Https的详解

http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html

Https就是在http和TCP 之间加入TLS (SSL3.0之后的新名字),这是在http应用层协议和传输层之间的’安全层,或者说七层模型里的会话层’。(TCP和UDP 是传输层,而IP是更低的网络层,在下去就是物理或者网络接口层或者叫链路层,只有四层,比七层模型简单)

通过四次握手,双方都有client random(明文), server random(明文), pre master(验证服务器证书可信之后用服务器提供的公钥加密)之后,组合起来以约定的哈希算法(md5或者sha)算出哈希(摘要),这就是双方都知道,而别人不知道的master 密钥,后面就用约定的AES 之类的对称加密解密这个master 密钥来传输http 的信息。

 

 

 

trap in testing angular observable

https://medium.com/angular-in-depth/how-to-test-observables-a00038c7faad

excerpt:

The “subscribe and assert pattern” has the following downsides

  • You need to remind yourself always to call the done callback

    1. Don’t forget to call “done” when you’re done ☝️

    Often, tests which use the “subscribe and assert pattern” are green even though, in reality, they are failing. How come? 🤔

    In asynchronous scenarios, our test rushes through without also checking our assertions inside our nextcomplete or error handler. This can quickly happen if we forget to call the done callback after the assertions.

    The done callback is a way to indicate to the testing framework when our test is actually done.

    remarks: forgetting about “done” is elusive because this test passed when it actually failed. However, the karma will return and show you some other test failed if you run ng test. but the other test is actually passing. ng test is not good at reporting precisely.