/p>\n

&ret->cipher_list,&ret->cipher_list_by_id,<\/p>\n

SSL_DEFAULT_CIPHER_LIST);<\/p>\n

if (ret->cipher_list == NULL<\/p>\n

|| sk_SSL_CIPHER_num(ret->cipher_list) <= 0)<\/p>\n

{<\/p>\n

SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);<\/p>\n

goto err2;<\/p>\n

}<\/p>\n

\/\/ \u5b9a\u4e49\u4e0a\u4e0b\u6587\u7ed3\u6784\u4e2dHASH\u7b97\u6cd5<\/p>\n

if ((ret->rsa_md5=EVP_get_digestbyname(“ssl2-md5”)) == NULL)<\/p>\n

{<\/p>\n

SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES);<\/p>\n

goto err2;<\/p>\n

}<\/p>\n

if ((ret->md5=EVP_get_digestbyname(“ssl3-md5”)) == NULL)<\/p>\n

{<\/p>\n

SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);<\/p>\n

goto err2;<\/p>\n

}<\/p>\n

if ((ret->sha1=EVP_get_digestbyname(“ssl3-sha1”)) == NULL)<\/p>\n

{<\/p>\n

SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);<\/p>\n

goto err2;<\/p>\n

}<\/p>\n

if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) goto err;<\/p>\n

CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);<\/p>\n

ret->extra_certs=NULL;<\/p>\n

\/\/ \u538b\u7f29\u7b97\u6cd5<\/p>\n

ret->comp_methods=SSL_COMP_get_compression_methods();<\/p>\n

return(ret);<\/p>\n

err:<\/p>\n

SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);<\/p>\n

err2:<\/p>\n

if (ret != NULL) SSL_CTX_free(ret);<\/p>\n

return(NULL);<\/p>\n

}<\/p>\n

…\u5f85\u7eed…<\/p>\n","protected":false},"excerpt":{"rendered":"

Https\u534f\u8bae:SSL\u5efa\u7acb\u8fc7\u7a0b\u5206\u6790 web\u8a2a\u95ee\u7684\u4e24\u79cd\u65b9\u5f0f\u00a0: http\u534f\u8bae\u00a0,\u6211\u4eec\u666e\u901a\u60c5\u51b5\u4e0b\u662f\u901a\u8fc7\u5b83\u8a2a\u95eeweb … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"https:\/\/wx.wosign.com\/index.php?rest_route=\/wp\/v2\/posts\/1193"}],"collection":[{"href":"https:\/\/wx.wosign.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wx.wosign.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wx.wosign.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/wx.wosign.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1193"}],"version-history":[{"count":3,"href":"https:\/\/wx.wosign.com\/index.php?rest_route=\/wp\/v2\/posts\/1193\/revisions"}],"predecessor-version":[{"id":1202,"href":"https:\/\/wx.wosign.com\/index.php?rest_route=\/wp\/v2\/posts\/1193\/revisions\/1202"}],"wp:attachment":[{"href":"https:\/\/wx.wosign.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wx.wosign.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wx.wosign.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}