インフラエンジニアbacchiのわかったことまとめ

bacchi.me

Linux Mac

telnetはHTTPSを喋れないので、openssl s_clientを使えばいい

更新日:

平文通信(HTTP)はtelnetを使う

telnetを使えばHTTPの接続確認を行うことができます。

telnetでhttp://www.google.com/ にGETするには以下のコマンドを実行します。

$ telnet www.google.com 80
Trying 173.194.120.81...
Connected to www.google.com.
Escape character is '^]'.

GET / HTTP/1.1

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.google.co.jp/?gfe_rd=cr&ei=GP6lVdq4IOGN8Qeh_JXIDA
Content-Length: 261
Date: Wed, 15 Jul 2015 06:30:48 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=0


302 Moved

302 Moved

The document has moved here.

暗号化通信(HTTPS)は openssl s_client を使う

HTTPSの接続確認を行おうと同じようにコマンドを叩くと下記のように失敗してしまいます。

$ telnet www.google.com 443
Trying 173.194.120.84...
Connected to www.google.com.
Escape character is '^]'.
GET / HTTP/1.1
Connection closed by foreign host.

telnetがHTTPSをしゃべれないからですねー。

telnet は平文の通信しかサポートしてなくて、 HTTPS通信で HTTPコマンドを手動で発行したいときなどに対応できないです。

そんな時はopensslのクライアント機能、s_client を使ってやればよいです。

$ openssl s_client -connect www.google.com:443 -quiet
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
GET /
HTTP/1.0 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: https://www.google.co.jp/?gfe_rd=cr&ei=xkerVcD1MKL98wec57TICg
Content-Length: 262
Date: Sun, 19 Jul 2015 06:46:30 GMT
Server: GFE/2.0
Alternate-Protocol: 443:quic,p=1


302 Moved

302 Moved

The document has moved here. read:errno=0

上で実行したコマンドは -quiet オプションを付けていますが、-quiet オプションを外すと証明書チェーンの確認ができます。

i$ openssl s_client -connect www.google.com:443 
CONNECTED(00000003)
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIIS3jr2dwXeuowDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwNzAxMTkzMTE5WhcNMTUwOTI5MDAwMDAw
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOd3d3
Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHWO1t
ZOmZo7T7iS1XDU/k6DIFcPsxuUrx46b7TwN1iA161R3N30SsQAaBS+8EqmO3TrDw
Vl+2o6h26pHTXi2M6/EvgQL/zcff1wHndp++Zs5eE/qex7C7wTjeVvGmKKgZElyO
GRgrmoIVmUsXX+tXk2muB0LLEM90jg3UhG6rJ6XuqZ0ojNQQNFpYXJbZGz3ZllIl
ZyDwxV68Cfqht2JFM9q5AIr/VVWYi2uzWwhZe41lrgx/a/oMvqtUlmZNKY7tYNVw
HtbmZ1Tw4VQ+F4BgsupgQzRueq7T1fEFbqYPymcHUu8FXm2nqsiDn06qQEefa8gf
KgVIfMBtbUINWWrLAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOd3d3Lmdvb2dsZS5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBRDtkyaCSD91Tranf6H8ITB10ZweTAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW
eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCDWqIwfoqwKtZcSLit5cTxoMptreT8
p5J1OhnYhCddIc2bx7ypCalzysiQO7JUgXOOY9iYkarjqyC3CoWyVujw8H6Q6Q3g
HdmQfnI63L8iRlR6bXhAAtMkeJdwWzLHdEQ2/snOdsfpmXJlW1HD2IQdzGrjkw8N
SNzKha1AQ37aQq+v5QPCdoB8W4G4kVtc/HLOAbffQSQnUzKlgoJsiR0AKPhjRMHp
PKBMBSeg0bibf5tEoW9swbrm5gwH2JQYSNezMa2PB+VEyVh0mdPZGCdY4/579p+/
Hfm7oL6DHyrzbzD6vyc0UJsRLcJE1EzztGcE11cwJCCYLfNbw9xMdDJI
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3218 bytes and written 444 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-SHA
    Session-ID: 5DCC50EABBF47A7BA4B6DF4B2711A7EF40EA0CA2693EE8E556D34C7EC2BA0BE8
    Session-ID-ctx: 
    Master-Key: 6D08AE5995CE2D47E74840105F1CE3CF3BF70422EFBA5634D6ABF77DDDC1A853184159ADF99ECFC8BC9B676DDCC66395
    Key-Arg   : None
    Start Time: 1437288962
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
read:errno=0

Sponsor Link

スポンサーリンク

Sponsor Link

スポンサーリンク

-Linux, Mac

Copyright© bacchi.me , 2020 AllRights Reserved.