Pank: February 2018 Archives

Using SQLite client (i.e. Navicat) open Skype main.db
select * from Messages order by timestamp desc limit 10

dialog_partner is conversations id for Skype Bot sending message

2018-08-16 Update: Just send "/get name" to conversation group, the system will return conversations id

OCSP

user-pic
Vote 0 Votes

瀏覽器(除了Google Chrome,註)會透過 OCSP 協定去檢查憑證是否有效
憑證中有一個欄位是 OCSP URI, 瀏覽器就透過 OCSP URI 去檢查
openssl s_client -showcerts -connect google.com:443 < /dev/null | openssl x509 -text | grep OCSP

其 Request 透過 HTTP POST 方式傳 issuerNameHash, issuerKeyHash, serialNumber 這三個參數給 OCSP Server

Response 回應 CertStatus ::= CHOICE {
good [0] IMPLICIT NULL,
revoked [1] IMPLICIT RevokedInfo,
unknown [2] IMPLICIT UnknownInfo }

以下說明截錄 RFC 6960
The "good" state indicates a positive response to the status inquiry.
At a minimum, this positive response indicates that no certificate
with the requested certificate serial number currently within its
validity interval is revoked. This state does not necessarily mean
that the certificate was ever issued or that the time at which the
response was produced is within the certificate's validity interval.
Response extensions may be used to convey additional information on
assertions made by the responder regarding the status of the
certificate, such as a positive statement about issuance, validity,
etc.

The "revoked" state indicates that the certificate has been revoked,
either temporarily (the revocation reason is certificateHold) or
permanently. This state MAY also be returned if the associated CA
has no record of ever having issued a certificate with the
certificate serial number in the request, using any current or
previous issuing key (referred to as a "non-issued" certificate in
this document).

The "unknown" state indicates that the responder doesn't know about
the certificate being requested, usually because the request
indicates an unrecognized issuer that is not served by this
responder.

註: Google Chrome 因考量到速度, 不使用 OCSP, 而是使用自己的機制, 使用定期更新的 Local List

AlwaysOnSSL

user-pic
Vote 0 Votes

AlwaysOnSSL
另一家免費憑證供應商, 也有提供 API, 簽發憑證有效期是一年

Fetch remote ssl certificate

user-pic
Vote 0 Votes

openssl s_client -showcerts -connect google.com:443 < /dev/null

Security Profile / Authentication Types , Uncheck WPA2 EAP

About this Archive

This page is an archive of recent entries written by Pank in February 2018.

Pank: December 2017 is the previous archive.

Pank: March 2018 is the next archive.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives