RCurl和自签名证书问题 [英] RCurl and self-signed certificate issues
问题描述
我在使用 RCurl 函数getURL访问使用自签名证书的服务器上的HTTPS URL时遇到问题.我在Mac OS X 10.9.2上运行R 3.0.2.
I am having problems getting RCurl function getURL to access an HTTPS URL on a server that is using a self-signed certificate. I'm running R 3.0.2 on Mac OS X 10.9.2.
我已阅读常见问题解答和
I have read the FAQ and the curl page on the subject. So this is where I stand:
- 我已将证书的副本保存到磁盘(〜/cert.pem).
- 我已经能够使用相同的文件通过python-requests和'verify'选项连接到服务器,并且成功了. 命令行上的
- curl似乎忽略了--cacert选项.使用Mac OS X钥匙串访问"应用将证书标记为受信任的证书后,我成功访问了该网站.
-
RCurl顽固地拒绝使用以下代码连接到网站:
- I have saved a copy of the certificate to disk (~/cert.pem).
- I have been able to use this very same file to connect to the server using python-requests and the 'verify' option, and succeeded.
- curl on the command-line seems to be ignoring the --cacert option. I succeeded in accessing the website with it after I flagged the certificate as trusted using the Mac OS X 'Keychain Access' app.
RCurl stubbornly refuses to connect to the website with the following code:
getURL(" https://somesite.tld ",详细信息= T,cainfo = normalizePath(〜/cert.pem"))
getURL("https://somesite.tld", verbose=T, cainfo=normalizePath("~/cert.pem"))
这是我得到的输出:
* Adding handle: conn: 0x7f92771b0400
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 38 (0x7f92771b0400) send_pipe: 1, recv_pipe: 0
* About to connect() to somesite.tld port 443 (#38)
* Trying 42.42.42.42...
* Connected to somesite.tld (42.42.42.42) port 443 (#38)
* SSL certificate problem: Invalid certificate chain
* Closing connection 38
当我在具有相同cert.pem文件和完全相同的URL的Linux VM中使用--cacert选项和上面的RCurl代码对curl进行测试时,它完美地工作了.
When I tested both curl with the --cacert option and the RCurl code above in a Linux VM with the same cert.pem file and exact same URL, it worked perfectly.
因此,在Linux和Mac OS X上进行相等的测试,只有在Mac OS X上,它们才会失败.甚至将证书添加到钥匙串上都行不通.
So equal tests on Linux and Mac OS X, and only on Mac OS X do they fail. Even adding the certificate to the keychain didn't work.
唯一可行的方法是使用ssl.verifypeer=FALSE,但出于安全原因,我不想这样做.
The only thing that does work is using ssl.verifypeer=FALSE, but I don't want to do that for security reasons.
我在这里没主意.其他人对如何使它起作用有任何建议吗?
I'm out of ideas here. Anyone else have any suggestions on how to get this to work?
推荐答案
回到这个问题,我只是想指出,如果您仍在使用RCurl,则应该使用
Coming back to this issue I just wanted to point out that if you are still using RCurl, you should be using httr (which uses curl) instead.
我已经确认将config(cainfo="/path/to/certificate")与httr连接一起使用将可以正常工作.
I have confirmed that using config(cainfo="/path/to/certificate") with httr connections will work as intended.
这篇关于RCurl和自签名证书问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
