curl不安全选项 [英] curl insecure option

问题描述

我有一种情况，客户端通过curl调用https url。 https url的SSL证书是自签名的，因此curl无法进行证书验证并失败。 curl提供了一个选项-k / - insecure，它禁用证书验证。我的问题是，使用--insecure选项是在客户端和服务器之间进行加密的数据传输（因为它应该是https网址）？我理解安全风险，因为证书验证没有完成，但对于这个问题，我只关心数据传输是否加密。

I have a situation where the client makes a call through curl to a https url. The SSL certificate of the https url is self signed and therefore curl cannot do certificate validation and fails. curl provides an option -k/--insecure which disables certificate validation. My question is that on using --insecure option is the data transfer that is done between client and server encrypted(as it should be for https urls)? I understand the security risk because of certificate validation not being done, but for this question I am only concerned about whether data transfer is encrypted or not.

推荐答案

是的，传输的数据仍然是加密发送的。 -k / - 不安全将只使 curl 跳过证书验证，它不会一起关闭SSL。

Yes, the transfered data is still sent encrypted. -k/--insecure will "only make" curl skip certificate validation, it will not turn off SSL all together.

有关此事的更多信息，请访问以下链接：

More information regarding the matter is available under the following link:

• a href =http://curl.haxx.se/docs/sslcerts.html =noreferrer> curl.haxx.se - 有关服务器SSL证书的详细信息

• curl.haxx.se - Details on Server SSL Certificates

这篇关于curl不安全选项的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！