第一个是Google Certificate Catalog

$ openssl s_client -connect www.google.com:443 < /dev/null | openssl x509 -outform DER | openssl sha1
depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
verify error:num=20:unable to get local issuer certificate
verify return:0
DONE
405062e5befde4af97e9382af16cc87c8fb7c4e2
$ dig +short 405062e5befde4af97e9382af16cc87c8fb7c4e2.certs.googlednstest.com TXT
"14867 15062 74"

第二个是Zed Shaw写的一个脚本，加密一个文件，只有用特定网站SSL私钥才能解密

set -e

echo "Encrypting $2 for $1."

# make a directory to store results for this site
mkdir -p results/$1

# get that site's SSL certificate, validating it with the cacert.pem we have
echo "QUIT" | openssl s_client -CAfile cacert.pem -connect $1:443 > results/$1/cert.pem

# generate a random password from urandom
dd if=/dev/urandom of=results/$1/pass.txt bs=1 count=96

# use the raw password and AES to encrypt the output
openssl enc -a -aes-256-cbc -salt -in $2 -out results/$1/file.enc -pass file:results/$1/pass.txt

# then, use the above public cert to encrypt the pass key
openssl rsautl -encrypt -inkey results/$1/cert.pem -pubin -certin -in results/$1/pass.txt -out results/$1/pass.enc

# finally, delete the password so it's not around and accidentally leaked
rm results/$1/pass.txt

echo "ALL DONE"

很酷。

最后是今天的rant：（不喜勿看，真的。）

Youtube那个全屏自动切换到高清分辨率的bug又出现了，尼玛的辛辛苦苦缓冲了半个小时的视频一点全屏就白下载了，你说复杂的东西出点bug也就算了，这种初中生写flash都不会犯的错误你他妈反复多次犯。我艹你妈youtube的工程师和QA都他妈吃屎的么？加上这样的新闻，我真觉得这种垃圾公司早点倒闭算了。