GIF89a=( �' 7IAXKgNgYvYx\%wh&h}t�h%�s%x�}9�R��&�0%� (�.��5�SD��&�a)�x5��;ͣ*ȡ&ղ)ׯ7׵<ѻ4�3�H֧KͯT��Y�aq��q��F� !� ' !� NETSCAPE2.0 , =( ��pH,�Ȥr�l:xШtJ�Z�جv��z��xL.:��z�n���|N�����~�������& !�0`9R�}��"�"a:S�~x��������g���E�������R���E����B�� ��ȸ��D���"�Ů� �H��L��D٫D�B�����D���T���H �G��A R�ڐ |�� ٭&��E8�S�kG�A�px�a��� R2XB��E8I���6X�:vT)�~��q�賥��"F~%x� � 4#Z�0O|-4Bs�X:= Q� Sal��yXJ`GȦ|s h��K3l7�B|�$'7Jީܪ0!��D�n=�P� ����0`�R�lj����v>���5 �.69�ϸd�����nlv�9��f{���Pbx �l5}�p� ��� �3a���I�O����!ܾ���i��9��#��)p�a ޽ �{�)vm��%D~ 6f��s}Œ�D�W E�`!� �&L8x� �ܝ{)x`X/>�}m��R�*|`D�=�_ ^�5 !_&'a�O�7�c��`DCx`�¥�9�Y�F���`?��"� �n@`�} lď��@4>�d S �v�xN��"@~d��=�g�s~G��� ���ud &p8Q�)ƫlXD����A~H�ySun�j���k*D�LH�] ��C"J��Xb~ʪwSt}6K,��q�S:9ت:���l�@�`�� �.۬�t9�S�[:��=`9N����{¿�A !R�:���6��x�0�_ �;������^���#����!����U���;0L1�����p% A��U̬ݵ��%�S��!���~`�G���� ���=4�np�3���������u�u�ٮ|%2�I��r�#0��J``8�@S@5� ���^`8E�]�.�S���7 � �0�j S�D� z���i�S�����!���l��w9*�D�I�nEX��� &A�Go�Qf��F��;���}�J����F5��Q|���X��T��y���]� o ��C=��:���PB@ D׽S�(>�C�x}`��xJЬ�۠��p+eE0`�}`A �/NE�� �9@��� H�7�!%B0`�l*��!8 2�%� �:�1�0E��ux%nP1�!�C)�P81l�ɸF#Ƭ{����B0>�� �b�`��O3��()yRpb��E.ZD8�H@% �Rx+%���c� ���f��b�d�`F�"8�XH"��-�|1�6iI, 2�$+](A*j� QT�o0.�U�`�R�}`�SN����yae�����b��o~ S)�y�@��3 �tT�0�&�+~L�f"�-|�~��>!�v��~�\Q1)}@�}h#aP72�"�$ !� " , =( &7IAXG]KgNgYvYxR"k\%w]'}h}t�h%�g+�s%r.m3ax3�x�}9��&��+�!7�0%� (�.�SD��&��;�"&ײ)׻4��6�K� �@pH,�Ȥr�l:xШtJ�Z�جv��z��xL.:��z�n���|N�����~�������& !�0`9R�}��"�"a:S�~x��������g �� E �� �������E �´��C���ǶR��D��"Ʒ�ʱH��M��GڬD�B����D��T����G���C�C� l&�~:'�tU�6ɹ#��)�'�.6�&��Ȼ K(8p0N�?!�2"��NIJX>R��OM '��2�*x�>#n� �@<[:�I�f ��T���Cdb��[�}E�5MBo��@�`@��tW-3 �x�B���jI�&E�9[T&$��ﯧ&"s��ȳ����dc�UUρ#���ldj?����`\}���u|3'�R]�6 �S#�!�FKL�*N E���`$�:e�YD�q�.�촁�s \-�jA 9�����-��M[�x(�s��x�|���p��}k�T�DpE@W� ��]k`1� ���Yb ��0l��*n0��"~zBd�~u�7�0Bl��0-�x~|U�U0 �h�*HS�|��e"#"?vp�i`e6^�+q��`m8 #V�� ��VS|`��"m"сSn|@:U���~`pb�G�ED����2F�I�? >�x� R� ��%~jx��<�a�9ij�2�D��&: Z`�]w���:�6��B�7eFJ|�ҧ�,���FǮcS�ʶ+B�,�ܺN���>PAD�HD��~���n��}�#�� Q��S���2�X�{�k�lQ�2�����w�|2� h9��G�,m���3��6-��E�L��I�³*K���q�`DwV�QXS��peS��� qܧTS����R�u �<�a�*At�lmE� � ��N[P1�ۦ��$��@`��Dpy�yXvCAy�B`}D� 0QwG#� �a[^�� $���Ǧ{L�"[��K�g�;�S~��GX.�goT.��ư��x���?1z��x~:�g�|�L� ��S`��0S]P�^p F<""�?!,�!N4&P� ����:T�@h�9%t��:�-~�I<`�9p I&.)^ 40D#p@�j4�ج:�01��rܼF2oW�#Z ;$Q q  �K��Nl#29 !F@�Bh�ᏬL!XF�LHKh�.�hE&J�G��<"WN!�����Y@� >R~19J"�2,/ &.GXB%�R�9B6�W]���W�I�$��9�RE8Y� ��"�A5�Q.axB�&ة�J�! �t)K%tS-�JF b�NMxL��)�R��"���6O!TH�H� 0 !� ) , =( &AXKgNgYvYxR"k\%wh&h}h%�g+�s%r.x3�x�}9��&��+�R,�!7�0%� (�.��5��&�a)��;�"&ף*Ȳ)ׯ7׻4�3��6�H֧KͻH�T��Y��q��h� ��pH,�Ȥr�l:xШtJ�Z�جv��z��xL.:��z�n���|N�����~�������& !�0`9R�}��"�"a:S�~x��������g �� E$����� � ����$E$��"��D� � ������R��C��� E ��H�M��G�D� �B��ϾD��a��`1r��Ӑ�� �o~�zU!L�C'�yW�UGt����ll�0���uG�)A�s[��x� �xO%��X2�  P�n:R/��aHae+�Dm?# ǣ6�8�J�x�Di�M���j���5oQ7�- <! *�l��R2r/a!l)d� A"�E���� &� ;��c �%����b��pe~C"B���H�eF2��`8qb�t_`ur`e� w�u3��Pv�h""�`�Íx�LĹ��3� �~ֺ�:���MDfJ� �۵�W�%�S�X �؁)�@��:E��w�u�Sxb8y\m�zS��Zb�E�L��w!y(>�"w�=�|��s�d �C�W)H�cC$�L �7r.�\{)@�`@ �X�$PD `aaG:���O�72E�amn]�"Rc�x�R� &dR8`g��i�xLR!�P &d����T���i�|�_ � Qi�#�`g:��:noM� :V �)p����W&a=�e�k� j���1߲s�x�W�jal|0��B0�, \j۴:6���C ��W��|��9���zĸV {�;��n��V�m�I��.��PN� ����C��+��By�ѾHŸ:��� 7�Y�FTk�SaoaY$D�S���29R�kt� ��f� ��:��Sp�3�I��DZ� �9���g��u�*3)O��[_hv ,���Et x�BH� �[��64M@�S�M7d�l�ܶ5-��U܍��z�R3Ԭ3~ ��P��5�g: ���kN�&0�j4���#{��3S�2�K�'ợl���2K{� {۶?~m𸧠�I�nE�='����^���_�=��~�#O���'���o..�Y�n��CSO��a��K��o,���b�����{�C�� "�{�K ��w��Ozdը�:$ ���v�] A#� ���a�z)Rx׿ƥ�d``�w-�y�f�K!����|��P��=�`�(f��'Pa ��BJa%��f�%`�}F����6>��`G"�}�=�!o`�^FP�ةQ�C���`(�}\�ݮ ��$<��n@dĠE#��U�I�!� #l��9`k���'Rr��Z�NB�MF �[�+9���-�wj���8�r� ,V�h"�|�S=�G_��"E� 0i*%̲��da0mVk�):;&6p>�jK ��# �D�:�c?:R Ӭf��I-�"�<�="��7�3S��c2RW ,�8(T"P0F¡Jh�" ; 403WebShell
403Webshell
Server IP : 173.249.157.85  /  Your IP : 3.143.203.223
Web Server : Apache
System : Linux server.frogzhost.com 3.10.0-1127.19.1.el7.x86_64 #1 SMP Tue Aug 25 17:23:54 UTC 2020 x86_64
User : econtech ( 1005)
PHP Version : 7.3.33
Disable Function : NONE
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /opt/cpanel/nghttp2/share/nghttp2/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /opt/cpanel/nghttp2/share/nghttp2/fetch-ocsp-response
#!/usr/bin/env python
# -*- coding: utf-8 -*-

# nghttp2 - HTTP/2 C Library

# Copyright (c) 2015 Tatsuhiro Tsujikawa

# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:

# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

# This program was translated from the program originally developed by
# h2o project (https://github.com/h2o/h2o), written in Perl.  It had
# the following copyright notice:

# Copyright (c) 2015 DeNA Co., Ltd.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.

from __future__ import unicode_literals
import argparse
import io
import os
import os.path
import re
import shutil
import subprocess
import sys
import tempfile

# make this program work for both Python 3 and Python 2.
try:
    from urllib.parse import urlparse
    stdout_bwrite = sys.stdout.buffer.write
except ImportError:
    from urlparse import urlparse
    stdout_bwrite = sys.stdout.write


def die(msg):
    sys.stderr.write(msg)
    sys.stderr.write('\n')
    sys.exit(255)


def tempfail(msg):
    sys.stderr.write(msg)
    sys.stderr.write('\n')
    sys.exit(os.EX_TEMPFAIL)


def run_openssl(args, allow_tempfail=False):
    buf = io.BytesIO()
    try:
        p = subprocess.Popen(args, stdout=subprocess.PIPE)
    except Exception as e:
        die('failed to invoke {}:{}'.format(args, e))
    try:
        while True:
            data = p.stdout.read()
            if len(data) == 0:
                break
            buf.write(data)
        if p.wait() != 0:
            raise Exception('nonzero return code {}'.format(p.returncode))
        return buf.getvalue()
    except Exception as e:
        msg = 'OpenSSL exited abnormally: {}:{}'.format(args, e)
        tempfail(msg) if allow_tempfail else die(msg)


def read_file(path):
    with open(path, 'rb') as f:
        return f.read()


def write_file(path, data):
    with open(path, 'wb') as f:
        f.write(data)


def detect_openssl_version(cmd):
    return run_openssl([cmd, 'version']).decode('utf-8').strip()


def extract_ocsp_uri(cmd, cert_fn):
    # obtain ocsp uri
    ocsp_uri = run_openssl(
        [cmd, 'x509', '-in', cert_fn, '-noout',
         '-ocsp_uri']).decode('utf-8').strip()

    if not re.match(r'^https?://', ocsp_uri):
        die('failed to extract ocsp URI from {}'.format(cert_fn))

    return ocsp_uri


def save_issuer_certificate(issuer_fn, cert_fn):
    # save issuer certificate
    chain = read_file(cert_fn).decode('utf-8')
    m = re.match(
        r'.*?-----END CERTIFICATE-----.*?(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)',
        chain, re.DOTALL)
    if not m:
        die('--issuer option was not used, and failed to extract issuer certificate from the certificate')
    write_file(issuer_fn, (m.group(1) + '\n').encode('utf-8'))


def send_and_receive_ocsp(respder_fn, cmd, cert_fn, issuer_fn, ocsp_uri,
                          ocsp_host, openssl_version):
    # obtain response (without verification)
    sys.stderr.write('sending OCSP request to {}\n'.format(ocsp_uri))
    args = [
        cmd, 'ocsp', '-issuer', issuer_fn, '-cert', cert_fn, '-url', ocsp_uri,
        '-noverify', '-respout', respder_fn
    ]
    ver = openssl_version.lower()
    if ver.startswith('openssl 1.0.') or ver.startswith('libressl '):
        args.extend(['-header', 'Host', ocsp_host])
    resp = run_openssl(args, allow_tempfail=True)
    return resp.decode('utf-8')


def verify_response(cmd, tempdir, issuer_fn, respder_fn):
    # verify the response
    sys.stderr.write('verifying the response signature\n')

    verify_fn = os.path.join(tempdir, 'verify.out')

    # try from exotic options
    allextra = [
        # for comodo
        ['-VAfile', issuer_fn],
        # these options are only available in OpenSSL >= 1.0.2
        ['-partial_chain', '-trusted_first', '-CAfile', issuer_fn],
        # for OpenSSL <= 1.0.1
        ['-CAfile', issuer_fn],
    ]

    for extra in allextra:
        with open(verify_fn, 'w+b') as f:
            args = [cmd, 'ocsp', '-respin', respder_fn]
            args.extend(extra)
            p = subprocess.Popen(args, stdout=f, stderr=f)
            if p.wait() == 0:
                # OpenSSL <= 1.0.1, openssl ocsp still returns exit
                # code 0 even if verification was failed.  So check
                # the error message in stderr output.
                f.seek(0)
                if f.read().decode('utf-8').find(
                        'Response Verify Failure') != -1:
                    continue
                sys.stderr.write('verify OK (used: {})\n'.format(extra))
                return True

    sys.stderr.write(read_file(verify_fn).decode('utf-8'))
    return False


def fetch_ocsp_response(cmd, cert_fn, tempdir, issuer_fn=None):
    openssl_version = detect_openssl_version(cmd)

    sys.stderr.write(
        'fetch-ocsp-response (using {})\n'.format(openssl_version))

    ocsp_uri = extract_ocsp_uri(cmd, cert_fn)
    ocsp_host = urlparse(ocsp_uri).netloc

    if not issuer_fn:
        issuer_fn = os.path.join(tempdir, 'issuer.crt')
        save_issuer_certificate(issuer_fn, cert_fn)

    respder_fn = os.path.join(tempdir, 'resp.der')
    resp = send_and_receive_ocsp(
        respder_fn, cmd, cert_fn, issuer_fn, ocsp_uri, ocsp_host,
        openssl_version)

    sys.stderr.write('{}\n'.format(resp))

    # OpenSSL 1.0.2 still returns exit code 0 even if ocsp responder
    # returned error status (e.g., trylater(3))
    if resp.find('Responder Error:') != -1:
        raise Exception('responder returned error')

    if not verify_response(cmd, tempdir, issuer_fn, respder_fn):
        tempfail('failed to verify the response')

    # success
    res = read_file(respder_fn)
    stdout_bwrite(res)


if __name__ == '__main__':
    parser = argparse.ArgumentParser(
        description=
        '''The command issues an OCSP request for given server certificate, verifies the response and prints the resulting DER.''',
        epilog=
        '''The command exits 0 if successful, or 75 (EX_TEMPFAIL) on temporary error.  Other exit codes may be returned in case of hard errors.''')
    parser.add_argument(
        '--issuer',
        metavar='FILE',
        help=
        'issuer certificate (if omitted, is extracted from the certificate chain)')
    parser.add_argument('--openssl',
                        metavar='CMD',
                        help='openssl command to use (default: "openssl")',
                        default='openssl')
    parser.add_argument('certificate',
                        help='path to certificate file to validate')
    args = parser.parse_args()

    tempdir = None
    try:
        # Python3.2 has tempfile.TemporaryDirectory, which has nice
        # feature to delete its tree by cleanup() function.  We have
        # to support Python2.7, so we have to do this manually.
        tempdir = tempfile.mkdtemp()
        fetch_ocsp_response(args.openssl, args.certificate, tempdir,
                            args.issuer)
    finally:
        if tempdir:
            shutil.rmtree(tempdir)

Youez - 2016 - github.com/yon3zu
LinuXploit