Posted: September 29, 2007 at 6:17 pm | Tags: error, html, php, ror, server
本来想自己写个 error 处理的 logger 结果发现通过 set_error_handler 没办法捕获到 fatal error & parse error 唉,真愁人呐。
在 php.net 上也没有找到办法,后来反到是在 zend.com 上找到了解决 catch fatal error 的办法就是在 auto_prepend_file 和 auto_append_file 上做手脚。
prepend 的文件里面有一个 string 里面是个 error page 的 html 包括一个 script 可以把错误信息发送到 server 的一个 api 上。
而在 append 的文件里通过 ob_get_contents() 来把那个 string 给去掉,如果能去掉就说明程序中间的执行流程正确,无错,如果有 fatal error 则没有办法到达 append 文件这步,所以会显示那个 html 页面。
方法还可以,但是因为每个 php 都要 prepend & append 可能效率会不行,和 Xuanyan 讨论了一小会暂时还是没有什么好办法来捕获 fatal & parse error 。
:(
Posted: September 28, 2007 at 4:03 pm | Tags: cache, debug, fastcgi, java, lighttpd, mobile, php, server, web
终于配置上 XCache 和 XDebug 了,可惜的是 php-java-bridge 一直没搞好,只有双击运行 JavaBridge 后才行,唉,要是能内置到 PHP 里就好了。
继续研究 FastCGI & Lighttpd
如果说之前在 UUSee 是向上研究,既“抽象”、“架构”的话,那么来 IMobile 之后研究方向则是向下,研究底层,研究以前没注意到的更细节的地方了。
:)
Good days, good luck.
Posted: September 21, 2007 at 6:47 pm | Tags: blog, cache, html, linux, openssl, redhat, server, unix, web
转至: http://blog.csdn.net/baitianhai/archive/2004/10/27/155461.aspx
最近在鼓捣redhat linux,想自己以源代码方式安装软件,不想用rpm方式安装。
首先从httpd开始,先卸载在安装倒是比较容易,不过后来像添加ssl功能,发现编译的时候需要用openssl的安装目录,本人比较愚笨,一顿好找也没有找到,于是就想把openssl也以源代码方式安装。先卸载,此时出现问题,系统好多东西依赖于openssl的库,我查了好多资料也没找到什么办法,于是我最后一狠心,用rpm -e –nodeps给卸载了,然后手动安装了openssl,然后重新启动,这下坏了,好多服务都起不来了,smb,ssh等等,图形模式也起不来了,我欲哭无泪。
因为我是在虚拟机上安装的,smb起不来了,我只能重新安装系统了。这次安装我大多数东西都没选择,一路安装完毕,结果在文本方式发现vi编辑没有颜色了,哎,也不知道是少装了那个东西弄得(各位谁知道麻烦告诉告诉我一下),只能按照猜测重新安装了又添加了一些东西。不过幸运的vi高亮显示功能又有了,遗憾的是具体是那个软件我还是不清楚。有了上次的教训我不敢轻易卸掉系统原来的openssl了,我从网上搜索到了一篇安装openssl的英文文章,地址在 http://www.devside.net/web/server/linux/openssl 我按照上面说的安装了zlib,openssl。步骤简介如下(怕以后忘了)
安装zlib
Home : http://www.gzip.org/zlib/
Package(linux source) : http://www.gzip.org/zlib/
Our Configuration
Install to : /usr/local
Module types : dynamically and staticly loaded modules, *.so and *.a
Build Instructions
zlib library files are placed into /usr/local/lib and zlib header files are placed into /usr/local/include, by default.
Build static libraries
…/zlib-1.2.1]# ./configure
…/zlib-1.2.1]# make test
…/zlib-1.2.1]# make install
Build shared libraries
…/zlib-1.2.1]# make clean
…/zlib-1.2.1]# ./configure –shared
…/zlib-1.2.1]# make test
…/zlib-1.2.1]# make install
…/zlib-1.2.1]# cp zutil.h /usr/local/include
…/zlib-1.2.1]# cp zutil.c /usr/local/include
/usr/local/lib should now contain…
libz.a
libz.so -> libz.so.1.2.1
libz.so.1 -> libz.so.1.2.1
libz.so.1.2.1
/usr/local/include should now contain…
zconf.h
zlib.h
zutil.h
[Optional] Instructions for non-standard placement of zlib
Create the directory that will contain zlib
…/zlib-1.2.1]# mkdir /usr/local/zlib
Follow the given procedure above, except
…/zlib-1.2.1]# ./configure –prefix=/usr/local/zlib
Update the Run-Time Linker
/etc/ld.so.cache will need to be updated with the new zlib shared lib: libz.so.1.2.1
For standard zlib installation…
Add /usr/local/lib to /etc/ld.so.conf, if specified path is not present
/etc]# ldconfig
If zlib was installed with a prefix…
Add /usr/local/zlib/lib to /etc/ld.so.conf
/etc]# ldconfig
安装openssl
Download
Home : http://www.openssl.org/
Package(source) : openssl-0.9.7d.tar.gz
Our Configuration
install to : /usr/local/ssl
module types : dynamically and staticly loaded modules, *.so *.a
Build Instructions
…/openssl-0.9.7d]# ./config
–prefix=/usr/local/ssl
[default location]
shared
[in addition to the usual static libraries, create shared libraries]
zlib-dynamic
[like "zlib", but has OpenSSL load the zlib library dynamically when needed]
…/openssl-0.9.7d]# ./config -t
[display guess on system made by ./config]
…/openssl-0.9.7d]# make
…/openssl-0.9.7d]# make test
…/openssl-0.9.7d]# make install
Update the Run-time Linker
ld.so.cache will need to be updated with the location of the new OpenSSL shared libs: libcrypto.so.0.9.7 and libssl.so.0.9.7
Sometimes it is sufficient to just add these two files to /lib, but we recommend you follow these instructions instead.
Edit /etc/ld.so.conf
Add /usr/local/ssl/lib to the bottom.
…]# ldconfig
Update the PATH
Edit /root/.bash_profile
Add /usr/local/ssl/bin to the PATH variable.
Re-login
Testing
…]# openssl version
Should display OpenSSL 0.9.7d 17 Mar 2004
If an older version is shown, your system contains a previously installed OpenSSL.
Repeate the steps in Update the PATH, except place the specified location at the start of the PATH variable.
[the older openssl, on most systems, is located under /usr/bin]
[the command 'which openssl' should display the path of the openssl that your system is using]
/usr/local/ssl/bin]# ./openssl version should display the correct version.
但是我最后没有得到想要的结果,系统原来的openssl还是没能卸载掉,我该怎么做那?我继续搜索资料,哈,幸运的我找了,在一个国内论坛上是这么说的
cd /usr/local/ssl/lib
ln -s libcrypto.so.0.9.7 libcrypto.so.2
ln -s libssl.so.0.9.7 libssl.so.2
//最后要刷新系统的动态连接库配置
echo /usr/local/ssl/lib >> /etc/ld.so.conf
ldconfig -v
这下子我豁然开朗,原来依赖的那2个文件是个软链接啊,我把它修改为我现在真正的openssl库文件不是就行了吗?于是一顿忙碌后,我终于执行了 rpm -e -nodeps ,然后重新启动系统,一路运行下去,全是绿灯。一时间感觉自己好幸福啊
为了这个问题我查了国内的几个比较大的unix/linux网站都没找到资料,不过从这里http://bbs.netbuddy.org/unix/737.html还是找到了(国外的E文大概意思能看懂,但是查找起来还是没找到,也不知道这方面好点的网站),
Posted: September 21, 2007 at 4:19 pm | Tags: blog, linux, server, ssl
转至: http://blog.ixpub.net/8400463
加密算法:
对称加密算法:
DES、IDEA、RC2、RC4、AES、Skipjack ……
非对称加密算法:
RSA、DSA、DiffieHellman、PKCS、PGP ……
单向的HASH算法属于报文摘要算法,虽然有些也出自OpenSSL库。
命令操作:
1、生成普通私钥:
[weigw@TEST src]$ openssl genrsa -out privatekey.key 1024
Generating RSA private key, 1024 bit long modulus ….++++++ …….++++++ e is 65537 (0×10001)
2、生成带加密口令的密钥:
[weigw@TEST src]$ openssl genrsa -des3 -out privatekey.key 1024
Generating RSA private key, 1024 bit long modulus …………++++++ …………………++++++ e is 65537 (0×10001) Enter pass phrase for privatekey.key: Verifying – Enter pass phrase for privatekey.key:
在生成带加密口令的密钥时需要自己去输入密码。对于为密钥加密现在提供了一下几种算法:
-des encrypt the generated key with DES in cbc mode
-des3 encrypt the generated key with DES in ede cbc mode (168 bit key)
-aes128, -aes192, -aes256 encrypt PEM output with cbc aes
去除密钥的口令:
[weigw@TEST src]$ openssl rsa -in privatekey.key -out
privatekey.key Enter pass phrase for privatekey.key: writing RSA key
通过生成的私钥去生成证书:
[weigw@TEST src]$ openssl req -new -x509 -key privatekey.key -out cacert.crt -days 1095
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:beijing
Locality Name (eg, city) [Newbury]:beijing
Organization Name (eg, company) [My Company Ltd]:wondersoft
Organizational Unit Name (eg, section) []:develop
Common Name (eg, your name or your server’s hostname) []:WeiGW
Email Address []:weigongwan@sina.com
在生成证书的时候需要按照提示输入一些个人信息。
通过私钥生成公钥:
[weigw@TEST src]$ openssl rsa -in privatekey.key -pubout -out pubkey.key writing RSA key
格式转换:(证书、私钥、公钥)(PEM <—–>DER)
[weigw@TEST src]$ openssl x509 -in cacert.crt -inform. PEM -out cacert.der -outform. DER
[weigw@TEST src]$
[weigw@TEST src]$ openssl rsa -in privatekey.key -inform. PEM -out privatekey.der -outform. DER
writing RSA key
[weigw@TEST src]$ openssl rsa -pubin -in pubkey.key -inform. PEM -pubout -out pubkey.der -outform. DER
writing RSA key
从DER格式转换成PEM格式一样,就是把inform的格式改成DERoutform的格式改成PEM即可。
下面是一个服务器和客户端认证的证书、私钥生成方法:(server.crt、client.crt、ca.crt)
第一步: 生成私钥
[weigw@TEST bin]$ openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus .++++++ ..
………++++++ e is 65537 (0×10001)
[weigw@TEST bin]$ openssl genrsa -out client.key 1024
Generating RSA private key, 1024 bit long modulus …++++++ ……
……….++++++ e is 65537 (0×10001)
[weigw@TEST bin]$ openssl genrsa -out ca.key 1024
Generating RSA private key, 1024 bit long modulus …….
..++++++ ………++++++ e is 65537 (0×10001)
[weigw@TEST bin]$
第三步: 申请证书(为请求文件签名)
[weigw@TEST bin]$ openssl ca -in server.csr -out server.crt -cert ca.crt -keyfile ca.key
[weigw@TEST bin]$ openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key
如果在这步出现错误信息:
[weigw@TEST bin]$ openssl ca -in client.csr -out client.crt -cert ca.crt -keyfile ca.key
Using configuration from /usr/share/ssl/openssl.cnf I am unable to access the ./demoCA/newcerts directory ./demoCA/newcerts: No such file or directory
[weigw@TEST bin]$
自己手动创建一个CA目录结构:
[weigw@TEST bin]$ mkdir ./demoCA
[weigw@TEST bin]$ mkdir demoCA/newcerts
创建个空文件:
[weigw@TEST bin]$ vi demoCA/index.txt
向文件中写入01:
[weigw@TEST bin]$ vi demoCA/serial
合并证书文件(crt)和私钥文件(key):
[weigw@TEST bin]$ cat client.crt client.key > client.pem [weigw@TEST bin]$ cat server.crt server.key > server.pem
合并成pfx证书:
[weigw@TEST bin]$ openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12
Enter Export Password:
Verifying – Enter Export Password:
[weigw@TEST bin]$openssl pkcs12 -export -clcerts -in server.crt -inkey server.key -out server.p12
Enter Export Password:
Verifying – Enter Export Password:
文本化证书:
[weigw@TEST bin]$ openssl pkcs12 -in client.p12 -out client.txt Enter Import Password:
MAC verified OK
Enter PEM pass phrase: Verifying – Enter PEM pass phrase:
[weigw@TEST bin]$openssl pkcs12 -in server.p12 -out server.txt
Enter Import Password:
MAC verified OK
Enter PEM pass phrase: Verifying – Enter PEM pass phrase:
屏幕模式显式:(证书、私钥、公钥)
[weigw@TEST bin]$ openssl x509 -in client.crt -noout -text -modulus
[weigw@TEST bin]$ openssl rsa -in server.key -noout -text -modulus
[weigw@TEST bin]$ openssl rsa -in server.pub -noout -text -modulus
得到DH:
[weigw@TEST bin]$ openssl dhparam -out dh1024.pem 1024
