如何获取 wget 编译时使用的 OpenSSL 版本?我这样做时wget --version
只会得到
$ wget --version
GNU Wget 1.21.2 built on linux-gnu.
-cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls
+ntlm +opie +psl +ssl/openssl
Wgetrc:
/etc/wgetrc (system)
Locale:
/usr/share/locale
Compile:
gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"
-DLOCALEDIR="/usr/share/locale" -I. -I../../src -I../lib
-I../../lib -Wdate-time -D_FORTIFY_SOURCE=2 -DHAVE_LIBSSL -DNDEBUG
-g -O2 -ffile-prefix-map=/build/wget-8g5eYO/wget-1.21.2=.
-flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects
-fstack-protector-strong -Wformat -Werror=format-security
-DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall
Link:
gcc -DHAVE_LIBSSL -DNDEBUG -g -O2
-ffile-prefix-map=/build/wget-8g5eYO/wget-1.21.2=. -flto=auto
-ffat-lto-objects -flto=auto -ffat-lto-objects
-fstack-protector-strong -Wformat -Werror=format-security
-DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall -Wl,-Bsymbolic-functions
-flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now
-lpcre2-8 -luuid -lidn2 -lssl -lcrypto -lz -lpsl ftp-opie.o
openssl.o http-ntlm.o ../lib/libgnu.a
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://www.gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Originally written by Hrvoje Niksic <[email protected]>.
Please send bug reports and questions to <[email protected]>.
答案1
我最初的回答与@hanshenrik 类似,但略微精致 -
strings /usr/bin/wget | grep -i "OPENSSL" | less
这将在 wget 中查找任何文本字符串(默认情况下长度超过 4 个可读字符),然后在这些字符串中查找 OpenSSL - 返回的结果是:
OPENSSL_init_ssl
OPENSSL_sk_num
OPENSSL_sk_value
OPENSSL_sk_pop_free
OPENSSL_3.0.0
+ssl/openssl
gcc -DHAVE_LIBSSL -DNDEBUG -g -O2 -ffile-prefix-map=/build/wget-8g5eYO/wget-1.21.2=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -DNO_SSLv2 -D_FILE_OFFSET_BITS=64 -g -Wall -Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -lpcre2-8 -luuid -lidn2 -lssl -lcrypto -lz -lpsl ftp-opie.o openssl.o http-ntlm.o ../lib/libgnu.a
--ciphers=STR Set the priority string (GnuTLS) or cipher list string (OpenSSL) directly.
OpenSSL: unimplemented 'secure-protocol' option value %d
OpenSSL: Invalid cipher list: %s
OpenSSL: Failed set trust to partial chain
OpenSSL: Failed to allocate verification param
OpenSSL: %s
../../src/openssl.c
可能更正确但也更混乱的方法是使用 strace (strace 跟踪系统调用和信号,因此它显示程序运行时实际调用的内容)-
strace wget -q https://www.google.com 2> /dev/null | egrep --color -i "ssl"
运行该程序以获取 https 站点,并提供正在运行的程序的输出 - 更准确地显示了在操作系统上链接到 /called 的内容 - 在我的情况下
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libssl.so.3", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib/ssl/openssl.cnf", O_RDONLY) = 3
read(3, "#\n# OpenSSL example configuratio"..., 4096) = 4096
read(3, "ertout # insta.cert.pem\n\n[ssl_se"..., 4096) = 131
openat(AT_FDCWD, "/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/ssl/certs/c06d5c68.0", 0x7ffe52097df0, 0) = -1 ENOENT (No such file or directory)
newfstatat(AT_FDCWD, "/usr/lib/ssl/certs", {st_mode=S_IFDIR|0755, st_size=16384, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/ssl/certs", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(AT_FDCWD, "/usr/lib/ssl/certs/1001acf7.0", {st_mode=S_IFREG|0644, st_size=1915, ...}, 0) = 0
openat(AT_FDCWD, "/usr/lib/ssl/certs/1001acf7.0", O_RDONLY) = 4
newfstatat(AT_FDCWD, "/usr/lib/ssl/certs/1001acf7.1", 0x7ffe52097df0, 0) = -1 ENOENT (No such file or directory)
该--color
位不是必需的,但它突出显示了 SSL 字符串。我相信这显示了它读取的“DLL”,即它似乎与/使用/usr/lib/x86_64-linux-gnu/libssl.so.3
答案2
这不是检查它的正确方法,但我找到了一种可能得到它的超级黑客方法:
$ cat /usr/bin/wget | grep -i openssl_ --text
产量
F“j�g��<_ITM_deregisterTMCloneTable__gmon_start___ITM_registerTMCloneTable__cxa_finalize__libc_start_mainstrcmpfputsfwrite__snprintf_chk__stack_chk_failstrlenstrncmpstrcasecmpdcgettextstrncasecmp__ctype_b_locstrndupabortgetpeernamegetsockname__errno_locationsocketsetsockoptbindmemcpystrpbrkstrduplocaltimestrftimecalloc__memcpy_chk__isoc99_sscanfpsl_str_to_utf8lowerstrrchrpsl_is _cookie_domain_acceptablepsl_lateststrchrqsortfopen64__fprintf_chkferrorfclosefputc__getdelimunlinkfgetcrewindstrtokstrtolmktime__strncat_chkstrptimestrtolllstat64strcpy__sprintf_chkacceptfnmatchstrstrsymlinkreallocchmodreadlinkmemcmpstderrexitstdinstdoutclearerrfreadmunmaprenamegetaddrinfogmtimeftello64fdopenmemsetinet_ntopfreeaddrinfogai_strerrorfilenoflockftruncate64str默认值: lateinflateInit2_secure_getenvmkostemp64fread_unlockedfsetxattr__vasprintf_chkutimeiconv_openiconviconv_close__longjmp_chkpcre2_compile_8__ctype_get_mb_cur_maxpthread_mutex_initpthread_mutex_destroybtowcpcre2_match_data_create_from_pattern_8pcre2_match_8pcre2_match_data_free_8pthread_mutex_lockpthread_mutex_unlockmmap64__sigsetjmpsetitimergroup_memberiswalnumiswctypefcntl6 4fseeko64lseek64__freadingfflushtowupperwcrtomb__ctype_toupper_loc__ctype_tolower_loctowlowerioctlpipeposix_spawn_file_actions_initposix_spawn_file_actions_adddup2__environposix_spawnppathconflistengzwritegzclosegzdopenmkdiruuid_unparseuuid_generatelocale_charsetidn2_lookup_u8idn2_strerroridn2_freeSSL_get_verify_resultSSL_CTX_use_certificate_fileSSL_writeSSL_set_connect_ssl tateSSL_shutdownSSL_get_sessionSSL_CTX_newSSL_set_fdSSL_is_init_finishedSSL_CTX_set1_paramSSL_CTX_get_cert_storeSSL_readOPENSSL_init_sslSSL_CTX_set_optionsSSL_get_errorSSL_pendingSSL_CTX_set_post_handshake_authTLS_client_methodSSL_peekSSL_connectSSL_CTX_freeSSL_CTX_ctrlSSL_CTX_set_default_verify_pathsSSL_CTX_use_PrivateKey_fileSSL_CTX_set_cipher_listSSL_get1_peer_certifica teSSL_set_sessionSSL_CTX_set_verifySSL_newSSL_CTX_load_verify_locationsSSL_freeSSL_ctrlRAND_statusGENERAL_NAME_freeERR_peek_last_errorX509_LOOKUP_fileASN1_OCTET_STRING_freeOPENSSL_sk_numBIO_readERR_get_errori2d_X509_PUBKEYCRYPTO_mallocX509_STORE_set_flagsX509_NAME_ENTRY_get_dataa2i_IPADDRESSMD4_InitX509_verify_cert_error_stringBIO_s_memX509_get_subject_nameX509_freeBIO_fre eASN1_STRING_to_UTF8DES_set_keyMD4_UpdateX509_NAME_get_text_by_NIDX509_get_issuer_nameERR_reason_error_stringBIO_number_writtenMD4_FinalASN1_STRING_cmpX509_load_crl_fileBIO_newX509_VERIFY_PARAM_newX509_get_X509_PUBKEYDES_set_odd_parityOPENSSL_sk_valueDES_ecb_encryptRAND_load_fileOPENSSL_sk_pop_freeX509_STORE_add_lookupERR_clear_errorX509_VERIFY_PARAM_set_flagsASN1_STRING_lengthX509_VERIFY_PARAM_freeX509_NAME_print_exERR_error_stringX509_NAME_get_index_by_NIDCRYPTO_freeX509_NAME_get_entryX509_get_ext_d2iRAND_file_namelibpcre2-8.so.0libuuid.so.1libidn2.so.0libssl.so.3li bcrypto.so.3libz.so.1libpsl.so.5libc.so.6UUID_1.0IDN2_0.0.0OPENSSL_3.0.0GLIBC_2.8GLIBC_2.28GLIBC_2.15GLIBC_2.33GLIBC_2.4GLIBC_2.17GLIBC_2.7GLIBC_2.14GLIBC_2.34GLIBC_2.11GLIBC_2.3GLIBC_2.2.5GLIBC_2.3.4
在结尾处你会看到一个字符串OPENSSL_3.0.0
,因此我可以猜测这个 wget 是用OpenSSL 3.0.0
...但我希望有更好的方法来检查