WO2022068269A1 - Server communication method and apparatus, computer device, and storage medium - Google Patents

Server communication method and apparatus, computer device, and storage medium Download PDF

Info

Publication number
WO2022068269A1
WO2022068269A1 PCT/CN2021/100342 CN2021100342W WO2022068269A1 WO 2022068269 A1 WO2022068269 A1 WO 2022068269A1 CN 2021100342 W CN2021100342 W CN 2021100342W WO 2022068269 A1 WO2022068269 A1 WO 2022068269A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
domain name
session
content
information
Prior art date
Application number
PCT/CN2021/100342
Other languages
French (fr)
Chinese (zh)
Inventor
刘华
Original Assignee
北京金山云网络技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京金山云网络技术有限公司 filed Critical 北京金山云网络技术有限公司
Publication of WO2022068269A1 publication Critical patent/WO2022068269A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Abstract

The present disclosure relates to a server communication method and device, a computer device, and a storage medium, and relates to the technical field of cloud computing. The method comprises: receiving a first handshake request, the first handshake request comprising a first certificate, first session information, and a target domain name; when domain name information in the first certificate matches a first domain name of a first server and verification of a session identifier in the first session information is successful, responding to the first handshake request, the domain names of all of the servers in a content delivery network being the same.

Description

服务器的通信方法、装置、计算机设备和存储介质Communication method, apparatus, computer equipment and storage medium of server
本公开要求于2020年9月29日向中华人民共和国国家知识产权局提交的申请号为202011051216.2、发明名称为“服务器的通信方法、装置、计算机设备和存储介质”的发明专利申请的全部权益,并通过引用的方式将其全部内容并入本公开。This disclosure claims all rights and interests of the invention patent application with the application number 202011051216.2 and the invention title "Communication method, device, computer equipment and storage medium for server" submitted to the State Intellectual Property Office of the People's Republic of China on September 29, 2020, and It is incorporated by reference into this disclosure in its entirety.
技术领域technical field
本公开涉及云计算技术领域,更具体地涉及服务器的通信方法、装置、计算机设备和存储介质。The present disclosure relates to the technical field of cloud computing, and more particularly, to a communication method, apparatus, computer device and storage medium of a server.
背景技术Background technique
CDN(Content Delivery Network,内容分发网络)是构建在现有网络基础之上的智能虚拟网络,依靠部署在各地的边缘服务器,通过中心平台的负载均衡、内容分发、调度等功能模块,使用户就近获取所需内容,降低网络拥塞,提高用户访问响应速度和命中率。CDN的关键技术主要有内容存储和分发技术。CDN (Content Delivery Network, Content Delivery Network) is an intelligent virtual network built on the basis of the existing network, relying on edge servers deployed in various places, through the load balancing, content distribution, scheduling and other functional modules of the central platform, so that users can be nearby Get the content you need, reduce network congestion, and improve user access response speed and hit rate. The key technologies of CDN mainly include content storage and distribution technology.
对于CDN这种分布式架构,有层级之分,越接近源站的服务器数量越少,越接近客户端的服务器数量越多,因此CDN内部和源站必然存在跨运营商、跨区域传输的可能性,因此这些公网之间传输也存在HTTPS(Hyper Text Transfer Protocol over SecureSocket Layer,超文本传输安全协议)传输的需求,称之为全链路HTTPS,CDN内部本身也是基于HTTPS协议,HTTPS协议很容易让服务器CPU消耗过高。For the distributed architecture of CDN, there are different levels. The number of servers closer to the source site is less, and the number of servers closer to the client is greater. Therefore, there must be the possibility of cross-operator and cross-regional transmission within the CDN and the source site. , so there is also a need for HTTPS (Hyper Text Transfer Protocol over SecureSocket Layer) transmission between these public networks, which is called full-link HTTPS. The CDN itself is also based on the HTTPS protocol, and the HTTPS protocol is very easy Excessive server CPU consumption.
发明内容SUMMARY OF THE INVENTION
第一方面,本公开提供了服务器的通信方法,应用于第一服务器,所述第一服务器为内容分发网络中的服务器,包括:接收第一握手请求,所述第一握手请求包括第一证书、第一会话信息和目标域名;以及在所述第一证书中的域名信息与所述第一服务器的第一域名匹配、且对所述第一会话信息中的会话标识验证成功的情况下,对所述第一握手请求进行响应,其中,所述内容分发网络中所有服务器的域名相同。In a first aspect, the present disclosure provides a communication method for a server, which is applied to a first server, where the first server is a server in a content distribution network, comprising: receiving a first handshake request, where the first handshake request includes a first certificate , the first session information and the target domain name; and in the case that the domain name information in the first certificate matches the first domain name of the first server, and the verification of the session identifier in the first session information is successful, Respond to the first handshake request, wherein all servers in the content distribution network have the same domain name.
第二方面,本公开提供了服务器的通信方法,应用于第二服务器,所述第二服务器为内容分发网络中的服务器,包括:接收第三握手请求,所述第三握手请求包括第三证书、第三会话信息和目标域名;在所述第三证书中的域名信息与所述第二服务器的第三域名匹配、对所述第三会话信息 中的会话标识验证成功、且在所述第二服务器的存储器中未查找到与所述目标域名匹配的内容的情况下,生成第一握手请求,并发送所述第一握手请求至第一服务器,所述第一握手请求包括第一证书、第一会话信息和所述目标域名;以及接收来自所述第一服务器的响应内容。In a second aspect, the present disclosure provides a communication method for a server, which is applied to a second server, where the second server is a server in a content distribution network, comprising: receiving a third handshake request, where the third handshake request includes a third certificate , the third session information and the target domain name; the domain name information in the third certificate matches the third domain name of the second server, the verification of the session identifier in the third session information is successful, and the If no content matching the target domain name is found in the memory of the second server, generate a first handshake request, and send the first handshake request to the first server, where the first handshake request includes the first certificate, first session information and the target domain name; and receiving a response content from the first server.
第三方面,本公开提供了服务器的通信方法,应用于客户端,包括:发送第四握手请求至第二服务器,所述第四握手请求包括目标域名、通信地址信息和第二会话信息;以及在所述通信地址信息中的域名信息与所述第二服务器的第二域名匹配、且对所述第二会话信息中的会话标识验证成功的情况下,接收来自所述第二服务器的响应内容,所述响应内容为与所述目标域名匹配的内容。In a third aspect, the present disclosure provides a communication method for a server, applied to a client, comprising: sending a fourth handshake request to a second server, where the fourth handshake request includes a target domain name, communication address information and second session information; and In the case that the domain name information in the communication address information matches the second domain name of the second server, and the verification of the session identifier in the second session information is successful, receive the response content from the second server , and the response content is content matching the target domain name.
第四方面,本公开提供了服务器的通信装置,包括:第一握手请求接收模块,设置为接收第一握手请求,所述第一握手请求包括第一证书、第一会话信息和目标域名;以及握手响应模块,设置为在所述第一证书中的域名信息与所述第一服务器的第一域名匹配、且对所述第一会话信息中的会话标识验证成功的情况下,对所述第一握手请求进行响应,其中,所述内容分发网络中所有服务器的域名相同。In a fourth aspect, the present disclosure provides a communication device for a server, comprising: a first handshake request receiving module configured to receive a first handshake request, wherein the first handshake request includes a first certificate, first session information and a target domain name; and a handshake response module, configured to: in the case that the domain name information in the first certificate matches the first domain name of the first server and the session identifier in the first session information is successfully verified, A handshake request is responded to, wherein the domain names of all servers in the content distribution network are the same.
第五方面,本公开提供了服务器的通信装置,包括:第三握手请求接收模块,设置为接收第三握手请求,所述第三握手请求包括第三证书、第三会话信息和目标域名;第一握手请求发送模块,设置为在所述第三证书中的域名信息与所述第二服务器的第三域名匹配、对所述第三会话信息中的会话标识验证成功、且在所述第二服务器的存储器中未查找到与所述目标域名匹配的内容的情况下,生成第一握手请求,并发送所述第一握手请求至第一服务器,所述第一握手请求包括第一证书、第一会话信息和所述目标域名;以及第一响应内容接收模块,设置为接收来自所述第一服务器的响应内容。In a fifth aspect, the present disclosure provides a communication device for a server, comprising: a third handshake request receiving module configured to receive a third handshake request, wherein the third handshake request includes a third certificate, third session information and a target domain name; a handshake request sending module, configured so that the domain name information in the third certificate matches the third domain name of the second server, the session identifier in the third session information is successfully verified, and the second If no content matching the target domain name is found in the memory of the server, a first handshake request is generated, and the first handshake request is sent to the first server, where the first handshake request includes the first certificate, the first handshake request, and the first handshake request. a session information and the target domain name; and a first response content receiving module configured to receive the response content from the first server.
第六方面,本公开提供了服务器的通信装置,包括:第三握手请求发送模块,设置为发送第四握手请求至第二服务器,所述第四握手请求包括目标域名、通信地址信息和第二会话信息;以及第二响应内容接收模块,设置为在所述通信地址信息中的域名信息与所述第二服务器的第二域名匹配、且对所述第二会话信息中的会话标识验证成功的情况下,接收来自所述第二服务器的响应内容,所述响应内容为与所述目标域名匹配的内容。In a sixth aspect, the present disclosure provides a communication device for a server, comprising: a third handshake request sending module configured to send a fourth handshake request to a second server, where the fourth handshake request includes a target domain name, communication address information and a second handshake request. session information; and a second response content receiving module, configured to match the domain name information in the communication address information with the second domain name of the second server and successfully verify the session identifier in the second session information In this case, a response content from the second server is received, where the response content is content matching the target domain name.
在某些实施方式中,本公开提供了计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现以下步骤:接收第一握手请求,所述第一握手请求包括第一证书、第一会话信息和目标域名;以及在所述第一证书中的域名信 息与所述第一服务器的第一域名匹配、且对所述第一会话信息中的会话标识验证成功的情况下,对所述第一握手请求进行响应,其中,所述内容分发网络中所有服务器的域名相同。In certain embodiments, the present disclosure provides a computer apparatus including a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor executing the computer program to perform the steps of: receiving a first handshake request, where the first handshake request includes a first certificate, first session information, and a target domain name; and the domain name information in the first certificate matches the first domain name of the first server, and is valid for all In the case of successful verification of the session identifier in the first session information, the first handshake request is responded to, wherein the domain names of all servers in the content distribution network are the same.
在某些实施方式中,本公开提供了计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现以下步骤:接收第一握手请求,所述第一握手请求包括第一证书、第一会话信息和目标域名;以及在所述第一证书中的域名信息与所述第一服务器的第一域名匹配、且对所述第一会话信息中的会话标识验证成功的情况下,对所述第一握手请求进行响应,其中,所述内容分发网络中所有服务器的域名相同。In certain embodiments, the present disclosure provides a computer-readable storage medium having stored thereon a computer program that, when executed by a processor, implements the steps of: receiving a first handshake request, the first handshake request comprising: The first certificate, the first session information and the target domain name; and the domain name information in the first certificate matches the first domain name of the first server, and the session identifier in the first session information is successfully verified In the case of responding to the first handshake request, the domain names of all servers in the content distribution network are the same.
在某些实施方式中,本公开提供了服务器的通信方法、装置、计算机设备和存储介质,所述方法包括:接收第一握手请求,所述第一握手请求包括第一证书、第一会话信息和目标域名;在所述第一证书中的域名信息与所述第一服务器的第一域名匹配、且对所述第一会话信息中的会话标识验证成功的情况下,对所述第一握手请求进行响应,其中,所述内容分发网络中所有服务器的域名相同。通过证书中的域名信息、会话信息与其他服务器或客户端进行握手,由于不同的客户在进行TLS/SSL握手时采用不同的域名,在握手过程容易导致CDN内部CPU消耗过高,将内容分发网络中所有服务器的域名配置为相同的域名,简短了内容分发网络中各个服务器之间的握手,从而降低了CDN内部CPU消耗。In some embodiments, the present disclosure provides a communication method, apparatus, computer device and storage medium for a server, the method includes: receiving a first handshake request, the first handshake request including a first certificate, first session information and the target domain name; in the case that the domain name information in the first certificate matches the first domain name of the first server and the session identifier in the first session information is successfully verified, the first handshake The request is responded to, wherein the domain names of all servers in the content distribution network are the same. Handshake with other servers or clients through the domain name information and session information in the certificate. Since different clients use different domain names in the TLS/SSL handshake process, it is easy to cause excessive CPU consumption in the CDN during the handshake process. The domain names of all servers in the CDN are configured with the same domain name, which shortens the handshake between each server in the content distribution network, thereby reducing the internal CPU consumption of the CDN.
附图简要说明Brief Description of Drawings
此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本公开的实施例,并与说明书一起用于解释本公开的原理。The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description serve to explain the principles of the disclosure.
为了更清楚地说明本公开实施例或在一些情形下的技术方案,下面将对实施例或在一些情形下所需要使用的附图作简单地介绍,显而易见地,对于本领域普通技术人员而言,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in some situations, the following briefly introduces the embodiments or the accompanying drawings that need to be used in some situations. It is obvious to those skilled in the art that , on the premise of no creative labor, other drawings can also be obtained from these drawings.
图1为一个实施例中服务器的通信方法的应用环境图;Fig. 1 is the application environment diagram of the communication method of the server in one embodiment;
图2为一个实施例中服务器的通信方法的流程示意图;2 is a schematic flowchart of a communication method of a server in one embodiment;
图3为一个实施例中服务器的通信方法的流程示意图;3 is a schematic flowchart of a communication method of a server in one embodiment;
图4为一个实施例中服务器的通信方法的流程示意图;4 is a schematic flowchart of a communication method of a server in one embodiment;
图5为一个实施例中服务器的通信装置的结构框图;5 is a structural block diagram of a communication device of a server in one embodiment;
图6为一个实施例中服务器的通信装置的结构框图;6 is a structural block diagram of a communication device of a server in one embodiment;
图7为一个实施例中服务器的通信装置的结构框图;7 is a structural block diagram of a communication device of a server in one embodiment;
图8为一个实施例中计算机设备的内部结构图。FIG. 8 is a diagram of the internal structure of a computer device in one embodiment.
具体实施方式Detailed ways
为使本公开实施例的目的、技术方案和优点更加清楚,下面将结合本公开实施例中的附图,对本公开实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本公开的一部分实施例,而不是全部的实施例。基于本公开中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本公开保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present disclosure clearer, the technical solutions in the embodiments of the present disclosure will be described clearly and completely below with reference to the accompanying drawings in the embodiments of the present disclosure. Obviously, the described embodiments These are some, but not all, embodiments of the present disclosure. Based on the embodiments in the present disclosure, all other embodiments obtained by those of ordinary skill in the art without creative work fall within the protection scope of the present disclosure.
图1为一个实施例中服务器的通信方法的应用环境图。参照图1,该服务器的通信方法应用于服务器的通信系统。该服务器的通信系统包括客户端110和内容分发网络(CDN)120。客户端110和内容分发网络120通过HTTPS协议进行通信。客户端110可以是台式终端或移动终端,移动终端可以手机、平板电脑、笔记本电脑等中的至少一种。内容分发网络120包括源站服务器和各个层级的服务器,各个层级的服务器可以用独立的服务器或者是多个服务器组成的服务器集群来实现,内容分发网络120内各个服务器之间通过HTTPS协议完成通信。通过HTTPS协议通信包括但不仅限于TCP握手阶段、TLS握手阶段和HTTP响应阶段。FIG. 1 is an application environment diagram of a communication method of a server in one embodiment. Referring to FIG. 1 , the communication method of the server is applied to the communication system of the server. The server's communication system includes a client 110 and a content distribution network (CDN) 120 . The client 110 and the content distribution network 120 communicate via the HTTPS protocol. The client 110 may be a desktop terminal or a mobile terminal, and the mobile terminal may be at least one of a mobile phone, a tablet computer, a notebook computer, and the like. The content distribution network 120 includes an origin server and servers at various levels. The servers at each level can be implemented by an independent server or a server cluster composed of multiple servers. Each server in the content distribution network 120 completes communication through the HTTPS protocol. Communication through the HTTPS protocol includes, but is not limited to, the TCP handshake phase, the TLS handshake phase, and the HTTP response phase.
在一个实施例中,图2为一个实施例中服务器的通信方法的流程示意图,参照图2,提供了服务器的通信方法。本实施例主要以该方法应用于上述图1中内容分发网络120中的服务器来举例说明,将该服务器作为第一服务器,该服务器的通信方法包括如下步骤:In one embodiment, FIG. 2 is a schematic flowchart of a communication method of a server in an embodiment. Referring to FIG. 2 , a communication method of a server is provided. In this embodiment, the method is mainly applied to the server in the content distribution network 120 in FIG. 1 as an example, and the server is used as the first server, and the communication method of the server includes the following steps:
步骤S210,接收第一握手请求,第一握手请求包括第一证书和第一会话信息;以及Step S210, receiving a first handshake request, where the first handshake request includes a first certificate and first session information; and
步骤S220,在第一证书中的域名信息与第一服务器的第一域名匹配、且对第一会话信息中的会话标识验证成功的情况下,对第一握手请求进行响应,其中,内容分发网络中所有服务器的域名相同。Step S220, in the case that the domain name information in the first certificate matches the first domain name of the first server and the session identifier in the first session information is successfully verified, respond to the first handshake request, wherein the content distribution network All servers have the same domain name.
在本实施例中,在与第一服务器完成TCP握手阶段的情况下,进行TLS握手阶段,第一握手请求为TLS握手阶段的握手请求(ClientHello),第一握手请求可以来自其他较低层级的服务器或客户端,在第一握手请求来自其他较低层级的服务器的情况下,第一握手请求包括第一证书、第一会话信息和目标域名,第一证书包括签名信息和域名信息,第一证书在TLS握手过程中用于进行签名认证和域名验证,域名信息为TLS阶段用于指示待访问服务器的标识信息,第一会话信息用于恢复与第一服务器之间的上次会话记录,省略TLS握手阶段中协商加密密钥的过程,无需耗费时间重新进行一次完整的TLS握手操作,目标域名为在TLS握手阶段握手成功的情况下,在HTTP响应阶段中待访问站点的域名。In this embodiment, when the TCP handshake phase is completed with the first server, the TLS handshake phase is performed. The first handshake request is a handshake request (ClientHello) in the TLS handshake phase, and the first handshake request may come from other lower-level servers. The server or client, when the first handshake request comes from other lower-level servers, the first handshake request includes the first certificate, the first session information and the target domain name, the first certificate includes the signature information and the domain name information, the first The certificate is used for signature authentication and domain name verification during the TLS handshake process. The domain name information is the identification information used to indicate the server to be accessed in the TLS phase. The first session information is used to restore the last session record with the first server. It is omitted. In the process of negotiating the encryption key in the TLS handshake phase, there is no need to spend time re-performing a complete TLS handshake operation. The target domain name is the domain name of the site to be accessed in the HTTP response phase if the handshake is successful in the TLS handshake phase.
在本实施例中,第一域名为第一服务器的域名标识,第一证书中的域名信息与第一服务器的第一域名匹配,确定第一服务器为待访问服务器,会话标识为上次会话中的会话记录标识,会话标识包括会话票证和会话编码,对第一会话信息中的会话标识验证成功,表示第一服务器成功恢复会话,上述域名信息和会话标识两点均验证成功,证明握手成功,根据目标域名对第一握手请求进行响应,进入HTTP响应阶段。由于TLS握手阶段和HTTP响应阶段对应不同的配置,因此TLS握手阶段不影响HTTP响应阶段的响应。In this embodiment, the first domain name is the domain name identifier of the first server, the domain name information in the first certificate matches the first domain name of the first server, it is determined that the first server is the server to be accessed, and the session identifier is the one in the last session. The session record identifier includes the session ticket and the session code. If the session identifier in the first session information is successfully verified, it means that the first server has successfully resumed the session. Both the domain name information and the session identifier are verified successfully, which proves that the handshake is successful. Respond to the first handshake request according to the target domain name, and enter the HTTP response stage. Since the TLS handshake phase and the HTTP response phase correspond to different configurations, the TLS handshake phase does not affect the response of the HTTP response phase.
由于CDN内部的服务器通常服务了很多的域名,不同的握手请求中的域名信息指定不同的域名,所以需要与域名信息对应的域名证书进行通信,在服务器中无法找到与域名信息匹配的域名证书的情况下,会出现SSL/TLS握手不成功的错误,且对应不同的域名信息查找与之匹配的域名证书,匹配过程繁琐、耗时久。将CDN内部所有服务器的域名配置为同一域名,CDN内部所有服务器对应同一个域名证书,在CDN内部的各个服务器之间,进行TLS握手的过程中为域名信息匹配对应的域名证书时,由于待访问服务器仅包括一个与域名信息匹配的域名证书,缩短了域名匹配时长,缩短了握手时长,简短了内容分发网络中各个服务器之间的握手,从而降低了CDN内部CPU消耗。Since the server inside the CDN usually serves many domain names, the domain name information in different handshake requests specifies different domain names, so it is necessary to communicate with the domain name certificate corresponding to the domain name information, and the server cannot find the domain name certificate that matches the domain name information. In this case, there will be an error that the SSL/TLS handshake is unsuccessful, and the matching domain name certificate will be searched for different domain name information. The matching process is cumbersome and time-consuming. Configure the domain names of all servers in the CDN to be the same domain name, and all the servers in the CDN correspond to the same domain name certificate. When the domain name information matches the corresponding domain name certificate during the TLS handshake process between the servers in the CDN, due to the pending access The server only includes a domain name certificate that matches the domain name information, which shortens the domain name matching time, shortens the handshake time, and shortens the handshake between each server in the content distribution network, thereby reducing the internal CPU consumption of the CDN.
在一个实施例中,域名信息包括第二域名,从第一证书中解析出第二域名,并获取为第一服务器配置的第一域名;在第二域名与第一域名相同的情况下,确定域名信息与第一域名匹配。In one embodiment, the domain name information includes a second domain name, the second domain name is parsed from the first certificate, and the first domain name configured for the first server is obtained; if the second domain name is the same as the first domain name, determine The domain name information matches the first domain name.
在一实施方式中,通过解析第一证书中的第一域名信息得到第二域名,第二域名为在第一握手请求中的SNI(Server Name Indication,服务器名称指示),在第二域名与第一服务器的第一域名相同的情况下,判定第一服务器为待访问服务器,第一服务器允许对第一握手请求进行响应;在第二域名与第一服务器的第一域名不相同的情况下,判定第一服务器不是第一握手请求对应的待访问服务器,第一服务器无法对第一握手请求进行响应。In one embodiment, the second domain name is obtained by parsing the first domain name information in the first certificate, the second domain name is the SNI (Server Name Indication, server name indication) in the first handshake request, and the second domain name and the first If the first domain name of a server is the same, it is determined that the first server is the server to be accessed, and the first server is allowed to respond to the first handshake request; if the second domain name is different from the first domain name of the first server, It is determined that the first server is not the server to be accessed corresponding to the first handshake request, and the first server cannot respond to the first handshake request.
在一个实施例中,接收到配置指令,其中,配置指令是发送给内容分发网络中所有服务器的指令;按照配置指令的指示将第一服务器的域名配置为第一域名。In one embodiment, a configuration instruction is received, wherein the configuration instruction is an instruction sent to all servers in the content distribution network; the domain name of the first server is configured as the first domain name according to the instruction of the configuration instruction.
在一实施方式中,在接收第一握手请求之前,CDN内部的所有服务器接收用于配置域名信息的配置指令,执行配置指令,配置指令为用于将服务器的域名配置为指定域名的指令,配置指令携带待配置的指定域名,指定域名可自定义,即上述第一域名为指定域名,按照配置指令将CDN内部所有服务器的域名配置为相同的指定域名,即将CDN内部所有服务器的 Nginx(engine x,Web服务器)配置为同一指定域名,在CDN内部服务器之间进行TLS握手时,由于域名信息相同,缩短了确定待访问服务器的时长,简短了TLS握手,从而降低了CDN内部CPU消耗。In one embodiment, before receiving the first handshake request, all servers inside the CDN receive a configuration instruction for configuring domain name information, and execute the configuration instruction, where the configuration instruction is an instruction for configuring the domain name of the server as a specified domain name, and configure The command carries the specified domain name to be configured, and the specified domain name can be customized, that is, the first domain name above is the specified domain name. According to the configuration instructions, configure the domain names of all servers in the CDN to the same specified domain name, that is, the Nginx (engine x) of all servers in the CDN. , Web server) is configured with the same specified domain name, when the TLS handshake is performed between CDN internal servers, due to the same domain name information, the time for determining the server to be accessed is shortened, and the TLS handshake is shortened, thereby reducing the internal CPU consumption of the CDN.
在一个实施例中,在第一服务器的存储器上查找到与目标域名匹配的第一内容的情况下,返回第一内容;在第一服务器的存储器上未查找到与目标域名匹配的第一内容的情况下,返回第二内容,其中,第二内容为内容分发网络从源站服务器的存储器中查找到的与目标域名匹配的内容。In one embodiment, if the first content matching the target domain name is found in the storage of the first server, the first content is returned; the first content matching the target domain name is not found in the storage of the first server In the case of , return the second content, where the second content is the content matching the target domain name found by the content distribution network from the storage of the origin server.
在一实施方式中,在第一服务器的存储器上查找到与目标域名匹配的第一内容的情况下,即在与第一服务器完成TLS握手阶段的情况下,第一服务器允许对第一握手请求进行响应,进入HTTP响应阶段,在第一服务器的存储器中查找与目标域名匹配的待访问站点,在第一服务器的存储器上查找到与目标域名匹配的待访问站点的情况下,将该待访问站点的内容作为第一内容,并返回第一内容。In one embodiment, when the first content matching the target domain name is found on the memory of the first server, that is, when the TLS handshake phase is completed with the first server, the first server allows the first handshake request to be made. Respond, enter the HTTP response stage, look up the site to be visited that matches the target domain name in the memory of the first server, and find the site to be visited that matches the target domain name in the memory of the first server, the to-be-visited site is found. The content of the site is used as the first content, and the first content is returned.
在第一服务器的存储器中未查找到与目标域名匹配的待访问站点的情况下,证明第一服务器中不存在与目标域名匹配的内容,第一服务器作为客户端通过HTTPS协议向其他服务器请求与目标域名匹配的待访问站点,在其他服务器的存储器中查找到与目标域名匹配的待访问站点的情况下,将该待访问站点的内容作为第二内容返回。In the case where the to-be-visited site matching the target domain name is not found in the memory of the first server, it is proved that there is no content matching the target domain name in the first server, and the first server, as a client, requests other servers for The to-be-visited site matching the target domain name, in the case that the to-be-visited site matching the target domain name is found in the memory of other servers, the content of the to-be-visited site is returned as the second content.
在除源站服务器的其他服务器上均无法查找到与目标域名匹配的待访问站点的情况下,从源站服务器的存储器中查找与目标域名匹配的待访问站点,将源站服务器的存储器中与目标域名匹配的待访问站点作为第二内容并返回。If the site to be accessed that matches the target domain name cannot be found on other servers except the origin server, the site to be accessed that matches the target domain name is searched from the storage of the origin server, and the storage of the origin server is matched with that of the destination domain name. The to-be-visited site matching the target domain name is used as the second content and returned.
在一个实施例中,在返回第二内容之前,生成第二握手请求,其中,第二握手请求包括第二证书、第二会话信息和目标域名;发送第二握手请求至源站服务器;接收来自源站服务器反馈的第二内容,第二内容为在第二证书中的域名信息解析后的逻辑地址与源站服务器中的逻辑地址匹配、且源站服务器对第二会话信息验证成功的情况下,在源站服务器的存储器中查找到的与目标域名相匹配的内容。In one embodiment, before returning the second content, a second handshake request is generated, wherein the second handshake request includes the second certificate, the second session information and the target domain name; the second handshake request is sent to the origin server; The second content returned by the origin server, where the second content is in the case that the parsed logical address of the domain name information in the second certificate matches the logical address in the origin server, and the origin server successfully verifies the second session information , the content found in the storage of the origin server that matches the target domain name.
在一实施方式中,在第一服务器作为最接近源站服务器的服务器、在第一服务器的存储器中未查找到与目标域名匹配的待访问站点、且在第一服务器与源站服务器完成TCP握手阶段的情况下,第一服务器作为客户端生成第二握手请求,将第二握手请求发送至源站服务器,第二握手请求为TLS握手阶段的握手请求,第二握手请求包括第二证书、第二会话信息和目标域名,第二证书包括签名信息和域名信息,第二证书在TLS握手过程中用于进行签名认证和域名验证,域名信息为TLS阶段用于指示待访问服 务器的标识信息,第二会话信息用于恢复会话,省略TLS握手阶段中协商加密密钥的过程,无需耗费时间重新进行一次完整的TLS握手操作。In one embodiment, the first server is the server closest to the origin server, the site to be accessed that matches the target domain name is not found in the memory of the first server, and the first server and the origin server complete the TCP handshake. In the case of the TLS handshake stage, the first server generates a second handshake request as a client, and sends the second handshake request to the origin server. The second handshake request is a handshake request in the TLS handshake stage, and the second handshake request includes the second certificate, the first Second session information and target domain name, the second certificate includes signature information and domain name information, the second certificate is used for signature authentication and domain name verification in the TLS handshake process, the domain name information is the identification information used to indicate the server to be accessed in the TLS phase, and the second certificate is used for signature authentication and domain name verification during the TLS handshake process. The second session information is used to resume the session, and the process of negotiating the encryption key in the TLS handshake phase is omitted, and there is no need to spend time re-performing a complete TLS handshake operation.
在第二证书中的域名信息解析后的逻辑地址与源站服务器中的逻辑地址匹配、且源站服务器对第二会话信息验证成功的情况下,即源站服务器与第一服务器在TLS握手阶段握手成功,源站服务器允许对第一服务器的第二握手请求进行响应,进入HTTP响应阶段,将源站服务器的存储器中,与目标域名匹配的待访问站点的内容作为第二内容,第一服务器接收来自源站服务器发送的第二内容。In the case where the parsed logical address of the domain name information in the second certificate matches the logical address in the origin server, and the origin server successfully verifies the second session information, that is, the origin server and the first server are in the TLS handshake stage. If the handshake is successful, the origin server allows to respond to the second handshake request of the first server, and enters the HTTP response stage, and uses the content of the site to be accessed that matches the target domain name in the memory of the origin server as the second content, and the first server The second content sent from the origin server is received.
在一个实施例中,在第一服务器对会话标识的会话票证验证成功、或会话标识的会话编码与第一服务器中的编码会话标识匹配的情况下,对第一会话信息中的会话标识验证成功。In one embodiment, in the case that the first server successfully verifies the session ticket of the session identifier, or the session code of the session identifier matches the encoded session identifier in the first server, the verification of the session identifier in the first session information succeeds .
在一实施方式中,会话标识包括会话票证(Session Ticket)和会话编码(Session ID),会话票证和会话编码为TLS握手阶段中的会话握手记录,在第一服务器对会话票证成功解密获得上次会话密钥的情况下,判定第一服务器对第一会话信息中的会话标识验证成功,根据上次会话密钥恢复会话,完成TLS握手。In one embodiment, the session identifier includes a session ticket (Session Ticket) and a session code (Session ID), and the session ticket and session code are session handshake records in the TLS handshake phase, and the first server successfully decrypts the session ticket to obtain the last In the case of the session key, it is determined that the first server successfully authenticates the session identifier in the first session information, restores the session according to the last session key, and completes the TLS handshake.
在一实施方式中,在第一服务器中查找到与第一会话信息中会话编码相同的会话编码的情况下,也可判定第一服务器对第一会话信息中的会话标识验证成功,根据会话编码恢复会话,完成TLS握手。In one embodiment, in the case where the same session code as the session code in the first session information is found in the first server, it can also be determined that the first server successfully authenticates the session identifier in the first session information, according to the session code. Resume the session and complete the TLS handshake.
在一个实施例中,所述会话标识包括会话票证和会话编码,在第一服务器对会话标识的会话票证验证成功的情况下,对所述第一会话信息中的会话标识验证成功;在第一服务器对会话标识的会话票证验证失败的情况下,验证会话标识的会话编码与第一服务器中的会话编码是否匹配,在会话标识的会话编码与第一服务器中的会话编码匹配的情况下,对第一会话信息中的会话标识验证成功。In one embodiment, the session identifier includes a session ticket and a session code, and if the first server successfully verifies the session ticket of the session identifier, the session identifier in the first session information is verified successfully; in the first server In the case where the server fails to verify the session ticket of the session ID, verify whether the session ID of the session ID matches the session ID in the first server, and if the session ID of the session ID matches the session ID in the first server, verify whether the session ID matches the session ID in the first server. The session identifier in the first session information is verified successfully.
在一实施方式中,在第一会话信息中同时包括会话票证和会话编码的情况下,第一服务器优先对会话票证进行解密验证,在第一服务器对会话票证进行解密获得上次会话密钥的情况下,无需再在第一服务器中查找与第一会话信息的会话编码相同的会话编码。In one embodiment, when the first session information includes both the session ticket and the session code, the first server preferentially decrypts and verifies the session ticket, and decrypts the session ticket at the first server to obtain the last session key. In this case, there is no need to search the first server for the same session code as the session code of the first session information.
在第一服务器对会话票证解密失败的情况下,再在第一服务器中查找与第一会话信息的会话编码相同的会话编码。In the case that the first server fails to decrypt the session ticket, search the first server for the same session code as the session code of the first session information.
在一个实施例中,图3为一个实施例中服务器的通信方法的流程示意图,参照图3,本实施例提供了服务器的通信方法,应用于第二服务器,第二服务器为内容分发网络中的服务器,且第二服务器为上述第一服务器的下层服务器,即第一服务器较第二服务器更靠近源站服务器,第二服务器 较第一服务器更靠近客户端,方法包括:In one embodiment, FIG. 3 is a schematic flowchart of a communication method for a server in an embodiment. Referring to FIG. 3 , this embodiment provides a communication method for a server, which is applied to a second server, and the second server is a server in a content distribution network. server, and the second server is a lower-level server of the first server, that is, the first server is closer to the origin server than the second server, and the second server is closer to the client than the first server. The method includes:
步骤S310,接收第三握手请求,第三握手请求包括第三证书、第三会话信息和目标域名;Step S310, receiving a third handshake request, where the third handshake request includes a third certificate, third session information and a target domain name;
步骤S320,在第三证书中的域名信息与第二服务器的第三域名匹配、对第三会话信息中的会话标识验证成功、且在第二服务器的存储器中未查找到与目标域名匹配的内容的情况下,生成第一握手请求,并发送第一握手请求至第一服务器,第一握手请求包括第一证书、第一会话信息和目标域名;以及Step S320, the domain name information in the third certificate matches the third domain name of the second server, the session ID verification in the third session information is successful, and no content matching the target domain name is found in the memory of the second server In the case of , generate a first handshake request, and send the first handshake request to the first server, where the first handshake request includes the first certificate, the first session information and the target domain name; and
步骤S330,接收来自第一服务器的响应内容。Step S330, receiving the response content from the first server.
在本实施例中,在与第二服务器完成TCP握手阶段的情况下,进行TLS握手阶段,第三握手请求为TLS握手阶段的握手请求(ClientHello),第三握手请求可以来自其他较低层级的服务器或客户端,在第三握手请求来自其他较低层级的服务器的情况下,第三握手请求包括第三证书、第三会话信息和目标域名,第三证书包括签名信息和域名信息,第三证书在TLS握手过程中用于进行签名认证和域名验证,域名信息为TLS阶段用于指示待访问服务器的标识信息,第三会话信息用于恢复会话,省略TLS握手阶段中协商加密密钥的过程,无需耗费时间重新进行一次完整的TLS握手操作,目标域名为在TLS握手阶段握手成功的情况下,在HTTP响应阶段中待访问站点的域名。In this embodiment, when the TCP handshake phase is completed with the second server, the TLS handshake phase is performed, the third handshake request is a handshake request (ClientHello) in the TLS handshake phase, and the third handshake request may come from other lower-level servers. The server or client, if the third handshake request comes from other lower-level servers, the third handshake request includes the third certificate, the third session information and the target domain name, the third certificate includes the signature information and the domain name information, the third The certificate is used for signature authentication and domain name verification in the TLS handshake process. The domain name information is the identification information of the server to be accessed in the TLS phase, and the third session information is used to resume the session. The process of negotiating the encryption key in the TLS handshake phase is omitted. , there is no need to spend time re-performing a complete TLS handshake operation. The target domain name is the domain name of the site to be accessed in the HTTP response phase if the handshake is successful in the TLS handshake phase.
在本实施例中,在第三证书中的域名信息与第二服务器的第三域名匹配、对第三会话信息中的会话标识验证成功的情况下,判定与第二服务器的TLS握手阶段握手成功,进入HTTP响应阶段,在第二服务器的存储器中未查找到与目标域名匹配的待访问站点的情况下,生成第一握手请求,第一握手请求用于在第二服务器与第一服务器完成TCP握手阶段的情况下,向第一服务器请求进行TLS握手阶段。In this embodiment, when the domain name information in the third certificate matches the third domain name of the second server, and the session identifier in the third session information is successfully verified, it is determined that the handshake with the second server in the TLS handshake phase is successful. , enter the HTTP response stage, in the case where the site to be visited that matches the target domain name is not found in the memory of the second server, generate a first handshake request, and the first handshake request is used to complete the TCP between the second server and the first server. In the case of the handshake phase, the first server is requested to perform the TLS handshake phase.
在本实施例中,在第一服务器与第二服务器完成HTTPS通信的情况下,第二服务器接收来自第一服务器的响应内容,响应内容为与目标域名匹配的待访问站点对应的内容。In this embodiment, when the first server and the second server complete HTTPS communication, the second server receives response content from the first server, where the response content is content corresponding to the site to be accessed that matches the target domain name.
在一个实施例中,响应内容为在第一证书中的域名信息与第一服务器的第一域名匹配、且对第一会话信息中的会话标识验证成功的情况下,在第一服务器的存储器上查找到的与目标域名匹配的内容。In one embodiment, the response content is that in the case that the domain name information in the first certificate matches the first domain name of the first server, and the verification of the session identifier in the first session information is successful, on the storage of the first server The content found that matches the target domain name.
在一实施方式中,响应内容为在第一服务器与第二服务器完成TLS握手阶段的情况下,将第一服务器的存储器中与目标域名匹配的待访问站点对应的内容作为响应内容,第一服务器返回该响应内容至第二服务器。In one embodiment, the response content is that when the first server and the second server complete the TLS handshake phase, the content corresponding to the site to be accessed that matches the target domain name in the memory of the first server is used as the response content, and the first server Return the response content to the second server.
在一个实施例中,响应内容为在第一证书中的域名信息与第一服务器 的第一域名匹配、对第一会话信息中的会话标识验证成功、且在第一服务器的存储器上未查找到的与目标域名匹配的内容的情况下,通过内容分发网络从源站服务器的存储器中查找到的与目标域名匹配的内容。In one embodiment, the response content is that the domain name information in the first certificate matches the first domain name of the first server, the session identifier in the first session information is successfully verified, and the memory of the first server is not found. In the case of the content matching the target domain name, the content matching the target domain name is found from the storage of the origin server through the content distribution network.
在一实施方式中,在第一证书中的域名信息与第一服务器的第一域名匹配、对第一会话信息中的会话标识验证成功的情况下,证明第一服务器与第二服务器TLS握手阶段握手成功,进入HTTP响应阶段,在第一服务器的存储器中查找与目标域名匹配的待访问站点,在第一服务器的存储器中未查找到与目标域名匹配的待访问站点的情况下,第一服务器继续向上层服务器请求与目标域名匹配的待访问站点,直到在上层服务器的存储器中查找到与目标域名匹配的待访问站点,将该待访问站点的内容作为第二内容,即第一服务器需要作为客户端与上层服务器进行HTTPS通信,第一服务器与上层服务器之间的通信参照第一服务器与第二服务器之间的通信模式。In one embodiment, in the case that the domain name information in the first certificate matches the first domain name of the first server, and the verification of the session identifier in the first session information is successful, it is proved that the first server and the second server are in the TLS handshake stage. The handshake is successful, the HTTP response stage is entered, and the site to be visited that matches the target domain name is searched in the memory of the first server. If the site to be visited that matches the target domain name is not found in the memory of the first server, the first server Continue to request the site to be visited that matches the target domain name to the upper-level server, until the storage of the upper-level server finds the site to be visited that matches the target domain name, and the content of the site to be visited is used as the second content, that is, the first server needs to be used as The client and the upper-layer server perform HTTPS communication, and the communication between the first server and the upper-layer server refers to the communication mode between the first server and the second server.
在除源站服务器的其他服务器上均无法查找到与目标域名匹配的待访问站点的情况下,从源站服务器的存储器中查找与目标域名匹配的待访问站点,将源站服务器的存储器中与目标域名匹配的待访问站点作为响应内容并返回。If the site to be accessed that matches the target domain name cannot be found on other servers except the origin server, the site to be accessed that matches the target domain name is searched from the storage of the origin server, and the storage of the origin server is matched with that of the destination domain name. The to-be-visited site matching the target domain name is returned as the response content.
在一个实施例中,图4为一个实施例中服务器的通信方法的流程示意图,参照图4,本实施例提供了服务器的通信方法,应用于客户端,包括:In one embodiment, FIG. 4 is a schematic flowchart of a communication method for a server in an embodiment. Referring to FIG. 4 , this embodiment provides a communication method for a server, which is applied to a client, including:
步骤S410,发送第四握手请求至第二服务器,第四握手请求包括目标域名、通信地址信息和第二会话信息;以及Step S410, sending a fourth handshake request to the second server, where the fourth handshake request includes the target domain name, communication address information and second session information; and
步骤S420,在通信地址信息中的域名信息与第二服务器的第二域名匹配、且对第二会话信息中的会话标识验证成功的情况下,接收来自第二服务器的响应内容,响应内容为与目标域名匹配的内容。Step S420, in the case that the domain name information in the communication address information matches the second domain name of the second server, and the verification of the session identifier in the second session information is successful, receive a response content from the second server, and the response content is the same as that of the second server. Content that matches the target domain name.
在本实施例中,第二服务器为CDN网络中最靠近用户侧的服务器,在客户端与第二服务器完成TCP握手阶段的情况下,客户端向第二服务器发送第四握手请求,进入TLS握手阶段,第四握手请求为TLS握手阶段的握手请求(ClientHello),第四握手请求包括目标域名、通信地址信息和第四会话信息,目标域名为在TLS握手阶段握手成功的情况下,在HTTP响应阶段中待访问站点的域名,通信地址信息包括域名信息,通信地址信息用于确定待访问服务器,第四会话信息用于恢复与第二服务器之间的上次会话记录,省略TLS握手阶段中协商加密密钥的过程,无需耗费时间重新进行一次完整的TLS握手操作,第四会话信息包括会话标识,会话标识为上次会话中的会话记录标识,会话标识包括会话票证和会话编码。In this embodiment, the second server is the server closest to the user side in the CDN network. When the client and the second server complete the TCP handshake phase, the client sends a fourth handshake request to the second server to enter the TLS handshake stage, the fourth handshake request is the handshake request (ClientHello) in the TLS handshake stage, the fourth handshake request includes the target domain name, the communication address information and the fourth session information, and the target domain name is the HTTP response when the handshake is successful in the TLS handshake stage. The domain name of the site to be accessed in the phase, the communication address information includes domain name information, the communication address information is used to determine the server to be accessed, and the fourth session information is used to restore the last session record with the second server, omitting the negotiation in the TLS handshake phase In the process of encrypting the key, it does not need to spend time to perform a complete TLS handshake operation again. The fourth session information includes a session identifier, which is the session record identifier in the previous session, and the session identifier includes a session ticket and a session code.
在本实施例中,通信地址信息中的域名信息与第二服务器的第二域名 匹配,即确定第二服务器为待访问服务器,对第二会话信息中的会话标识验证成功,即与第二服务器之间的会话恢复成功,客户端与第二服务器之间完成TLS握手,进入HTTP响应阶段,在第二服务器的存储器中查找与目标域名匹配的待访问站点,在第二服务器的存储器中无法查找到与目标域名匹配的待访问站点的情况下,在CDN内容按照逐渐靠近源站服务器的顺序逐层对服务器进行HTTPS通信,以查找与目标域名匹配的待访问站点对应的内容,直到查找到与目标域名匹配的内容,在CDN内部各层的服务器均无法查找到与目标域名匹配的内容的情况下,从源站服务器中查找与目标域名匹配的内容作为响应内容,响应内容再逐层通过服务器返回至客户端。In this embodiment, the domain name information in the communication address information matches the second domain name of the second server, that is, it is determined that the second server is the server to be accessed, and the session identifier in the second session information is successfully verified, that is, the second server is verified with the second server. The session between the two is successfully restored, the TLS handshake is completed between the client and the second server, and the HTTP response stage is entered, and the site to be visited that matches the target domain name is searched in the memory of the second server, but cannot be searched in the memory of the second server. In the case of the to-be-visited site that matches the target domain name, the CDN content performs HTTPS communication to the server layer by layer in the order of gradually approaching the origin server to find the content corresponding to the to-be-visited site that matches the target domain name, until it finds the content corresponding to the to-be-visited site that matches the target domain name. The content matching the target domain name, in the case that the servers at each layer in the CDN cannot find the content matching the target domain name, the content matching the target domain name is searched from the origin server as the response content, and the response content is passed through the server layer by layer. Return to the client.
图2至图4分别为不同实施例中服务器的通信方法的流程示意图。应该理解的是,虽然图2至图4的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,图2至图4中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些子步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。2 to 4 are schematic flowcharts of communication methods for servers in different embodiments, respectively. It should be understood that although the steps in the flowcharts of FIG. 2 to FIG. 4 are shown in sequence according to the arrows, these steps are not necessarily executed in the sequence shown by the arrows. Unless explicitly stated herein, the execution of these steps is not strictly limited to the order, and these steps may be performed in other orders. Moreover, at least a part of the steps in FIG. 2 to FIG. 4 may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily executed and completed at the same time, but may be executed at different times. These sub-steps or stages may be executed at different times. The order of execution of the stages is also not necessarily sequential, but may be performed alternately or alternately with other steps or sub-steps of other steps or at least a portion of a stage.
在一个实施例中,图5为一个实施例中服务器的通信装置的结构框图,如图5所示,提供了服务器的通信装置,包括:In one embodiment, FIG. 5 is a structural block diagram of a communication apparatus of a server in an embodiment. As shown in FIG. 5, a communication apparatus of a server is provided, including:
第一握手请求接收模块510,设置为接收第一握手请求,第一握手请求包括第一证书、第一会话信息和目标域名;以及a first handshake request receiving module 510, configured to receive a first handshake request, where the first handshake request includes the first certificate, the first session information and the target domain name; and
握手响应模块520,设置为在第一证书中的域名信息与第一服务器的第一域名匹配、且对第一会话信息中的会话标识验证成功的情况下,对第一握手请求进行响应,其中,内容分发网络中所有服务器的域名相同。The handshake response module 520 is configured to respond to the first handshake request when the domain name information in the first certificate matches the first domain name of the first server and the session identifier in the first session information is successfully verified, wherein , all servers in the content delivery network have the same domain name.
在一个实施例中,域名信息包括第二域名,握手响应模块520包括:In one embodiment, the domain name information includes the second domain name, and the handshake response module 520 includes:
域名获取单元,设置为从第一证书中解析出第二域名,并获取为第一服务器配置的第一域名;以及a domain name obtaining unit, configured to resolve the second domain name from the first certificate, and obtain the first domain name configured for the first server; and
域名匹配单元,设置为在第二域名与第一域名相同的情况下,确定域名信息与第一域名匹配。The domain name matching unit is configured to determine that the domain name information matches the first domain name when the second domain name is the same as the first domain name.
在一个实施例中,装置还包括:In one embodiment, the apparatus further includes:
配置指令接收模块,设置为接收到配置指令,其中,配置指令是发送给内容分发网络中所有服务器的指令;以及a configuration instruction receiving module configured to receive a configuration instruction, wherein the configuration instruction is an instruction sent to all servers in the content distribution network; and
配置指令执行模块,设置为按照配置指令的指示将第一服务器的域名 配置为第一域名。The configuration instruction execution module is configured to configure the domain name of the first server as the first domain name according to the instruction of the configuration instruction.
在一个实施例中,握手响应模块520还包括:In one embodiment, the handshake response module 520 further includes:
第一内容返回单元,设置为在第一服务器的存储器上查找到与目标域名匹配的第一内容的情况下,返回第一内容;以及a first content returning unit, configured to return the first content when the first content matching the target domain name is found on the memory of the first server; and
第二内容返回单元,设置为在第一服务器的存储器上未查找到与目标域名匹配的第一内容的情况下,返回第二内容,其中,第二内容为内容分发网络从源站服务器的存储器中查找到的与目标域名匹配的内容。The second content returning unit is configured to return the second content when the first content matching the target domain name is not found on the storage of the first server, wherein the second content is the storage of the source server from the content distribution network Matches to the target domain name found in .
在一个实施例中,握手响应模块520还包括:In one embodiment, the handshake response module 520 further includes:
握手请求生成单元,设置为生成第二握手请求,其中,第二握手请求包括第二证书、第二会话信息和目标域名;a handshake request generating unit, configured to generate a second handshake request, wherein the second handshake request includes the second certificate, the second session information and the target domain name;
握手请求发送单元,设置为发送第二握手请求至源站服务器;以及a handshake request sending unit, configured to send a second handshake request to the origin server; and
第二内容接收单元,设置为接收来自源站服务器反馈的第二内容,第二内容为在第二证书中的域名信息解析后的逻辑地址与源站服务器中的逻辑地址匹配、且源站服务器对第二会话信息验证成功的情况下,在源站服务器的存储器中查找到的与目标域名相匹配的内容。The second content receiving unit is configured to receive the second content fed back from the origin server, where the second content is that the parsed logical address of the domain name information in the second certificate matches the logical address in the origin server, and the origin server If the verification of the second session information is successful, the content matching the target domain name is found in the storage of the origin server.
在一个实施例中,会话标识包括会话票证和会话编码,握手响应模块520还包括:In one embodiment, the session identifier includes a session ticket and a session code, and the handshake response module 520 further includes:
第一验证单元,设置为在第一服务器对会话标识的会话票证验证成功、或会话标识的会话编码与第一服务器中的编码会话标识匹配的情况下,对第一会话信息中的会话标识验证成功。The first verification unit is configured to verify the session identifier in the first session information when the first server successfully verifies the session ticket of the session identifier, or the session code of the session identifier matches the encoded session identifier in the first server. success.
在一个实施例中,握手响应模块520还包括:In one embodiment, the handshake response module 520 further includes:
优先验证单元,设置为在所述第一服务器对所述会话标识的会话票证验证成功的情况下,对所述第一会话信息中的会话标识验证成功;A priority verification unit, configured to successfully verify the session identifier in the first session information when the first server successfully verifies the session ticket of the session identifier;
第二验证单元,设置为在第一服务器对会话标识的会话票证验证失败的情况下,验证会话标识的会话编码与第一服务器中的会话编码是否匹配;以及a second verification unit, configured to verify whether the session code of the session identifier matches the session code in the first server when the first server fails to verify the session ticket of the session identifier; and
会话验证成功单元,设置为在会话标识的会话编码与第一服务器中的会话编码匹配的情况下,对第一会话信息中的会话标识验证成功。The session verification success unit is configured to successfully verify the session identifier in the first session information when the session code of the session identifier matches the session code in the first server.
在一个实施例中,图6为一个实施例中服务器的通信装置的结构框图,参照图6,本实施例提供了服务器的通信装置,装置包括:In one embodiment, FIG. 6 is a structural block diagram of a communication apparatus of a server in an embodiment. Referring to FIG. 6 , this embodiment provides a communication apparatus of a server, and the apparatus includes:
第三握手请求接收模块610,设置为接收第三握手请求,第三握手请求包括第三证书、第三会话信息和目标域名;The third handshake request receiving module 610 is configured to receive a third handshake request, where the third handshake request includes a third certificate, third session information and a target domain name;
第一握手请求发送模块620,设置为在第三证书中的域名信息与第二服务器的第三域名匹配、对第三会话信息中的会话标识验证成功、且在第二服务器的存储器中未查找到与目标域名匹配的内容的情况下,生成第一握 手请求,并发送第一握手请求至第一服务器,第一握手请求包括第一证书、第一会话信息和目标域名;以及The first handshake request sending module 620 is configured to match the domain name information in the third certificate with the third domain name of the second server, successfully verify the session identifier in the third session information, and not search the memory of the second server. In the case of content matching the target domain name, generate a first handshake request, and send the first handshake request to the first server, where the first handshake request includes the first certificate, the first session information and the target domain name; and
第一响应内容接收模块630,设置为接收来自第一服务器的响应内容。The first response content receiving module 630 is configured to receive the response content from the first server.
在一个实施例中,响应内容为在第一证书中的域名信息与第一服务器的第一域名匹配、且对第一会话信息中的会话标识验证成功的情况下,在第一服务器的存储器上查找到的与目标域名匹配的内容。In one embodiment, the response content is that in the case that the domain name information in the first certificate matches the first domain name of the first server, and the verification of the session identifier in the first session information is successful, on the storage of the first server The content found that matches the target domain name.
在一个实施例中,响应内容为在第一证书中的域名信息与第一服务器的第一域名匹配、对第一会话信息中的会话标识验证成功、且在第一服务器的存储器上未查找到的与目标域名匹配的内容的情况下,通过内容分发网络从源站服务器的存储器中查找到与目标域名匹配的内容。In one embodiment, the response content is that the domain name information in the first certificate matches the first domain name of the first server, the session identifier in the first session information is successfully verified, and the memory of the first server is not found. In the case of the content matching the target domain name, the content matching the target domain name is searched from the storage of the origin server through the content distribution network.
在一个实施例中,图7为一个实施例中服务器的通信装置的结构框图,参照图7,本实施例提供了服务器的通信装置,装置包括:In one embodiment, FIG. 7 is a structural block diagram of a communication apparatus of a server in an embodiment. Referring to FIG. 7 , this embodiment provides a communication apparatus of a server, and the apparatus includes:
第三握手请求发送模块710,设置为发送第四握手请求至第二服务器,第四握手请求包括目标域名、通信地址信息和第二会话信息;以及The third handshake request sending module 710 is configured to send a fourth handshake request to the second server, where the fourth handshake request includes the target domain name, the communication address information and the second session information; and
第二响应内容接收模块720,设置为在通信地址信息中的域名信息与第二服务器的第二域名匹配、且对第二会话信息中的会话标识验证成功的情况下,接收来自第二服务器的响应内容,响应内容为与目标域名匹配的内容。The second response content receiving module 720 is configured to receive a message from the second server when the domain name information in the communication address information matches the second domain name of the second server and the session identifier in the second session information is successfully verified. Response content, the response content is the content matching the target domain name.
图8示出了一个实施例中计算机设备的内部结构图。该计算机设备可以是图1中的客户端110(或内容分发网络120中的服务器)。如图8所示,该计算机设备包括该计算机设备包括通过系统总线连接的处理器、存储器、网络接口、输入装置和显示屏。其中,存储器包括非易失性存储介质和内存储器。该计算机设备的非易失性存储介质存储有操作系统,还可存储有计算机程序,该计算机程序被处理器执行时,可使得处理器实现服务器的通信方法。该内存储器中也可储存有计算机程序,该计算机程序被处理器执行时,可使得处理器执行服务器的通信方法。计算机设备的显示屏可以是液晶显示屏或者电子墨水显示屏,计算机设备的输入装置可以是显示屏上覆盖的触摸层,也可以是计算机设备外壳上设置的按键、轨迹球或触控板,还可以是外接的键盘、触控板或鼠标等。Figure 8 shows an internal structure diagram of a computer device in one embodiment. The computer device may be the client 110 in FIG. 1 (or a server in the content distribution network 120). As shown in FIG. 8, the computer device includes a processor, a memory, a network interface, an input device, and a display screen connected through a system bus. Wherein, the memory includes a non-volatile storage medium and an internal memory. The non-volatile storage medium of the computer device stores an operating system, and also stores a computer program, which, when executed by the processor, enables the processor to implement the communication method of the server. A computer program may also be stored in the internal memory, and when the computer program is executed by the processor, the processor may execute the communication method of the server. The display screen of the computer equipment may be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment may be a touch layer covered on the display screen, or a button, a trackball or a touchpad set on the shell of the computer equipment, or It can be an external keyboard, trackpad or mouse, etc.
本领域技术人员可以理解,图8中示出的结构,仅仅是与本公开方案相关的部分结构的框图,并不构成对本公开方案所应用于其上的计算机设备的限定,计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Those skilled in the art can understand that the structure shown in FIG. 8 is only a block diagram of a part of the structure related to the solution of the present disclosure, and does not constitute a limitation on the computer equipment to which the solution of the present disclosure is applied. More or fewer components are shown in the figures, either in combination or with different arrangements of components.
在一个实施例中,本公开提供的服务器的通信装置可以实现为计算机程序的形式,计算机程序可在如图8所示的计算机设备上运行。计算机设 备的存储器中可存储组成该服务器的通信装置的各个程序模块,比如,图5所示的第一握手请求接收模块510和握手响应模块520。各个程序模块构成的计算机程序使得处理器执行本说明书中描述的本公开各个实施例的服务器的通信方法中的步骤。In one embodiment, the communication apparatus of the server provided by the present disclosure may be implemented in the form of a computer program, and the computer program may be executed on a computer device as shown in FIG. 8 . The memory of the computer device may store various program modules constituting the communication device of the server, for example, the first handshake request receiving module 510 and the handshake response module 520 shown in FIG. 5 . The computer program constituted by each program module causes the processor to execute the steps in the communication method of the server according to the various embodiments of the present disclosure described in this specification.
图8所示的计算机设备可以通过如图5所示的服务器的通信装置中的第一握手请求接收模块510执行接收第一握手请求,第一握手请求包括第一证书、第一会话信息和目标域名。计算机设备可通过握手响应模块520执行在第一证书中的域名信息与第一服务器的第一域名匹配、且对第一会话信息中的会话标识验证成功的情况下,对第一握手请求进行响应,其中,内容分发网络中所有服务器的域名相同。The computer device shown in FIG. 8 may receive the first handshake request through the first handshake request receiving module 510 in the communication apparatus of the server as shown in FIG. 5 , where the first handshake request includes the first certificate, the first session information and the target domain name. The computer device may respond to the first handshake request through the handshake response module 520 when the domain name information in the first certificate matches the first domain name of the first server and the session identifier in the first session information is successfully verified. , where all servers in the content distribution network have the same domain name.
在一个实施例中,提供了计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现以下步骤:接收第一握手请求,第一握手请求包括第一证书、第一会话信息和目标域名;在第一证书中的域名信息与第一服务器的第一域名匹配、且对第一会话信息中的会话标识验证成功的情况下,对第一握手请求进行响应,其中,内容分发网络中所有服务器的域名相同。In one embodiment, a computer device is provided, including a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the computer program, the following steps are implemented: receiving a first handshake request, first The handshake request includes the first certificate, the first session information and the target domain name; in the case that the domain name information in the first certificate matches the first domain name of the first server and the session identifier in the first session information is successfully verified, the The first handshake request is responded, wherein the domain names of all servers in the content distribution network are the same.
在一个实施例中,处理器执行计算机程序时还实现以下步骤:从第一证书中解析出第二域名,并获取为第一服务器配置的第一域名;在第二域名与第一域名相同的情况下,确定域名信息与第一域名匹配。In one embodiment, the processor further implements the following steps when executing the computer program: parsing the second domain name from the first certificate, and obtaining the first domain name configured for the first server; In this case, it is determined that the domain name information matches the first domain name.
在一个实施例中,处理器执行计算机程序时还实现以下步骤:接收到配置指令,其中,配置指令是发送给内容分发网络中所有服务器的指令;按照配置指令的指示将第一服务器的域名配置为第一域名。In one embodiment, the processor further implements the following steps when executing the computer program: receiving a configuration instruction, wherein the configuration instruction is an instruction sent to all servers in the content distribution network; configuring the domain name of the first server according to the instruction of the configuration instruction for the first domain name.
在一个实施例中,处理器执行计算机程序时还实现以下步骤:在第一服务器的存储器上查找到与目标域名匹配的第一内容的情况下,返回第一内容;在第一服务器的存储器上未查找到与目标域名匹配的第一内容的情况下,返回第二内容,其中,第二内容为内容分发网络从源站服务器的存储器中查找到的与目标域名匹配的内容。In one embodiment, when the processor executes the computer program, the processor further implements the following steps: if the first content matching the target domain name is found on the memory of the first server, returning the first content; on the memory of the first server, the first content is returned; If the first content matching the target domain name is not found, return the second content, where the second content is the content matching the target domain name found by the content distribution network from the storage of the origin server.
在一个实施例中,处理器执行计算机程序时还实现以下步骤:生成第二握手请求,其中,第二握手请求包括第二证书、第二会话信息和目标域名;发送第二握手请求至源站服务器;接收来自源站服务器反馈的第二内容,第二内容为在第二证书中的域名信息解析后的逻辑地址与源站服务器中的逻辑地址匹配、且源站服务器对第二会话信息验证成功的情况下,在源站服务器的存储器中查找到的与目标域名相匹配的内容。In one embodiment, the processor further implements the following steps when executing the computer program: generating a second handshake request, wherein the second handshake request includes the second certificate, the second session information and the target domain name; sending the second handshake request to the source station The server; receives the second content fed back from the origin server, where the second content is that the parsed logical address of the domain name information in the second certificate matches the logical address in the origin server, and the origin server verifies the second session information In the case of success, the content found in the origin server's storage that matches the target domain name.
在一个实施例中,处理器执行计算机程序时还实现以下步骤:在第一服务器对会话标识的会话票证验证成功、或会话标识的会话编码与第一服 务器中的编码会话标识匹配的情况下,对第一会话信息中的会话标识验证成功。In one embodiment, the processor further implements the following steps when executing the computer program: in the case that the first server successfully validates the session ticket of the session identifier, or the session code of the session identifier matches the encoded session identifier in the first server, The verification of the session identifier in the first session information is successful.
在一个实施例中,处理器执行计算机程序时还实现以下步骤:在所述第一服务器对所述会话标识的会话票证验证成功的情况下,对所述第一会话信息中的会话标识验证成功;在第一服务器对会话标识的会话票证验证失败的情况下,验证会话标识的会话编码与第一服务器中的会话编码是否匹配;在会话标识的会话编码与第一服务器中的会话编码匹配的情况下,对第一会话信息中的会话标识验证成功。In one embodiment, the processor further implements the following steps when executing the computer program: in the case that the first server successfully verifies the session ticket of the session identifier, verifying the session identifier in the first session information succeeds In the case that the first server fails to verify the session ticket of the session identification, verify whether the session encoding of the session identification matches the session encoding in the first server; the session encoding in the session identification matches the session encoding in the first server. In this case, the verification of the session identifier in the first session information is successful.
在一个实施例中,处理器执行计算机程序时还实现以下步骤:接收第三握手请求,第三握手请求包括第三证书、第三会话信息和目标域名;在第三证书中的域名信息与第二服务器的第三域名匹配、对第三会话信息中的会话标识验证成功、且在第二服务器的存储器中未查找到与目标域名匹配的内容的情况下,生成第一握手请求,并发送第一握手请求至第一服务器,第一握手请求包括第一证书、第一会话信息和目标域名;接收来自第一服务器的响应内容。In one embodiment, the processor further implements the following steps when executing the computer program: receiving a third handshake request, where the third handshake request includes the third certificate, the third session information and the target domain name; the domain name information in the third certificate and the third When the third domain name of the second server matches, the session identifier in the third session information is successfully verified, and no content matching the target domain name is found in the memory of the second server, a first handshake request is generated, and a second handshake request is sent. A handshake request is sent to the first server, and the first handshake request includes the first certificate, the first session information and the target domain name; and the response content from the first server is received.
在一个实施例中,处理器执行计算机程序时还实现以下步骤:发送第四握手请求至第二服务器,第四握手请求包括目标域名、通信地址信息和第二会话信息;在通信地址信息中的域名信息与第二服务器的第二域名匹配、且对第二会话信息中的会话标识验证成功的情况下,接收来自第二服务器的响应内容,响应内容为与目标域名匹配的内容。In one embodiment, the processor further implements the following steps when executing the computer program: sending a fourth handshake request to the second server, where the fourth handshake request includes the target domain name, communication address information and second session information; When the domain name information matches the second domain name of the second server and the session identifier in the second session information is successfully verified, a response content from the second server is received, and the response content is content matching the target domain name.
在一个实施例中,提供了计算机可读存储介质,其上存储有计算机程序,计算机程序被处理器执行时实现以下步骤:接收第一握手请求,第一握手请求包括第一证书、第一会话信息和目标域名;在第一证书中的域名信息与第一服务器的第一域名匹配、且对第一会话信息中的会话标识验证成功的情况下,对第一握手请求进行响应,其中,内容分发网络中所有服务器的域名相同。In one embodiment, a computer-readable storage medium is provided, a computer program is stored thereon, and when the computer program is executed by the processor, the following steps are implemented: receiving a first handshake request, where the first handshake request includes a first certificate, a first session information and the target domain name; in the case that the domain name information in the first certificate matches the first domain name of the first server, and the session identifier in the first session information is successfully verified, respond to the first handshake request, wherein the content All servers in the distribution network have the same domain name.
在一个实施例中,计算机程序被处理器执行时还实现以下步骤:从第一证书中解析出第二域名,并获取为第一服务器配置的第一域名;在第二域名与第一域名相同的情况下,确定域名信息与第一域名匹配。In one embodiment, when the computer program is executed by the processor, the following steps are further implemented: parsing the second domain name from the first certificate, and obtaining the first domain name configured for the first server; when the second domain name is the same as the first domain name In the case of , it is determined that the domain name information matches the first domain name.
在一个实施例中,计算机程序被处理器执行时还实现以下步骤:接收到配置指令,其中,配置指令是发送给内容分发网络中所有服务器的指令;按照配置指令的指示将第一服务器的域名配置为第一域名。In one embodiment, when the computer program is executed by the processor, the following steps are further implemented: receiving a configuration instruction, wherein the configuration instruction is an instruction sent to all servers in the content distribution network; Configured as the first domain name.
在一个实施例中,计算机程序被处理器执行时还实现以下步骤:在第一服务器的存储器上查找到与目标域名匹配的第一内容的情况下,返回第一内容;在第一服务器的存储器上未查找到与目标域名匹配的第一内容的 情况下,返回第二内容,其中,第二内容为内容分发网络从源站服务器的存储器中查找到的与目标域名匹配的内容。In one embodiment, when the computer program is executed by the processor, the following steps are further implemented: if the first content matching the target domain name is found in the memory of the first server, returning the first content; in the memory of the first server, the first content is returned; If the first content matching the target domain name is not found on the Internet, the second content is returned, where the second content is the content matching the target domain name found by the content distribution network from the storage of the origin server.
在一个实施例中,计算机程序被处理器执行时还实现以下步骤:生成第二握手请求,其中,第二握手请求包括第二证书、第二会话信息和目标域名;发送第二握手请求至源站服务器;接收来自源站服务器反馈的第二内容,第二内容为在第二证书中的域名信息解析后的逻辑地址与源站服务器中的逻辑地址匹配、且源站服务器对第二会话信息验证成功的情况下,在源站服务器的存储器中查找到的与目标域名相匹配的内容。In one embodiment, the computer program further implements the following steps when executed by the processor: generating a second handshake request, wherein the second handshake request includes the second certificate, the second session information and the target domain name; sending the second handshake request to the source site server; receive the second content fed back from the origin site server, where the second content is that the logical address parsed from the domain name information in the second certificate matches the logical address in the origin site server, and the origin site server responds to the second session information If the verification is successful, the content found in the storage of the origin server that matches the target domain name.
在一个实施例中,计算机程序被处理器执行时还实现以下步骤:在第一服务器对会话标识的会话票证验证成功、或会话标识的会话编码与第一服务器中的编码会话标识匹配的情况下,对第一会话信息中的会话标识验证成功。In one embodiment, the computer program further implements the following steps when executed by the processor: when the first server successfully validates the session ticket of the session ID, or the session code of the session ID matches the encoded session ID in the first server , the verification of the session identifier in the first session information is successful.
在一个实施例中,计算机程序被处理器执行时还实现以下步骤:在所述第一服务器对所述会话标识的会话票证验证成功的情况下,对所述第一会话信息中的会话标识验证成功;在第一服务器对会话标识的会话票证验证失败的情况下,验证会话标识的会话编码与第一服务器中的会话编码是否匹配;在会话标识的会话编码与第一服务器中的会话编码匹配的情况下,对第一会话信息中的会话标识验证成功。In one embodiment, when the computer program is executed by the processor, the following steps are further implemented: in the case that the first server successfully verifies the session ticket of the session identifier, verifying the session identifier in the first session information success; in the case that the first server fails to verify the session ticket of the session identification, verify whether the session encoding of the session identification matches the session encoding in the first server; the session encoding of the session identification matches the session encoding in the first server In the case of , the verification of the session identifier in the first session information is successful.
在一个实施例中,计算机程序被处理器执行时还实现以下步骤:接收第三握手请求,第三握手请求包括第三证书、第三会话信息和目标域名;在第三证书中的域名信息与第二服务器的第三域名匹配、对第三会话信息中的会话标识验证成功、且在第二服务器的存储器中未查找到与目标域名匹配的内容的情况下,生成第一握手请求,并发送第一握手请求至第一服务器,第一握手请求包括第一证书、第一会话信息和目标域名;接收来自第一服务器的响应内容。In one embodiment, when the computer program is executed by the processor, the following steps are further implemented: receiving a third handshake request, where the third handshake request includes the third certificate, the third session information and the target domain name; the domain name information in the third certificate is the same as the When the third domain name of the second server matches, the session identifier in the third session information is successfully verified, and no content matching the target domain name is found in the memory of the second server, a first handshake request is generated and sent The first handshake request is sent to the first server, and the first handshake request includes the first certificate, the first session information and the target domain name; the response content from the first server is received.
在一个实施例中,计算机程序被处理器执行时还实现以下步骤:发送第四握手请求至第二服务器,第四握手请求包括目标域名、通信地址信息和第二会话信息;在通信地址信息中的域名信息与第二服务器的第二域名匹配、且对第二会话信息中的会话标识验证成功的情况下,接收来自第二服务器的响应内容,响应内容为与目标域名匹配的内容。In one embodiment, the computer program further implements the following steps when executed by the processor: sending a fourth handshake request to the second server, where the fourth handshake request includes the target domain name, the communication address information and the second session information; in the communication address information When the domain name information of the second server matches the second domain name of the second server, and the session identifier in the second session information is successfully verified, the response content from the second server is received, and the response content is the content matching the target domain name.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指示相关的硬件来完成,所述的程序可存储于一非易失性计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,本公开所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用,均可包括非易失性和/或易失 性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing relevant hardware through a computer program, and the program can be stored in a non-volatile computer-readable storage medium , when the program is executed, it may include the flow of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database, or other medium used in the various embodiments provided in this disclosure may include non-volatile and/or volatile memory. Nonvolatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in various forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Road (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
需要说明的是,在本文中,诸如“第一”和“第二”等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that, in this document, relational terms such as "first" and "second" etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply these There is no such actual relationship or sequence between entities or operations. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device that includes a list of elements includes not only those elements, but also includes not explicitly listed or other elements inherent to such a process, method, article or apparatus. Without further limitation, an element qualified by the phrase "comprising a..." does not preclude the presence of additional identical elements in a process, method, article or apparatus that includes the element.
以上所述仅是本公开的具体实施方式,使本领域技术人员能够理解或实现本公开。对这些实施例的多种修改对本领域的技术人员来说将是显而易见的,本文中所定义的一般原理可以在不脱离本公开的精神或范围的情况下,在其它实施例中实现。因此,本公开将不会被限制于本文所示的这些实施例,而是要符合与本文所公开的原理和新颖特点相匹配的最宽的范围。The above descriptions are only specific embodiments of the present disclosure, so that those skilled in the art can understand or implement the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the present disclosure. Therefore, the present disclosure is not to be limited to the embodiments shown herein, but is to be accorded the widest scope commensurate with the principles and novel features disclosed herein.
工业实用性Industrial Applicability
本公开提供了服务器的通信方法、装置、计算机设备和存储介质,所述方法包括:接收第一握手请求,所述第一握手请求包括第一证书、第一会话信息和目标域名;在所述第一证书中的域名信息与所述第一服务器的第一域名匹配、且对所述第一会话信息中的会话标识验证成功的情况下,对所述第一握手请求进行响应,其中,所述内容分发网络中所有服务器的域名相同。通过证书中的域名信息、会话信息与其他服务器或客户端进行握手,由于不同的客户在进行TLS/SSL握手时采用不同的域名,在握手过程容易导致CDN内部CPU消耗过高,将内容分发网络中所有服务器的域名配置为相同的域名,简短了内容分发网络中各个服务器之间的握手,从而降低了CDN内部CPU消耗。The present disclosure provides a communication method, apparatus, computer device and storage medium for a server, the method includes: receiving a first handshake request, where the first handshake request includes a first certificate, first session information and a target domain name; In the case that the domain name information in the first certificate matches the first domain name of the first server, and the verification of the session identifier in the first session information is successful, respond to the first handshake request, wherein the All servers in the content delivery network have the same domain name. Handshake with other servers or clients through the domain name information and session information in the certificate. Since different clients use different domain names in the TLS/SSL handshake process, it is easy to cause excessive CPU consumption in the CDN during the handshake process. The domain names of all servers in the CDN are configured with the same domain name, which shortens the handshake between each server in the content distribution network, thereby reducing the internal CPU consumption of the CDN.

Claims (22)

  1. 服务器的通信方法,应用于第一服务器,所述第一服务器为内容分发网络中的服务器,包括:The communication method of the server is applied to a first server, where the first server is a server in a content distribution network, including:
    接收第一握手请求,所述第一握手请求包括第一证书和第一会话信息;以及receiving a first handshake request, the first handshake request including a first certificate and first session information; and
    在所述第一证书中的域名信息与所述第一服务器的第一域名匹配、且对所述第一会话信息中的会话标识验证成功的情况下,对所述第一握手请求进行响应,其中,所述内容分发网络中所有服务器的域名相同。In the case that the domain name information in the first certificate matches the first domain name of the first server and the session identifier in the first session information is successfully verified, responding to the first handshake request, Wherein, the domain names of all servers in the content distribution network are the same.
  2. 如权利要求1所述的方法,其中,所述域名信息包括第二域名,确定所述域名信息与所述第一服务器的第一域名匹配包括:The method of claim 1, wherein the domain name information includes a second domain name, and determining that the domain name information matches the first domain name of the first server comprises:
    从所述第一证书中解析出所述第二域名,并获取为所述第一服务器配置的所述第一域名;以及Parse the second domain name from the first certificate, and obtain the first domain name configured for the first server; and
    在所述第二域名与所述第一域名相同的情况下,确定所述域名信息与所述第一域名匹配。In the case that the second domain name is the same as the first domain name, it is determined that the domain name information matches the first domain name.
  3. 如权利要求1或2所述的方法,其中,所述接收第一握手请求之前,所述方法还包括:The method according to claim 1 or 2, wherein before the receiving the first handshake request, the method further comprises:
    接收到配置指令,其中,所述配置指令是发送给所述内容分发网络中所有服务器的指令;以及receiving configuration instructions, wherein the configuration instructions are instructions sent to all servers in the content distribution network; and
    按照所述配置指令的指示将所述第一服务器的域名配置为所述第一域名。Configure the domain name of the first server as the first domain name according to the instruction of the configuration instruction.
  4. 如权利要求1至3中任一权利要求所述的方法,其中,所述第一握手请求还包括目标域名,对所述第一握手请求进行响应包括:The method according to any one of claims 1 to 3, wherein the first handshake request further includes a target domain name, and responding to the first handshake request includes:
    在所述第一服务器的存储器上查找到与所述目标域名匹配的第一内容的情况下,返回所述第一内容;以及Returning the first content if the first content matching the target domain name is found on the memory of the first server; and
    在所述第一服务器的存储器上未查找到与所述目标域名匹配的第一内容的情况下,返回第二内容,其中,所述第二内容为所述内容分发网络从源站服务器的存储器中查找到的与所述目标域名匹配的内容。In the case where the first content matching the target domain name is not found on the storage of the first server, return the second content, where the second content is the storage of the source server from the content distribution network The content that matches the target domain name found in .
  5. 如权利要求4所述的方法,其中,在所述返回第二内容之前,所述方法还包括:The method of claim 4, wherein before the returning the second content, the method further comprises:
    生成第二握手请求,其中,所述第二握手请求包括第二证书、第二会话信息和目标域名;generating a second handshake request, wherein the second handshake request includes the second certificate, the second session information and the target domain name;
    发送所述第二握手请求至所述源站服务器;以及sending the second handshake request to the origin server; and
    接收来自所述源站服务器反馈的所述第二内容,所述第二内容为在所述第二证书中的域名信息解析后的逻辑地址与所述源站服务器中的逻辑地址匹配、且所述源站服务器对所述第二会话信息验证成功的情况下,在所述源站服务器的存储器中查找到的与所述目标域名相匹配的内容。Receive the second content fed back from the origin server, where the second content is that the logical address parsed from the domain name information in the second certificate matches the logical address in the origin server, and all When the source site server successfully verifies the second session information, the content that matches the target domain name is found in the memory of the origin site server.
  6. 如权利要求1至5中任一权利要求所述的方法,其中,所述会话标识包括会话票证和会话编码,所述对所述第一会话信息中的会话标识验证成功,包括:The method according to any one of claims 1 to 5, wherein the session identifier includes a session ticket and a session code, and the successful verification of the session identifier in the first session information includes:
    在所述第一服务器对所述会话标识的会话票证验证成功、或所述会话标识的会话编码与所述第一服务器中的编码会话标识匹配的情况下,对所述第一会话信息中的会话标识验证成功。In the case that the session ticket of the session identifier is successfully verified by the first server, or the session code of the session identifier matches the encoded session identifier in the first server, the first session information Session ID verification succeeded.
  7. 如权利要求1至5中任一权利要求所述的方法,其中,所述会话标识包括会话票证和会话编码,所述对所述第一会话信息中的会话标识验证成功,包括:The method according to any one of claims 1 to 5, wherein the session identifier includes a session ticket and a session code, and the successful verification of the session identifier in the first session information includes:
    在所述第一服务器对所述会话标识的会话票证验证成功的情况下,对所述第一会话信息中的会话标识验证成功;以及If the session ticket of the session identifier is successfully verified by the first server, the session identifier in the first session information is verified successfully; and
    在所述第一服务器对所述会话标识的会话票证验证失败的情况下,验证所述会话标识的会话编码与所述第一服务器中的会话编码是否匹配,In the case that the first server fails to verify the session ticket of the session identifier, verifying whether the session encoding of the session identifier matches the session encoding in the first server,
    在所述会话标识的会话编码与所述第一服务器中的会话编码匹配的情况下,对所述第一会话信息中的会话标识验证成功。In the case that the session code of the session identifier matches the session code in the first server, the verification of the session identifier in the first session information is successful.
  8. 服务器的通信方法,应用于第二服务器,所述第二服务器为内容分发网络中的服务器,所述方法包括:The communication method of the server is applied to a second server, where the second server is a server in a content distribution network, and the method includes:
    接收第三握手请求,所述第三握手请求包括第三证书、第三会话信息和目标域名;receiving a third handshake request, where the third handshake request includes a third certificate, third session information, and a target domain name;
    在所述第三证书中的域名信息与所述第二服务器的第三域名匹配、对所述第三会话信息中的会话标识验证成功、且在所述第二服务器的存储器中未查找到与所述目标域名匹配的内容的情况下,生成第一握手请求,并发送所述第一握手请求至第一服务器,所述第一握手请求包括第一证书、第一会话信息和所述目标域名;以及The domain name information in the third certificate matches the third domain name of the second server, the session identification in the third session information is successfully verified, and no match is found in the memory of the second server. If the content of the target domain name matches, generate a first handshake request, and send the first handshake request to the first server, where the first handshake request includes the first certificate, the first session information and the target domain name ;as well as
    接收来自所述第一服务器的响应内容。A response content from the first server is received.
  9. 如权利要求8所述的方法,其中,所述响应内容为在所述第一证书 中的域名信息与所述第一服务器的第一域名匹配、且对所述第一会话信息中的会话标识验证成功的情况下,在所述第一服务器的存储器上查找到的与所述目标域名匹配的内容。The method of claim 8, wherein the response content is that the domain name information in the first certificate matches the first domain name of the first server, and the session identifier in the first session information is matched If the verification is successful, the content matching the target domain name is found on the memory of the first server.
  10. 如权利要求8所述的方法,其中,所述响应内容为在所述第一证书中的域名信息与所述第一服务器的第一域名匹配、对所述第一会话信息中的会话标识验证成功、且在所述第一服务器的存储器上未查找到的与所述目标域名匹配的内容的情况下,通过所述内容分发网络从源站服务器的存储器中查找到与所述目标域名匹配的内容。The method according to claim 8, wherein the response content is that the domain name information in the first certificate matches the first domain name of the first server, and the session identifier in the first session information is verified. If the content matching the target domain name is not found in the storage of the first server, the content matching the target domain name is found from the storage of the origin server through the content distribution network. content.
  11. 服务器的通信方法,应用于客户端,包括:The communication method of the server, applied to the client, including:
    发送第四握手请求至第二服务器,所述第四握手请求包括目标域名、通信地址信息和第二会话信息;以及sending a fourth handshake request to the second server, the fourth handshake request including the target domain name, communication address information and second session information; and
    在所述通信地址信息中的域名信息与所述第二服务器的第二域名匹配、且对所述第二会话信息中的会话标识验证成功的情况下,接收来自所述第二服务器的响应内容,所述响应内容为与所述目标域名匹配的内容。In the case that the domain name information in the communication address information matches the second domain name of the second server, and the verification of the session identifier in the second session information is successful, receive the response content from the second server , and the response content is content matching the target domain name.
  12. 服务器的通信装置,应用于第一服务器,所述第一服务器为内容分发网络中的服务器,所述装置包括:The communication device of a server is applied to a first server, where the first server is a server in a content distribution network, and the device includes:
    第一握手请求接收模块,设置为接收第一握手请求,所述第一握手请求包括第一证书、第一会话信息和目标域名;以及a first handshake request receiving module configured to receive a first handshake request, where the first handshake request includes a first certificate, first session information and a target domain name; and
    握手响应模块,设置为在所述第一证书中的域名信息与所述第一服务器的第一域名匹配、且对所述第一会话信息中的会话标识验证成功的情况下,对所述第一握手请求进行响应,其中,所述内容分发网络中所有服务器的域名相同。a handshake response module, configured to: in the case that the domain name information in the first certificate matches the first domain name of the first server and the session identifier in the first session information is successfully verified, A handshake request is responded to, wherein the domain names of all servers in the content distribution network are the same.
  13. 如权利要求12所述的通信装置,其中,所述域名信息包括第二域名,所述握手响应模块包括:The communication device of claim 12, wherein the domain name information includes a second domain name, and the handshake response module includes:
    域名获取单元,设置为从所述第一证书中解析出所述第二域名,并获取为所述第一服务器配置的所述第一域名;以及a domain name obtaining unit, configured to resolve the second domain name from the first certificate, and obtain the first domain name configured for the first server; and
    域名匹配单元,设置为在所述第二域名与所述第一域名相同的情况下,确定所述域名信息与所述第一域名匹配。A domain name matching unit, configured to determine that the domain name information matches the first domain name when the second domain name is the same as the first domain name.
  14. 如权利要求12或13所述的通信装置,其中,所述装置还包括:The communication device of claim 12 or 13, wherein the device further comprises:
    配置指令接收模块,设置为接收到配置指令,其中,所述配置指令是 发送给所述内容分发网络中所有服务器的指令;以及A configuration instruction receiving module configured to receive a configuration instruction, wherein the configuration instruction is an instruction sent to all servers in the content distribution network; and
    配置指令执行模块,设置为按照所述配置指令的指示将所述第一服务器的域名配置为所述第一域名。The configuration instruction execution module is configured to configure the domain name of the first server as the first domain name according to the instruction of the configuration instruction.
  15. 如权利要求12至14中任一权利要求所述的通信装置,其中,所述握手响应模块还包括:The communication device according to any one of claims 12 to 14, wherein the handshake response module further comprises:
    第一内容返回单元,设置为在所述第一服务器的存储器上查找到与所述目标域名匹配的第一内容的情况下,返回所述第一内容;以及a first content returning unit, configured to return the first content when the first content matching the target domain name is found on the memory of the first server; and
    第二内容返回单元,设置为在所述第一服务器的存储器上未查找到与所述目标域名匹配的第一内容的情况下,返回第二内容,其中,所述第二内容为所述内容分发网络从源站服务器的存储器中查找到的与所述目标域名匹配的内容。A second content returning unit, configured to return a second content when the first content matching the target domain name is not found on the memory of the first server, where the second content is the content The distribution network finds the content matching the target domain name from the storage of the origin server.
  16. 如权利要求15所述的通信装置,其中,所述握手响应模块还包括:The communication device of claim 15, wherein the handshake response module further comprises:
    握手请求生成单元,设置为生成第二握手请求,其中,所述第二握手请求包括第二证书、第二会话信息和目标域名;以及a handshake request generating unit, configured to generate a second handshake request, wherein the second handshake request includes the second certificate, the second session information and the target domain name; and
    握手请求发送单元,设置为发送所述第二握手请求至所述源站服务器;以及a handshake request sending unit, configured to send the second handshake request to the origin server; and
    第二内容接收单元,设置为接收来自所述源站服务器反馈的所述第二内容,所述第二内容为在所述第二证书中的域名信息解析后的逻辑地址与所述源站服务器中的逻辑地址匹配、且所述源站服务器对所述第二会话信息验证成功的情况下,在所述源站服务器的存储器中查找到的与所述目标域名相匹配的内容。A second content receiving unit, configured to receive the second content fed back from the origin server, where the second content is the logical address of the parsed domain name information in the second certificate and the origin server If the logical address in the source site server matches and the verification of the second session information by the origin site server is successful, the content matching the target domain name is found in the memory of the origin site server.
  17. 如权利要求12至16中任一权利要求所述的通信装置,其中,所述会话标识包括会话票证和会话编码,所述握手响应模块还包括:The communication device according to any one of claims 12 to 16, wherein the session identification includes a session ticket and a session code, and the handshake response module further includes:
    第一验证单元,设置为在所述第一服务器对所述会话标识的会话票证验证成功、或所述会话标识的会话编码与所述第一服务器中的编码会话标识匹配的情况下,对所述第一会话信息中的会话标识验证成功。A first verification unit, configured to verify the session ID of the session ID by the first server successfully, or if the session code of the session ID matches the encoded session ID in the first server, verify the session ID of the session ID. The session identifier in the first session information is verified successfully.
  18. 如权利要求12至16中任一权利要求所述的通信装置,其中,所述会话标识包括会话票证和会话编码,所述握手响应模块还包括:The communication device according to any one of claims 12 to 16, wherein the session identification includes a session ticket and a session code, and the handshake response module further includes:
    优先验证单元,设置为在所述第一服务器对所述会话标识的会话票证验证成功的情况下,对所述第一会话信息中的会话标识验证成功;A priority verification unit, configured to successfully verify the session identifier in the first session information when the first server successfully verifies the session ticket of the session identifier;
    第二验证单元,设置为在所述第一服务器对所述会话标识的会话票证 验证失败的情况下,验证所述会话标识的会话编码与所述第一服务器中的会话编码是否匹配,以及a second verification unit configured to verify whether the session code of the session identifier matches the session code in the first server in the event that the first server fails to verify the session ticket of the session identifier, and
    会话验证成功单元,设置为在所述会话标识的会话编码与所述第一服务器中的会话编码匹配的情况下,对所述第一会话信息中的会话标识验证成功。The session verification success unit is configured to successfully verify the session identifier in the first session information when the session code of the session identifier matches the session code in the first server.
  19. 服务器的通信装置,应用于第二服务器,所述第二服务器为内容分发网络中的服务器,所述装置包括:The communication device of a server is applied to a second server, where the second server is a server in a content distribution network, and the device includes:
    第三握手请求接收模块,设置为接收第三握手请求,所述第三握手请求包括第三证书、第三会话信息和目标域名;The third handshake request receiving module is configured to receive a third handshake request, where the third handshake request includes a third certificate, third session information and a target domain name;
    第一握手请求发送模块,设置为在所述第三证书中的域名信息与所述第二服务器的第三域名匹配、对所述第三会话信息中的会话标识验证成功、且在所述第二服务器的存储器中未查找到与所述目标域名匹配的内容的情况下,生成第一握手请求,并发送所述第一握手请求至第一服务器,所述第一握手请求包括第一证书、第一会话信息和所述目标域名;以及The first handshake request sending module is set to match the domain name information in the third certificate with the third domain name of the second server, successfully verify the session identifier in the third session information, and verify the session identifier in the third session information. If no content matching the target domain name is found in the memory of the second server, generate a first handshake request, and send the first handshake request to the first server, where the first handshake request includes the first certificate, first session information and the target domain name; and
    第一响应内容接收模块,设置为接收来自所述第一服务器的响应内容。The first response content receiving module is configured to receive the response content from the first server.
  20. 服务器的通信装置,所述装置包括:A communication device for a server, the device includes:
    第三握手请求发送模块,设置为发送第四握手请求至第二服务器,所述第四握手请求包括目标域名、通信地址信息和第二会话信息;以及The third handshake request sending module is configured to send a fourth handshake request to the second server, where the fourth handshake request includes the target domain name, the communication address information and the second session information; and
    第二响应内容接收模块,设置为在所述通信地址信息中的域名信息与所述第二服务器的第二域名匹配、且对所述第二会话信息中的会话标识验证成功的情况下,接收来自所述第二服务器的响应内容,所述响应内容为与所述目标域名匹配的内容。The second response content receiving module is configured to receive the message when the domain name information in the communication address information matches the second domain name of the second server and the session identifier in the second session information is successfully verified. Response content from the second server, where the response content is content matching the target domain name.
  21. 计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现权利要求1至11中任一权利要求所述方法。A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 11 when the processor executes the computer program.
  22. 计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现权利要求1至11中任一权利要求所述的方法。A computer-readable storage medium having stored thereon a computer program that, when executed by a processor, implements the method of any one of claims 1 to 11.
PCT/CN2021/100342 2020-09-29 2021-06-16 Server communication method and apparatus, computer device, and storage medium WO2022068269A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011051216.2A CN112187804B (en) 2020-09-29 2020-09-29 Communication method and device of server, computer equipment and storage medium
CN202011051216.2 2020-09-29

Publications (1)

Publication Number Publication Date
WO2022068269A1 true WO2022068269A1 (en) 2022-04-07

Family

ID=73946974

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/100342 WO2022068269A1 (en) 2020-09-29 2021-06-16 Server communication method and apparatus, computer device, and storage medium

Country Status (2)

Country Link
CN (1) CN112187804B (en)
WO (1) WO2022068269A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116846953A (en) * 2023-08-30 2023-10-03 北京格尔国信科技有限公司 Certificate acquisition method, system and computer equipment

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112187804B (en) * 2020-09-29 2023-01-20 北京金山云网络技术有限公司 Communication method and device of server, computer equipment and storage medium
CN114070588A (en) * 2021-11-01 2022-02-18 上海派拉软件股份有限公司 Method and device for updating domain name certificate based on nginx
US11863669B2 (en) 2022-03-28 2024-01-02 International Business Machines Corporation Session resumption with derived key
CN115037537A (en) * 2022-06-06 2022-09-09 恒安嘉新(北京)科技股份公司 Abnormal traffic interception and abnormal domain name identification method, device, equipment and medium
CN115442331B (en) * 2022-08-29 2023-11-03 天翼云科技有限公司 Domain name access method, device, network equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105871797A (en) * 2015-11-19 2016-08-17 乐视云计算有限公司 Handshake method, device and system of client and server
US9680807B2 (en) * 2014-04-08 2017-06-13 Cloudflare, Inc. Secure session capability using public-key cryptography without access to the private key
CN111314288A (en) * 2019-12-23 2020-06-19 深信服科技股份有限公司 Relay processing method, relay processing device, server, and storage medium
CN112187804A (en) * 2020-09-29 2021-01-05 北京金山云网络技术有限公司 Communication method and device of server, computer equipment and storage medium

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411823B (en) * 2015-07-31 2019-07-12 华为技术有限公司 A kind of access control method and relevant device based on CDN
CN106341417B (en) * 2016-09-30 2019-11-05 贵州白山云科技股份有限公司 A kind of HTTPS acceleration method and system based on content distributing network
US10581948B2 (en) * 2017-12-07 2020-03-03 Akamai Technologies, Inc. Client side cache visibility with TLS session tickets
CN109936529B (en) * 2017-12-15 2021-12-31 华为技术有限公司 Method, device and system for secure communication
CN109769040A (en) * 2018-12-14 2019-05-17 平安普惠企业管理有限公司 Content delivery network service switching method, device, equipment and storage medium
CN109981817B (en) * 2019-03-21 2020-11-20 网宿科技股份有限公司 Access request processing method and device and server
CN111224952B (en) * 2019-12-24 2022-06-03 中移(杭州)信息技术有限公司 Network resource acquisition method and device for directional flow and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9680807B2 (en) * 2014-04-08 2017-06-13 Cloudflare, Inc. Secure session capability using public-key cryptography without access to the private key
CN105871797A (en) * 2015-11-19 2016-08-17 乐视云计算有限公司 Handshake method, device and system of client and server
CN111314288A (en) * 2019-12-23 2020-06-19 深信服科技股份有限公司 Relay processing method, relay processing device, server, and storage medium
CN112187804A (en) * 2020-09-29 2021-01-05 北京金山云网络技术有限公司 Communication method and device of server, computer equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116846953A (en) * 2023-08-30 2023-10-03 北京格尔国信科技有限公司 Certificate acquisition method, system and computer equipment
CN116846953B (en) * 2023-08-30 2023-11-17 北京格尔国信科技有限公司 Certificate acquisition method, system and computer equipment

Also Published As

Publication number Publication date
CN112187804A (en) 2021-01-05
CN112187804B (en) 2023-01-20

Similar Documents

Publication Publication Date Title
WO2022068269A1 (en) Server communication method and apparatus, computer device, and storage medium
US11789723B2 (en) Software container registry service
US10771459B2 (en) Terminal apparatus, server apparatus, blockchain and method for FIDO universal authentication using the same
EP3496332B1 (en) Method and system for securely sharing validation information using blockchain technology
US8296828B2 (en) Transforming claim based identities to credential based identities
JP6730520B2 (en) Immutable database supported by a cryptographically protected ledger
TWI659313B (en) Automatic login method and device between multiple websites
CN108369622B (en) Software container registry service
US20230281607A1 (en) Method and system for mobile cryptocurrency wallet connectivity
US8898764B2 (en) Authenticating user through web extension using token based authentication scheme
US8752152B2 (en) Federated authentication for mailbox replication
WO2016127914A1 (en) Redirection method, apparatus, and system
US9401911B2 (en) One-time password certificate renewal
JPH11212912A (en) Session management system and method
US8806195B2 (en) User interface generation in view of constraints of a certificate profile
US20190272291A1 (en) Apparatus, method, and storage medium for managing data
US8661519B2 (en) Redirection using token and value
US7930763B2 (en) Method of authorising a computing entity
US20210399897A1 (en) Protection of online applications and webpages using a blockchain
US20210377309A1 (en) System and method for establishing secure session with online disambiguation data
US11750391B2 (en) System and method for performing a secure online and offline login process
CN112905990A (en) Access method, client, server and access system
CN114095165B (en) Key updating method, server device, client device and storage medium
US11275867B1 (en) Content integrity processing
US20230169045A1 (en) System and method for information storage using blockchain databases combined with pointer databases

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21873931

Country of ref document: EP

Kind code of ref document: A1