配置cURL以使用默认系统证书存储 [英] Configure cURL to use default system cert store
问题描述
我有一个使用libcurl-4 dll的命令行应用程序,当前,我可以通过将我的CA证书放在工作目录中并使用<将它们的名称传递给CUTLOPT_CAINFO和CURLOPT_SSLCERT来使所有工作正常进行c3>在其名称前添加前缀.
I have a command line application that is using the libcurl-4 dll's, and currently I can get everything to work by placing my CA certs in my working directory and passing their names to the CUTLOPT_CAINFO and CURLOPT_SSLCERT with ./ prefix to their names.
但是,我正在努力使cURL不使用当前目录中的内容,而是使用存储在我的计算机系统存储中的证书.
But, what I am working on is getting cURL to not use what is in the current directory and instead use the certs that are stored in my computers system store.
通过阅读cURL的文档,我了解到,如果您在不指定指定默认值ca-bundle或ca-path的情况下进行配置,则ti将自动检测设置".
From reading cURL's documentation I understand that if you configure it without giving a specified default ca-bundle or ca-path that ti will "auto-detect a setting".
CURLOPT_CAINFO默认设置为特定于内置系统"
And that the CURLOPT_CAINFO is by default set to "built-in system specific"
任何人都可以帮助我理解:
So can anyone help me understand:
-
如果在配置时使用curl没有指定任何内容,它是否检测到系统存储的默认路径?还是curl使用自己的路径存储系统?
if nothing is specified at configure time with curl, is the default path it detects the system store? Or does curl use its own path for a system store?
您赋予curl_easy_setopt(m_curlHandle, CURLOPT_CAINFO, *<value> )什么值以使CURLOPT_CAINFO使用其默认值?
what value do you give curl_easy_setopt(m_curlHandle, CURLOPT_CAINFO, *<value> ) to make CURLOPT_CAINFO go use its default value?
感谢任何帮助,因为我仍在学习这一切的工作原理.
Any help is appreciated as i am still learning how this all works.
谢谢.
推荐答案
OpenSSL不支持使用Windows自己拥有的"CA证书存储".如果要让curl构建使用该证书存储,则需要重建curl以使用schannel后端(也称为"winssl"),它是Windows本机版本,默认情况下也使用Windows证书存储.
OpenSSL does not support using the "CA certificate store" that Windows has on its own. If you want your curl build to use that cert store, you need to rebuild curl to use the schannel backend instead (aka "winssl"), which is the Windows native version that also uses the Windows cert store by default.
如果您决定继续使用OpenSSL,则必须简单地在PEM文件或特制目录中提供CA证书,因为Windows不使用该格式提供其系统存储,则必须从某个地方或其他地方获得合适的存储.了解如何将Windows证书库转换为PEM格式.
If you decide to keep using OpenSSL, you simple must provide CA certs in either a PEM file or a specially crafted directory as Windows doesn't provide its system store using that format you either have to get a suitable store from somewhere or figure out how to convert the Windows cert store to PEM format.
这篇关于配置cURL以使用默认系统证书存储的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
