wget이 어떤 버전의 OpenSSL로 컴파일되었는지 어떻게 알 수 있나요? 내가 할 때 wget --version 난 그냥 얻을
$ wget --version
GNU Wget 1.21.2 built on linux-gnu.
-cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls
+ntlm +opie +psl +ssl/openssl
Wgetrc:
/etc/wgetrc (system)
Locale:
/usr/share/locale
Compile:
gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"
-DLOCALEDIR="/usr/share/locale" -I. -I../../src -I../lib
-I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 -DHAVE_LIBSSL -DNDEBUG
-g -O2 -ffile-prefix-map=/build/wget-8g5eYO/wget-1.21.2=.
-flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects
-fstack-protector-strong -Wformat -Werror=format-security
-DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall
Link:
gcc -DHAVE_LIBSSL -DNDEBUG -g -O2
-ffile-prefix-map=/build/wget-8g5eYO/wget-1.21.2=. -flto=auto
-ffat-lto-objects -flto=auto -ffat-lto-objects
-fstack-protector-strong -Wformat -Werror=format-security
-DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall -Wl,-Bsymbolic-functions
-flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now
-lpcre2-8 -luuid -lidn2 -lssl -lcrypto -lz -lpsl ftp-opie.o
openssl.o http-ntlm.o ../lib/libgnu.a
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Originally written by Hrvoje Niksic <[email protected]>.
Please send bug reports and questions to <[email protected]>.
답변1
내 초기 답변은 @hanshenrik과 유사하지만 약간 더 세련되었습니다.
strings /usr/bin/wget | grep -i "OPENSSL" | less
그러면 wget에서 모든 텍스트 문자열(기본적으로 읽을 수 있는 4자보다 길음)을 찾은 다음 해당 문자열에서 OpenSSL을 찾습니다. 반환된 결과는 다음과 같습니다.
OPENSSL_init_ssl
OPENSSL_sk_num
OPENSSL_sk_value
OPENSSL_sk_pop_free
OPENSSL_3.0.0
+ssl/openssl
gcc -DHAVE_LIBSSL -DNDEBUG -g -O2 -ffile-prefix-map=/build/wget-8g5eYO/wget-1.21.2=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -lpcre2-8 -luuid -lidn2 -lssl -lcrypto -lz -lpsl ftp-opie.o openssl.o http-ntlm.o ../lib/libgnu.a
--ciphers=STR Set the priority string (GnuTLS) or cipher list string (OpenSSL) directly.
OpenSSL: unimplemented 'secure-protocol' option value %d
OpenSSL: Invalid cipher list: %s
OpenSSL: Failed set trust to partial chain
OpenSSL: Failed to allocate verification param
OpenSSL: %s
../../src/openssl.c
아마도 더 정확하지만 더 지저분한 방법은 strace를 사용하는 것입니다(strace는 시스템 호출과 신호를 추적하므로 프로그램이 실행될 때 실제로 호출되는 내용을 보여줍니다).
strace wget -q https://www.google.com 2> /dev/null | egrep --color -i "ssl"
https 사이트를 얻기 위해 프로그램을 실행하고 실행 중인 프로그램의 출력을 제공했습니다. 제 경우에는 OS에 연결/호출된 내용을 더 정확하게 보여줍니다.
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libssl.so.3", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib/ssl/openssl.cnf", O_RDONLY) = 3
read(3, "#\n# OpenSSL example configuratio"..., 4096) = 4096
read(3, "ertout # insta.cert.pem\n\n[ssl_se"..., 4096) = 131
openat(AT_FDCWD, "/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/ssl/certs/c06d5c68.0", 0x7ffe52097df0, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/ssl/certs", {st_mode=S_IFDIR|0755, st_size=16384, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/ssl/certs", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(AT_FDCWD, "/usr/lib/ssl/certs/1001acf7.0", {st_mode=S_IFREG|0644, st_size=1915, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/ssl/certs/1001acf7.0", O_RDONLY) = 4
newfstatat(AT_FDCWD, "/usr/lib/ssl/certs/1001acf7.1", 0x7ffe52097df0, 0) = -1 ENOENT (No such file or directory)
이 --color비트는 필수는 아니지만 SSL 문자열을 강조 표시합니다. 나는 이것이 "DLL"이 무엇을 읽고 있는지 보여 준다고 믿습니다. 즉, 연결/사용하는 것으로 보입니다./usr/lib/x86_64-linux-gnu/libssl.so.3
답변2
이것은 그것을 확인하는 적절한 방법은 아니지만 아마도 그것을 얻을 수 있는 매우 해키적인 방법을 찾았습니다.
$ cat /usr/bin/wget | grep -i openssl_ --text
수확량
F"j�g��<_ITM_deregisterTMCloneTable__gmon_start___ITM_registerTMCloneTable__cxa_finalize__libc_start_mainstrcmpfputsfwrite__snprintf_chk__stack_chk_failstrlenstrncmpstrcasecmpdcgettextstrncasecmp__ctype_b_locstrndupabortgetpeernamegetsockname__errno_locationsocketsetsockoptbindmemcpystrpbrkstrduplocaltimestrftimecalloc__memcpy_chk__isoc99_sscanfpsl_str_to_utf8lowerstrrchrpsl_is_cookie_domain_acceptablepsl_lateststrchrqsortfopen64__fprintf_chkferrorfclosefputc__getdelimunlinkfgetcrewindstrtokstrtolmktime__strncat_chkstrptimestrtolllstat64strcpy__sprintf_chkacceptfnmatchstrstrsymlinkreallocchmodreadlinkmemcmpstderrexitstdinstdoutclearerrfreadmunmaprenamegetaddrinfogmtimeftello64fdopenmemsetinet_ntopfreeaddrinfogai_strerrorfilenoflockftruncate64strspnstrcspnmemchr__fdelt_chkselectmemmovememrchrfeof__vsnprintf_chk__vfprintf_chkisattytcgetpgrpsignal__printf_chkiswprintwcwidthmbrtowcmbsinitiswcntrlsprintfsetlocaletimegmgetpidsrandomstrchrnulclock_gettimesysconfclock_getresbindtextdomaingetopt_longoptargopterroptindfstat64dcngettextforkgetpassgetuidgetpwuidsetsidfreopen64strtok_rnl_langinfoperrorrecvinflateEndusleepinflateinflateInit2_secure_getenvmkostemp64fread_unlockedfsetxattr__vasprintf_chkutimeiconv_openiconviconv_close__longjmp_chkpcre2_compile_8__ctype_get_mb_cur_maxpthread_mutex_initpthread_mutex_destroybtowcpcre2_match_data_create_from_pattern_8pcre2_match_8pcre2_match_data_free_8pthread_mutex_lockpthread_mutex_unlockmmap64__sigsetjmpsetitimergroup_memberiswalnumiswctypefcntl64fseeko64lseek64__freadingfflushtowupperwcrtomb__ctype_toupper_loc__ctype_tolower_loctowlowerioctlpipeposix_spawn_file_actions_initposix_spawn_file_actions_adddup2__environposix_spawnppathconflistengzwritegzclosegzdopenmkdiruuid_unparseuuid_generatelocale_charsetidn2_lookup_u8idn2_strerroridn2_freeSSL_get_verify_resultSSL_CTX_use_certificate_fileSSL_writeSSL_set_connect_stateSSL_shutdownSSL_get_sessionSSL_CTX_newSSL_set_fdSSL_is_init_finishedSSL_CTX_set1_paramSSL_CTX_get_cert_storeSSL_readOPENSSL_init_sslSSL_CTX_set_optionsSSL_get_errorSSL_pendingSSL_CTX_set_post_handshake_authTLS_client_methodSSL_peekSSL_connectSSL_CTX_freeSSL_CTX_ctrlSSL_CTX_set_default_verify_pathsSSL_CTX_use_PrivateKey_fileSSL_CTX_set_cipher_listSSL_get1_peer_certificateSSL_set_sessionSSL_CTX_set_verifySSL_newSSL_CTX_load_verify_locationsSSL_freeSSL_ctrlRAND_statusGENERAL_NAME_freeERR_peek_last_errorX509_LOOKUP_fileASN1_OCTET_STRING_freeOPENSSL_sk_numBIO_readERR_get_errori2d_X509_PUBKEYCRYPTO_mallocX509_STORE_set_flagsX509_NAME_ENTRY_get_dataa2i_IPADDRESSMD4_InitX509_verify_cert_error_stringBIO_s_memX509_get_subject_nameX509_freeBIO_freeASN1_STRING_to_UTF8DES_set_keyMD4_UpdateX509_NAME_get_text_by_NIDX509_get_issuer_nameERR_reason_error_stringBIO_number_writtenMD4_FinalASN1_STRING_cmpX509_load_crl_fileBIO_newX509_VERIFY_PARAM_newX509_get_X509_PUBKEYDES_set_odd_parityOPENSSL_sk_valueDES_ecb_encryptRAND_load_fileOPENSSL_sk_pop_freeX509_STORE_add_lookupERR_clear_errorX509_VERIFY_PARAM_set_flagsASN1_STRING_lengthX509_VERIFY_PARAM_freeX509_NAME_print_exERR_error_stringX509_NAME_get_index_by_NIDCRYPTO_freeX509_NAME_get_entryX509_get_ext_d2iRAND_file_namelibpcre2-8.so.0libuuid.so.1libidn2.so.0libssl.so.3libcrypto.so.3 libz.so.1libpsl.so.5libc.so.6UUID_1.0IDN2_0.0.0OPENSSL_3.0.0GLIBC_2.8GLIBC_2.28GLIBC_2.15GLIBC_2. 33GLIBC_2.4GLIBC_2.17GLIBC_2.7GLIBC_2.14GLIBC_2.34GLIBC_2.11GLIBC_2.3GLIBC_2.2.5GLIBC_2.3.4
그리고 마지막 부분에서 문자열을 찾을 수 있으므로 OPENSSL_3.0.0이 wget이 다음으로 컴파일되었음을 추측할 수 있습니다.오픈SSL 3.0.0
...하지만 더 나은 확인 방법이 있기를 바랍니다.