如何确保curl使用openssl，而不是nss？ [英] How can I ensure that curl uses openssl, and not nss?

问题描述

可以通过配置确保 参数 ， curl 使用 OpenSSL ，并且不是 NSS 检索https内容？我需要确保这一点，以便强制遵守 FIPS140-2 ，RHEL6.2已经认证？

Is it possible to ensure by a configuration parameter, that curl uses OpenSSL, and not NSS to retrieve https content? I need to ensure this, in order to enforce compliance with FIPS140-2, which RHEL6.2 has certified?

我认为答案是否。

所以我会问这里的跟进...我可以重新编译curl，以确保它使用libssl而不是libnss？我尝试过：

So I'll ask the follow-up here as well... Can I recompile curl to ensure that it uses libssl and not libnss? I've tried:

./configure --with-ssl --without-nss

我还是用curl二进制文件动态链接 libnss3.so

and I still end up with a curl binary that dynamically links against libnss3.so.

[root@fips curl-7.19.7]# ldd /usr/bin/curl 
        linux-vdso.so.1 =>  (0x00007fffacbe8000)
        libcurl.so.4 => /usr/lib64/libcurl.so.4 (0x00007f5d8fe03000)
        libidn.so.11 => /lib64/libidn.so.11 (0x00007f5d8fbd1000)
        libldap-2.4.so.2 => /lib64/libldap-2.4.so.2 (0x00007f5d8f983000)
        librt.so.1 => /lib64/librt.so.1 (0x00007f5d8f77b000)
        libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007f5d8f537000)
        libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007f5d8f250000)
        libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007f5d8f024000)
        libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007f5d8ee20000)
        libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f5d8ebc2000)
        libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f5d8e828000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f5d8e624000)
        libssh2.so.1 => /usr/lib64/libssh2.so.1 (0x00007f5d8e3fb000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f5d8e1e5000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f5d8de52000)
        liblber-2.4.so.2 => /lib64/liblber-2.4.so.2 (0x00007f5d8dc42000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f5d8da28000)
        libssl3.so => /usr/lib64/libssl3.so (0x00007f5d8d7f2000)
        libsmime3.so => /usr/lib64/libsmime3.so (0x00007f5d8d5c5000)
--->    libnss3.so => /usr/lib64/libnss3.so (0x00007f5d8d28a000)
--->    libnssutil3.so => /usr/lib64/libnssutil3.so (0x00007f5d8d05f000)
        libplds4.so => /lib64/libplds4.so (0x00007f5d8ce5a000)
        libplc4.so => /lib64/libplc4.so (0x00007f5d8cc55000)
        libnspr4.so => /lib64/libnspr4.so (0x00007f5d8ca18000)
        libsasl2.so.2 => /usr/lib64/libsasl2.so.2 (0x00007f5d8c7fd000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f5d8c5e0000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f5d90062000)
        libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007f5d8c3d5000)
        libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007f5d8c1d1000)
        libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007f5d8bf99000)
        libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f5d8bd7a000)
        libfreebl3.so => /lib64/libfreebl3.so (0x00007f5d8bb18000)

推荐答案

./configure --with-ssl=/usr/include --without-nss

这篇关于如何确保curl使用openssl，而不是nss？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！