Dica: Usando openssl para testar sessões HTTPS

Você já deve ter passado por isso… Quando queremos testar, sem usar o browser, num servidor Linux (por exemplo), uma conexão http, podemos usar o telnet:

$ telnet www.google.com 80
Trying 74.125.234.16...
Connected to www.l.google.com.
Escape character is '^]'.
GET / HTTP/1.1
Host: www.google.com

HTTP/1.1 302 Found
Location: http://www.google.com.br/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
...
Date: Tue, 03 Jul 2012 14:18:32 GMT
Server: gws
Content-Length: 222
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.com.br/">here</A>.
</BODY></HTML>

Retirei headers que possam comprometer a minha segurança e mudei algumas formatações por motivo estético (coloquei … no lugar). Outra coisa, os textos em negrito são o que eu digitei — a linha de comando e a requisição.

Se tentarmos fazer a mesma coisa com a porta 443, obtemos isso:

$ telnet www.google.com 443
Trying 74.125.234.20...
Connected to www.l.google.com.
Escape character is '^]'.
GET / HTTP/1.1 Connection closed by foreign host.

O servidor recusa a sua conexão porque você não está numa sessão https. A solução é abrir uma conexão https usando o openssl. Ele não serve só para criar ou verificar certificados digitais, serve como se fosse o telnet (para https):

$ openssl s_client -connect www.google.com:443
CONNECTED(00000003)
depth=1 C = ZA, O = Thawte Consulting (Pty) Ltd., CN = Thawte SGC CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
   i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
 1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
   i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDITCCAoqgAwIBAgIQT52W2WawmStUwpV8tBV9TTANBgkqhkiG9w0BAQUFADBM
MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x
MzA5MzAyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw
FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEA3rcmQ6aZhc04pxUJuc8PycNVjIjujI0oJyRLKl6g2Bb6YRhLz21ggNM1QDJy
wI8S2OVOj7my9tkVXlqGMaO6hqpryNlxjMzNJxMenUJdOPanrO/6YvMYgdQkRn8B
d3zGKokUmbuYOR2oGfs5AER9G5RqeC1prcB6LPrQ2iASmNMCAwEAAaOB5zCB5DAM
BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl
LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF
BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw
Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0
ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF
AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp
ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le
IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
issuer=/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
---
No client certificate CA names sent
---
SSL handshake has read 2128 bytes and written 348 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : ECDHE-RSA-RC4-SHA
    Session-ID: FBAA9AB4546FCC613472D01EC367CECC1122230A973EFF266CD7D1C611DBE8D0
    Session-ID-ctx: 
    Master-Key: BE9516F8719EEF9D150F1CD8F3B5BAB2D25CC502F2AB9FCD729DEEAD54B8E240...
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - 99 55 ae b6 fa 3e 6b e0-60 a5 15 2b 00 6f 0e 23   .U...>k.`..+.o.#
    0010 - 52 44 65 41 36 7b 9d 7a-68 10 33 9a ac 06 03 67   RDeA6{.zh.3....g
    0020 - 7c 52 ba a8 b1 f6 b8 a0-32 83 bf 4e ca 5c 59 a9   |R......2..N.\Y.
    0030 - 06 cf e5 4c 3a 99 4b 0f-b2 14 0f bd 16 63 d9 26   ...L:.K......c.&
    0040 - 82 3e 63 f9 11 12 e5 11-a2 2b b2 47 2a 72 5f fa   .>c......+.G*r_.
    0050 - 15 9e da 55 e0 db af 63-28 41 88 d7 d4 91 36 40   ...U...c(A....6@
    0060 - f8 0d 22 b2 e7 a8 ef 04-24 78 ed 92 e8 38 73 2d   ..".....$x...8s-
    0070 - de 33 eb 8d 5a 4d 02 4d-fd 72 d9 56 16 00 12 3c   .3..ZM.M.r.V...<
    0080 - e3 95 45 d0 84 dc ec ad-84 b3 d6 b5 44 9a a6 3c   ..E.........D..<
    0090 - 70 6f 40 0e                                       po@.

    Start Time: 1341325685
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
GET / HTTP/1.1
Host: www.google.com

HTTP/1.1 302 Found
Location: https://www.google.com.br/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
...
Date: Tue, 03 Jul 2012 14:28:19 GMT
Server: gws
Content-Length: 223
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.com.br/">here</A>.
</BODY></HTML>

Gostaram?!

Anúncios

Deixe um comentário

Faça o login usando um destes métodos para comentar:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s