Neverbleed是OpeSSL引擎,它可以在一个独立的进程中运行RSA私钥操作,从而最大程度上减少类似心脏出血这种漏洞所带来的泄密风险。
此引擎可同时在OpeSSL和LibreSSL现有版本下工作,并且不怎么需要修改源代码。
示例代码:
everbleed_t b; char errbuf[NEVERBLEED_ERRBUF_SIZE]; /* iitialize the OpeSSL library ad the everbleed egie */ SSL_load_error_strigs(); SSL_library_iit(); OpeSSL_add_all_algorithms(); if (everbleed_iit(&b, errbuf) != 0) { fpritf(stderr, "everbleed_iit failed: %s\", errbuf); ... } ... /* load certificate chai ad private key */ if (SSL_CTX_use_certificate_chai_file(ssl_ctx, certchai_f) != 1) { fpritf(stderr, "failed to load certificate chai file:%s\", certchai_f); ... } if (everbleed_load_private_key_file(&b, ctx, privkey_f, errbuf) != 1) { fpritf(stderr, "failed to load private key from file:%s:%s\", privkey_f, errbuf); ... }
评论