客户端如何使用预存储的服务器证书进行SSL握手?
[英]How can a client use prestored server's certificate to do SSL handshake?
问题描述
I know that during normal SSL handshake, the client receives the server's certificate and verifies it, then uses the server's public key to encrypt the session key. 
我知道在正常的SSL握手过程中,客户端会收到服务器的证书并对其进行验证,然后使用服务器的公钥来加密会话密钥。
I want to write a SSL client in C language on Linux. 我想在Linux上用C语言编写一个SSL客户端。 During SSL handshake, it doesn't have to wait for the server's certificate and it sends the session key encrypted with the server's public key that have already been downloaded previously. 在SSL握手过程中,它不必等待服务器的证书,它会发送使用服务器的公共密钥加密的会话密钥,该会话密钥先前已下载。
I am learning how to use OpenSSL, I only need the do-handshake part here. 我正在学习如何使用OpenSSL,在这里我只需要做握手部分。
Thanks for attention. 感谢您的关注。 Why to do this? 为什么要这样做? The ISP or gateway can censor the certificate and block the connection according to names in the certificate. ISP或网关可以检查证书并根据证书中的名称阻止连接。
1 个解决方案
解决方案1
1 已采纳 2017-10-14 07:58:39
Unfortunately, this is impossible. 不幸的是,这是不可能的。 As part of the SSL (or TLS) protocol, the server will always send its certificate. 作为SSL(或TLS)协议的一部分,服务器将始终发送其证书。
If you would like to bypass ISP censorship, I recommend using a VPN or Tor. 如果您想绕过ISP审查,建议您使用VPN或Tor。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.