msgid "" msgstr "" "Project-Id-Version: English (Boost Beast Translation (zh_Hans))\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2026-06-06 20:29+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: English \n" "Language: en\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" "X-Generator: Weblate 2026.5\n" #. type: section title #: 11 #, read-only msgid "SSL/TLS Certificate" msgstr "SSL/TLS Certificate" #. type: heading #: 15 #, read-only msgid "Certificate Authority" msgstr "Certificate Authority" #. type: paragraph #: 17 #, read-only msgid "" "A Certificate Authority (CA) is a trusted entity that signs digital " "certificates, enabling users to verify their authenticity. Rather than " "storing every individual certificate for each server (which would be " "impractical due to the sheer volume and frequent renewals), users can store " "a limited set of root certificates to authenticate server certificates as " "needed." msgstr "" "A Certificate Authority (CA) is a trusted entity that signs digital " "certificates, enabling users to verify their authenticity. Rather than " "storing every individual certificate for each server (which would be " "impractical due to the sheer volume and frequent renewals), users can store " "a limited set of root certificates to authenticate server certificates as " "needed." #. type: paragraph #: 23 #, read-only msgid "" "Boost.Asio provides various methods for loading certificate authority " "certificates:" msgstr "" "Boost.Asio provides various methods for loading certificate authority " "certificates:" #. type: list #: 26 #, read-only msgid "" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "add_certificate_authority.html " "`net::ssl::context::add_certificate_authority`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/add_verify_path.html " "`net::ssl::context::add_verify_path`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/load_verify_file.html " "`net::ssl::context::load_verify_file`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "set_default_verify_paths.html `net::ssl::context::set_default_verify_paths`]" msgstr "" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "add_certificate_authority.html " "`net::ssl::context::add_certificate_authority`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/add_verify_path.html " "`net::ssl::context::add_verify_path`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/load_verify_file.html " "`net::ssl::context::load_verify_file`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "set_default_verify_paths.html `net::ssl::context::set_default_verify_paths`]" #. type: paragraph #: 31 #, read-only msgid "" "It is important to set up peer verification so that the TLS/SSL handshake " "fails if certificate verification is unsuccessful:" msgstr "" "It is important to set up peer verification so that the TLS/SSL handshake " "fails if certificate verification is unsuccessful:" #. type: paragraph #: 36 #, read-only msgid "" "A client must also verify that the hostname or IP address in the certificate " "matches the expected one. The [@boost:/doc/html/boost_asio/reference/" "ssl__host_name_verification.html `net::ssl::host_name_verification`] helper " "function object can perform this verification according to the rules " "described in RFC 6125:" msgstr "" "A client must also verify that the hostname or IP address in the certificate " "matches the expected one. The [@boost:/doc/html/boost_asio/reference/" "ssl__host_name_verification.html `net::ssl::host_name_verification`] helper " "function object can perform this verification according to the rules " "described in RFC 6125:" #. type: paragraph #: 44 #, read-only msgid "" "A server can also request and verify a client certificate to authenticate " "the client:" msgstr "" "A server can also request and verify a client certificate to authenticate " "the client:" #. type: heading #: 51 #, read-only msgid "Server Certificate" msgstr "Server Certificate" #. type: paragraph #: 53 #, read-only msgid "" "A Server Certificate is a digital certificate that confirms a server's " "identity as the legitimate destination for a client. It contains a " "verifiable signature that ensures it was issued by a trusted certificate " "authority (CA)." msgstr "" "A Server Certificate is a digital certificate that confirms a server's " "identity as the legitimate destination for a client. It contains a " "verifiable signature that ensures it was issued by a trusted certificate " "authority (CA)." #. type: paragraph #: 57 #, read-only msgid "" "When a server certificate is issued by an intermediate certificate " "authority, and the client lacks those intermediate certificates, the server " "should provide all the relevant certificates to the client. This allows the " "client to verify the final certificate in the chain against the root " "certificate." msgstr "" "When a server certificate is issued by an intermediate certificate " "authority, and the client lacks those intermediate certificates, the server " "should provide all the relevant certificates to the client. This allows the " "client to verify the final certificate in the chain against the root " "certificate." #. type: paragraph #: 62 #, read-only msgid "" "The following Boost.Asio methods can be used for loading a certificate or a " "certificate chain:" msgstr "" "The following Boost.Asio methods can be used for loading a certificate or a " "certificate chain:" #. type: list #: 65 #, read-only msgid "" "* [@boost:/doc/html/boost_asio/reference/ssl__context/use_certificate.html " "`net::ssl::context::use_certificate`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_certificate_file.html `net::ssl::context::use_certificate_file`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_certificate_chain.html `net::ssl::context::use_certificate_chain`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_certificate_chain_file.html " "`net::ssl::context::use_certificate_chain_file`]" msgstr "" "* [@boost:/doc/html/boost_asio/reference/ssl__context/use_certificate.html " "`net::ssl::context::use_certificate`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_certificate_file.html `net::ssl::context::use_certificate_file`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_certificate_chain.html `net::ssl::context::use_certificate_chain`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_certificate_chain_file.html " "`net::ssl::context::use_certificate_chain_file`]" #. type: heading #: 72 #, read-only msgid "Client Certificate" msgstr "Client Certificate" #. type: paragraph #: 74 #, read-only msgid "" "A server can authenticate clients by requiring and verifying their " "certificates, preventing access for those without a valid certificate and " "private key. The server enforces this by modifying peer verification " "settings:" msgstr "" "A server can authenticate clients by requiring and verifying their " "certificates, preventing access for those without a valid certificate and " "private key. The server enforces this by modifying peer verification " "settings:" #. type: paragraph #: 80 #, read-only msgid "" "If used, the necessary CA certificates must be loaded into the server's SSL " "context to enable verification of the client's certificate." msgstr "" "If used, the necessary CA certificates must be loaded into the server's SSL " "context to enable verification of the client's certificate." #. type: heading #: 85 #, read-only msgid "Common Name and Subject Alternative Name" msgstr "Common Name and Subject Alternative Name" #. type: paragraph #: 87 #, read-only msgid "" "The Subject Alternative Name (SAN) is an extension in X.509 certificates " "that allows multiple domain names, subdomains, or IP addresses to be " "associated with a single SSL/TLS certificate. Before that it was the Common " "Name field in the certificate subject which could contain a single hostname." msgstr "" "The Subject Alternative Name (SAN) is an extension in X.509 certificates " "that allows multiple domain names, subdomains, or IP addresses to be " "associated with a single SSL/TLS certificate. Before that it was the Common " "Name field in the certificate subject which could contain a single hostname." #. type: paragraph #: 93 #, read-only msgid "" "recommends that if a certificate includes a SAN dNSName field, the client " "must ignore the subject CN field. Some modern browsers, such as Google " "Chrome, check only the SAN section in an SSL/TLS certificate and reject " "certificates that contain only the CN field." msgstr "" "recommends that if a certificate includes a SAN dNSName field, the client " "must ignore the subject CN field. Some modern browsers, such as Google " "Chrome, check only the SAN section in an SSL/TLS certificate and reject " "certificates that contain only the CN field." #. type: heading #: 100 #, read-only msgid "Private Key" msgstr "Private Key" #. type: paragraph #: 102 #, read-only msgid "" "The private key of a certificate is required during the SSL/TLS handshake to " "prove that the certificate's provider is its rightful owner" msgstr "" "The private key of a certificate is required during the SSL/TLS handshake to " "prove that the certificate's provider is its rightful owner" #. type: paragraph #: 105 #, read-only msgid "The following Boost.Asio methods can be used for loading a private key:" msgstr "The following Boost.Asio methods can be used for loading a private key:" #. type: list #: 107 #, read-only msgid "" "* [@boost:/doc/html/boost_asio/reference/ssl__context/use_private_key.html " "`net::ssl::context::use_private_key`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_private_key_file.html `net::ssl::context::use_private_key_file`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_rsa_private_key.html `net::ssl::context::use_rsa_private_key`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_rsa_private_key_file.html `net::ssl::context::use_rsa_private_key_file`]" msgstr "" "* [@boost:/doc/html/boost_asio/reference/ssl__context/use_private_key.html " "`net::ssl::context::use_private_key`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_private_key_file.html `net::ssl::context::use_private_key_file`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_rsa_private_key.html `net::ssl::context::use_rsa_private_key`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/" "use_rsa_private_key_file.html `net::ssl::context::use_rsa_private_key_file`]" #. type: paragraph #: 112 #, read-only msgid "" "If the private key is secured with a password, the [@boost:/doc/html/" "boost_asio/reference/ssl__context/set_password_callback.html " "net::ssl::context::set_password_callback] allows specifying a callable " "object to retrieve the password." msgstr "" "If the private key is secured with a password, the [@boost:/doc/html/" "boost_asio/reference/ssl__context/set_password_callback.html " "net::ssl::context::set_password_callback] allows specifying a callable " "object to retrieve the password." #. type: heading #: 119 #, read-only msgid "Self-Signed and Self-Issued Certificates" msgstr "Self-Signed and Self-Issued Certificates" #. type: paragraph #: 121 #, read-only msgid "" "A self-issued certificate is a certificate where the issuer and subject are " "the same entity." msgstr "" "A self-issued certificate is a certificate where the issuer and subject are " "the same entity." #. type: paragraph #: 124 #, read-only msgid "" "A self-signed certificate is a self-issued certificate in which the digital " "signature can be verified using the public key within the certificate." msgstr "" "A self-signed certificate is a self-issued certificate in which the digital " "signature can be verified using the public key within the certificate." #. type: paragraph #: 128 #, read-only msgid "" "Installing an untrusted, self-issued, or self-signed CA certificate poses a" msgstr "" "Installing an untrusted, self-issued, or self-signed CA certificate poses a" #. type: heading #: 137 #, read-only msgid "Diffie-Hellman (DH) Parameters" msgstr "Diffie-Hellman (DH) Parameters" #. type: paragraph #: 139 #, read-only msgid "" "Diffie-Hellman (DH) key exchange is a cryptographic protocol that allows two " "parties to securely establish a shared secret over an insecure communication " "channel. The key exchange process involves both parties agreeing on a set of " "parameters, known as Diffie-Hellman parameters, which include a large prime " "number `p` and a generator `g`. Since generating these parameters is a " "computationally expensive task, a user might prefer to provide a precomputed " "value at startup." msgstr "" "Diffie-Hellman (DH) key exchange is a cryptographic protocol that allows two " "parties to securely establish a shared secret over an insecure communication " "channel. The key exchange process involves both parties agreeing on a set of " "parameters, known as Diffie-Hellman parameters, which include a large prime " "number `p` and a generator `g`. Since generating these parameters is a " "computationally expensive task, a user might prefer to provide a precomputed " "value at startup." #. type: paragraph #: 147 #, read-only msgid "The following Boost.Asio methods can be used for loading DH parameters:" msgstr "The following Boost.Asio methods can be used for loading DH parameters:" #. type: list #: 149 #, read-only msgid "" "* [@boost:/doc/html/boost_asio/reference/ssl__context/use_tmp_dh.html " "`net::ssl::context::use_tmp_dh`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/use_tmp_dh_file.html " "`net::ssl::context::use_tmp_dh_file`]" msgstr "" "* [@boost:/doc/html/boost_asio/reference/ssl__context/use_tmp_dh.html " "`net::ssl::context::use_tmp_dh`]\n" "* [@boost:/doc/html/boost_asio/reference/ssl__context/use_tmp_dh_file.html " "`net::ssl::context::use_tmp_dh_file`]" #. type: paragraph #: 152 #, read-only msgid "" "If no DH parameter is provided, OpenSSL will refuse to perform any handshake " "that uses DHE-based cipher suites but will still work with other cipher " "suites, such as those based on ECDHE." msgstr "" "If no DH parameter is provided, OpenSSL will refuse to perform any handshake " "that uses DHE-based cipher suites but will still work with other cipher " "suites, such as those based on ECDHE." #. type: heading #: 158 #, read-only msgid "A Self-Issued Certificate Example" msgstr "A Self-Issued Certificate Example" #. type: paragraph #: 160 #, read-only msgid "" "In the following example, we will generate a self-signed CA certificate and " "use it to issue both server and client certificates." msgstr "" "In the following example, we will generate a self-signed CA certificate and " "use it to issue both server and client certificates." #. type: list #: 163 #, read-only msgid "* Generate a CA certificate:" msgstr "* Generate a CA certificate:" #. type: paragraph #: 165 #, read-only msgid "" "``` openssl req -new -newkey rsa:4096 -keyout ca.key -x509 -out ca.crt -subj " "\"/CN=localhost\" -days 365 ```" msgstr "" "``` openssl req -new -newkey rsa:4096 -keyout ca.key -x509 -out ca.crt -subj " "\"/CN=localhost\" -days 365 ```" #. type: list #: 170 #, read-only msgid "* Generate a Server CSR:" msgstr "* Generate a Server CSR:" #. type: paragraph #: 172 #, read-only msgid "" "``` openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -" "subj \"/CN=localhost\" -addext \"subjectAltName=DNS:localhost,IP:127.0.0.1\" " "```" msgstr "" "``` openssl req -new -newkey rsa:4096 -keyout server.key -out server.csr -" "subj \"/CN=localhost\" -addext \"subjectAltName=DNS:localhost,IP:127.0.0.1\" " "```" #. type: list #: 177 #, read-only msgid "* Sign the Server CSR using our CA:" msgstr "* Sign the Server CSR using our CA:" #. type: paragraph #: 179 #, read-only msgid "" "``` openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -" "copy_extensions copy -days 365 -out server.crt ```" msgstr "" "``` openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -" "copy_extensions copy -days 365 -out server.crt ```" #. type: list #: 184 #, read-only msgid "* Generate a Client CSR:" msgstr "* Generate a Client CSR:" #. type: paragraph #: 186 #, read-only msgid "" "``` openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -" "subj \"/CN=client.1\" ```" msgstr "" "``` openssl req -new -newkey rsa:4096 -keyout client.key -out client.csr -" "subj \"/CN=client.1\" ```" #. type: list #: 191 #, read-only msgid "* Sign the Client CSR using our CA:" msgstr "* Sign the Client CSR using our CA:" #. type: paragraph #: 193 #, read-only msgid "" "``` openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -days 365 -out " "client.crt ```" msgstr "" "``` openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -days 365 -out " "client.crt ```" #. type: list #: 197 #, read-only msgid "* Generate a DH parameters file:" msgstr "* Generate a DH parameters file:" #. type: paragraph #: 199 #, read-only msgid "``` openssl dhparam -out dh4096.pem 4096 ```" msgstr "``` openssl dhparam -out dh4096.pem 4096 ```" #. type: paragraph #: 203 #, read-only msgid "Server example: [path_link example/doc/ssl/server.cpp server.cpp]" msgstr "Server example: [path_link example/doc/ssl/server.cpp server.cpp]" #. type: paragraph #: 205 #, read-only msgid "" "Note that the server is configured in such a way that it requests and " "verifies the client certificate. You can disable this by commenting out the " "related line in the example." msgstr "" "Note that the server is configured in such a way that it requests and " "verifies the client certificate. You can disable this by commenting out the " "related line in the example." #. type: paragraph #: 209 #, read-only msgid "You can test the server using this cURL command:" msgstr "You can test the server using this cURL command:" #. type: paragraph #: 211 #, read-only msgid "" "``` curl https://localhost:8080 --cacert ca.crt --cert client.crt --key " "client.key ```" msgstr "" "``` curl https://localhost:8080 --cacert ca.crt --cert client.crt --key " "client.key ```" #. type: paragraph #: 215 #, read-only msgid "" "Also, you can use the client example: [path_link example/doc/ssl/client.cpp " "client.cpp]" msgstr "" "Also, you can use the client example: [path_link example/doc/ssl/client.cpp " "client.cpp]"