Openssl 3 0 7

11:58:19 [error] 30909#0: *25441 connect() failed (111: Connection refused) while connecting to upstream, client: 81.57.19.196, server: cloud.2rock.fr, request: "PROPFIND /remote.php/webdav/Shared HTTP/1.1", upstream: " host: "cloud.2rock.fr"2016/10/15 11:58:21 [error] 30909#0: *25441 connect() failed (111: Connection refused) while connecting to upstream, client: 81.57.19.196, server: cloud.2rock.fr, request: "PROPFIND /remote.php/webdav/ HTTP/1.1", upstream: " host: "cloud.2rock.fr"2016/10/15 11:58:24 [error] 30909#0: *25441 connect() failed (111: Connection refused) while connecting to upstream, client: 81.57.19.196, server: cloud.2rock.fr, request: "PROPFIND /remote.php/webdav/Music HTTP/1.1", upstream: " host: "cloud.2rock.fr"2016/10/15 11:58:41 [error] 30909#0: *25441 connect() failed (111: Connection refused) while connecting to upstream, client: 81.57.19.196, server: cloud.2rock.fr, request: "PROPFIND /remote.php/webdav/ HTTP/1.1", upstream: " host: "cloud.2rock.fr"2016/10/15 11:58:44 [error] 30909#0: *25732 connect() failed (111: Connection refused) while connecting to upstream, client: 81.57.19.196, server: cloud.2rock.fr, request: "PROPFIND /remote.php/webdav/Documents HTTP/1.1", upstream: " host: "cloud.2rock.fr"2016/10/15 11:58:46 [error] 30909#0: *25732 connect() failed (111: Connection refused) while connecting to upstream, client: 81.57.19.196, server: cloud.2rock.fr, request: "PROPFIND /remote.php/webdav/ HTTP/1.1", upstream: " host: "cloud.2rock.fr"Apache (webserver with owncloud) error.logget('ae498358ce05d8c...')\n#1 /var/www/owncloud/lib/autoloader.php(145): OC\\Memcache\\Redis->get('OC_User')\n#2 [internal function]: OC\\Autoloader->load('OC_User')\n#3 /var/www/owncloud/lib/private/Log/Owncloud.php(97): spl_autoload_call('OC_User')\n#4 [internal function]: OC\\Log\\Owncloud::write('PHP', 'RedisException:...', 3)\n#5 /var/www/owncloud/lib/private/Log.php(294): call_user_func(Array, 'PHP', 'RedisException:...', 3)\n#6 /var/www/owncloud/lib/private/Log.php(152): OC\\Log->log(3, 'RedisException:...', Array)\n#7 /var/www/owncloud/lib/private/Log/ErrorHandler.php(80): OC\\Log->critical('RedisException:...', Array)\n#8 [internal function]: OC\\Log\\ErrorHandler->onException(Object(RedisException))\n#9 {main}\n thrown in /var/www/owncloud/lib/private/Memcache/Redis.php on line 51, referer: Oct 15 11:58:05.640958 2016] [:error] [pid 1492] [client 192.168.1.2:38831] PHP Fatal error: Uncaught exception 'RedisException' with message 'Redis server went away' in /var/www/owncloud/lib/private/Memcache/Redis.php:51\nStack trace:\n#0 /var/www/owncloud/lib/private/Memcache/Redis.php(51): Redis->get('ae498358ce05d8c...')\n#1 /var/www/owncloud/lib/autoloader.php(145): OC\\Memcache\\Redis->get('OC_User')\n#2 [internal function]: OC\\Autoloader->load('OC_User')\n#3 /var/www/owncloud/lib/private/Log/Owncloud.php(97): spl_autoload_call('OC_User')\n#4 [internal function]: OC\\Log\\Owncloud::write('PHP', 'Uncaught except...', 3)\n#5 /var/www/owncloud/lib/private/Log.php(294): call_user_func(Array, 'PHP', 'Uncaught except...', 3)\n#6 /var/www/owncloud/lib/private/Log.php(152): OC\\Log->log(3, 'Uncaught except...', Array)\n#7 /var/www/owncloud/lib/private/Log/ErrorHandler.php(67): OC\\Log->critical('Uncaught except...', Array)\n#8 [internal function]: OC\\Log\\ErrorHandler->onShutdown()\n#9 {main}\n thrown in /var/www/owncloud/lib/private/Memcache/Redis.php on line 51, referer: Oct 15 11:58:06.783816 2016] [mpm_prefork:notice] [pid 1488] AH00169: caught SIGTERM, shutting down[Sat Oct 15 11:58:50.747130 2016] [mpm_prefork:notice] [pid 506] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations[Sat Oct 15 11:58:50.939842 2016] [core:notice] [pid 506] AH00094: Command line: '/usr/sbin/apache2'[Sat Oct 15 12:29:08.521418 2016] [mpm_prefork:notice] [pid 506] AH00169: caught SIGTERM, shutting down[Sat Oct 15 12:29:11.431631 2016] [mpm_prefork:notice] [pid 3567] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations[Sat Oct 15 12:29:11.431686 2016] [core:notice] [pid 3567] AH00094: Command line: '/usr/sbin/apache2'">[Sat Oct 15 11:46:22.602171 2016] [mpm_prefork:notice] [pid 584] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations[Sat Oct 15 11:46:22.602204 2016] [core:notice] [pid 584] AH00094: Command line: '/usr/sbin/apache2'[Sat Oct 15 11:54:03.907965 2016] [mpm_prefork:notice] [pid 584] AH00169: caught SIGTERM, shutting down[Sat Oct 15 11:54:05.852502 2016] [mpm_prefork:notice] [pid 1340] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations[Sat Oct 15 11:54:05.852539 2016] [core:notice] [pid 1340] AH00094: Command line: '/usr/sbin/apache2'[Sat Oct 15 11:54:35.430150 2016] [mpm_prefork:notice] [pid 1340] AH00169: caught SIGTERM, shutting down[Sat Oct 15 11:55:31.331748 2016] [mpm_prefork:notice] [pid 1488] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t configured -- resuming normal operations[Sat Oct 15 11:55:31.331808 2016] [core:notice] [pid 1488] AH00094: Command line: '/usr/sbin/apache2'[Sat Oct 15 11:58:04.666984 2016] [:error] [pid 1496] [client 192.168.1.2:38830] PHP Fatal error: Class

目录 文章目录 目录 编译安装 YUM 升级 curl 常用选项 编译安装安装编译环境：yum -y groupinstall "Development Tools"yum -y install libev libev-devel zlib zlib-devel openssl openssl-devel git 1 2 安装 OpenSSL：mkdir /var/tmpcd /var/tmpwget -zxf openssl-1.0.2.tar.gzcd openssl-1.0.2mkdir /opt/openssl./config --prefix=/opt/opensslmakemake testmake install 1 2 3 4 5 6 7 8 9 10 安装 nghttp2：git clone nghttp2autoreconf -iautomakeautoconf./configuremakemake installecho '/usr/local/lib' > /etc/ld.so.conf.d/custom-libs.confldconfigldconfig -p| grep libnghttp2 1 2 3 4 5 6 7 8 9 10 11 安装 curl：cd /var/tmpgit clone curl./buildconf./configure --with-ssl=/opt/openssl --with-nghttp2=/usr/local --disable-file --without-pic --disable-sharedmake 1 2 3 4 5 6 验证：$ /var/tmp/curl/src/curl --versioncurl 7.70.0-DEV (x86_64-unknown-linux-gnu) libcurl/7.70.0-DEV OpenSSL/1.0.2o nghttp2/1.41.0-DEVRelease-Date: [unreleased]Protocols: dict ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftpFeatures: AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile NTLM NTLM_WB SSL TLS-SRP UnixSockets 1 2 3 4 5 注意：curl 从 7.52.0 版本开始也已经支持 TLS 1.3 了，curl 7.61.0 及以上在 TLS 握手过程中协商 TLS 版本时，curl 默认使用 TLS 1.3，但也取决于 curl 正在使用的 TLS 库及其版本，例如：要求 OpenSSL 1.1.1 版本以上。YUM 升级安装新版 libcurl 的 yum 源：rpm -ivh 1 升级：yum upgrade libcurl 1 升级完成后可以卸载此 yum 源：rpm -e city-fan.org-release 1 curl 常用选项语法格式： curl [options] [URL...]常用选项如下所示: -A/--user-agent : 设置用户代理发送给服务器 -e/--referer : 来源网址 --cacert : CA 证书（SSL） -k/--insecure: 允许忽略证书进行 SSL 连接 --compressed: 要求返回是压缩的格式 -H/--header : 自定义首部信息传递给服务器 -i: 显示页面内容，包括报文首部信息 -I/--head: 只显示响应报文首部信息 -D/--dump-header : 将 URL 的 header 信息存放在指定文件中 --basic: 使用 HTTP 基本认证 -u/--user : 设置服务器的用户和密码 -L: 如果有 3xx 响应码，重新发请求到新位置 -O: 使用 URL 中默认的文件名保存文件到本地 -o : 将网络文件保存为指定的文件中 --limit-rate : 设置传输速度 -0/--http1.0: 数字 0，使用 HTTP 1.0 -v/--verbose: 更详细 -C: 选项可对文件使用断点续传功能 -c/--cookie-jar : 将 URL 中 Cookie 存放在指定文件中 -x/--proxy : 指定代理服务器地址 -X/--request : 向服务器发送指定请求方法 -U/--proxy-user : 代理服务器用户和密码 -T: 选项可将指定的本地文件上传到 FTP 服务器上 --data/-d: 方式指定使用 POST 方式传递数据 -b name=data: 从服务器响应 set-cookie 得到值，返回给服务器 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 文章来源: is-cloud.blog.csdn.net，作者：范桂飓，版权归原作者所有，如需转载，请联系作者。原文链接：is-cloud.blog.csdn.net/article/details/105695093 【版权声明】本文为华为云社区用户转载文章，如果您发现本社区中有涉嫌抄袭的内容，欢迎发送邮件进行举报，并提供相关证据，一经查实，本社区将立刻删除涉嫌侵权内容，举报邮箱： [email protected]

This data structure is represented in the memory and see that the pointer to the certificate stack is located in the second field of the structure (the pointer is 8 bytes in size). 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF00000000 02 00 00 00 00 00 00 00 80 55 cb 54 7f 00 00 00 .........U.T....00000010 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 ................00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................The pointer contains a reference to a sequence of pointers to instances of the structure X509 (there are two certificates in the chain): 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF00000000 00 fe fd 57 7f 00 00 00 00 b1 f8 57 7f 00 00 00 ...W.......W....00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................In other words, to kill OpenSSL, I somehow have to substitute the received certificate chain with the one expected by the app. This requires a detailed research of the structure X509 in order to recreate the stack filled with its instances in the running process memory.However, in the course of this study, I have discovered in OpenSSL an important feature that significantly simplifies the ‘chain forgery’. After the connection is made or disconnected, the data structure STACK_OF(X509) is not removed from the memory (i.e. the memory is not cleared, although the links may disappear). This makes it possible to reuse this structure for subsequent connections until the memory is allocated for something else.I am going to repeatedly use the memory as follows: the first HTTPS connection will

Including the pair SSL_write/SSL_read.One might ask: why does OpenSSL include so many different functions? In fact, these two groups supplement each other. OpenSSL operates with buffers storing bytes that must be encrypted prior to sending them to the client’s socket; before the encryption, the bytes are stored in a special buffer. The function SSL_write saves the bytes in this special buffer, while their conversion into an encrypted buffer is performed using the function BIO_read.The situation with the reading operation is symmetric: bytes read from the socket are written into a special buffer using BIO_write; after that, you get the unencrypted text with SSL_read. Therefore, the unencrypted text can be grabbed from the outgoing traffic at the SSL_write input and from the incoming traffic at the SSL_read output. The self-explanatory signatures SSL_write and SSL_read are shown below:int SSL_write(SSL *ssl, const void *buf, int num)int SSL_read(SSL *ssl, void *buf, int num)Here is an example of a traffic dump in SSL_write after a successful handshake with google.com (via binary HTTP/2) under the protection of SSL Pinning. 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF00000000 50 52 49 20 2a 20 48 54 54 50 2f 32 2e 30 0d 0a PRI * HTTP/2.0..00000010 0d 0a 53 4d 0d 0a 0d 0a 00 00 00 00 00 00 00 00 ..SM............00000020 00 00 06 04 00 00 00 00 00 00 04 01 00 00 00 ................And a response from SSL_read: 0 1 2 3 4 5 6 7 8 9 A B C D E F 0123456789ABCDEF00000000 00 00 00 00 01 00 00 00 03 3c 48 54 4d 4c 3e 3c .........00000010 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d HEAD>00000020 65 71 75

Triplet x64-linux...The following packages will be built and installed:azure-core-cpp[core,curl,http]:x64-linux -> 1.7.1curl[core,non-http,openssl,ssl]:x64-linux -> 7.84.0#1* openssl[core]:x64-linux -> 3.0.5#4* vcpkg-cmake[core]:x64-linux -> 2022-07-18* vcpkg-cmake-config[core]:x64-linux -> 2022-02-06#1* zlib[core]:x64-linux -> 1.2.12#1Additional packages (*) will be modified to complete this operation....Building and running main:cmake --build . && ./main[ 50%] Building CXX object CMakeFiles/main.dir/main.cpp.o[100%] Linking CXX executable main[100%] Built target mainlibcurl/7.82.0-DEV OpenSSL/3.0.2 zlib/1.2.122023-11-07T02:58:10.0215004ZWe can use ldd to list the shared libraries:ldd mainlinux-vdso.so.1 (0x00007ffc32bf1000)libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f816357a000)libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f8163493000)libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f8163473000)libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f816324b000)/lib64/ld-linux-x86-64.so.2 (0x00007f8163cf0000)Using curl and OpenSSL from the system package managerYou can use port overlays to configure vcpkg to use the system package manager dependencies. We will build the previous example and use curl and OpenSSL from the system package manager.Install the developer dependencies for curl with an OpenSSL backend and OpenSSL:sudo apt-get install libcurl4-openssl-dev libssl-devCreate the port overlay directory and file structure:mkdir -p /overlays/curl /overlays/openssl///overlays/curl/vcpkg.json{ "name": "curl", "version": "1.0.0", "port-version": 0, "features": { "ssl": { "description": "" } }}# /overlays/curl/portfile.cmakeset(VCPKG_POLICY_EMPTY_PACKAGE enabled)///overlays/openssl/vcpkg.json{ "name": "openssl", "version": "3.0.5"}# /overlays/openssl/portfile.cmakeset(VCPKG_POLICY_EMPTY_PACKAGE enabled)Building with CMake (we’re using the same project in the previous example):cmake -DVCPKG_OVERLAY_PORTS=/overlays -DCMAKE_TOOLCHAIN_FILE=/scripts/buildsystems/vcpkg.cmake-- Running vcpkg installDetecting compiler hash for triplet x64-linux...The following packages will be built and installed:azure-core-cpp[core,curl,http]:x64-linux -> 1.7.1curl[core,non-http,openssl,ssl]:x64-linux -> 7.84.0#1 -- /overlays/curl* openssl[core]:x64-linux -> 3.0.5#4 -- /overlays/openssl* vcpkg-cmake[core]:x64-linux -> 2022-07-18* vcpkg-cmake-config[core]:x64-linux -> 2022-02-06#1Additional packages (*) will be modified to complete this operation....Building and running main:cmake --build ..\mainlibcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.112023-11-07T03:02:26.8637898ZChecking whether we’ve linked the correct shared libraries (libssl and libcurl):ldd mainlibcurl.so.4 => /lib/x86_64-linux-gnu/libcurl.so.4 (0x00007f632c1c0000)libssl.so.3 => /lib/x86_64-linux-gnu/libssl.so.3 (0x00007f632c11c000)libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007f632bcda000)libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f632baae000)libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f632b9c7000)... (25+ more dependencies)You will notice curl and openssl from the system package manager have more dependencies than the curl and openssl from the vcpkg catalog. In the above example, we only added port overlays for the dependencies that we use. If

Vulnerabilities by types/categories Year Overflow Memory Corruption Sql Injection XSS Directory Traversal File Inclusion CSRF XXE SSRF Open Redirect Input Validation 2022 0 0 0 0 0 0 0 0 0 0 0 2023 1 2 0 0 0 0 0 0 0 0 0 2024 0 2 0 0 0 0 0 0 0 0 0 2025 0 0 0 0 0 0 0 0 0 0 0 Total 1 4 Vulnerabilities by impact types Year Code Execution Bypass Privilege Escalation Denial of Service Information Leak 2022 0 0 0 1 0 2023 0 0 0 11 0 2024 1 0 0 6 0 2025 0 0 0 0 0 Total 1 18 This page lists vulnerability statistics for CVEs published in the last ten years, if any, for Openssl » Openssl » 3.0.7 . Vulnerability statistics provide a quick overview for security vulnerabilities of Openssl » Openssl » version 3.0.7 .