将 SSL 证书更改到不同位置
目前我们使用 cURL 从 HTTPS 读取数据。一切正常。
我们在curl中设置证书如下:
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
curl_easy_setopt(curl,CURLOPT_SSLCERT,"/etc/ssl/certs/abc.cert.pem");
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"PEM");
curl_easy_setopt(curl,CURLOPT_SSLKEY,"/etc/ssl/certs/abc.key.pem");
现在我们想要将这些证书文件移动到不同的目录。即使我更改上面命令中的路径,它也不起作用,因为我认为证书路径在 libcurl 中被硬编码为 /etc/ssl 。
基于谷歌搜索,我尝试先添加,
curl_easy_setopt(curl, CURLOPT_CAPATH, "/MyDir/");
然后添加具有正确相对路径的四行。它不起作用。
如何将路径(存储证书的目录)更改为我想要的路径。示例或解释将受到赞赏。
谢谢
詹姆斯
Currently we read from HTTPS using cURL. Everything works fine.
We set up certficates in curl as follows:
curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"PEM");
curl_easy_setopt(curl,CURLOPT_SSLCERT,"/etc/ssl/certs/abc.cert.pem");
curl_easy_setopt(curl,CURLOPT_SSLKEYTYPE,"PEM");
curl_easy_setopt(curl,CURLOPT_SSLKEY,"/etc/ssl/certs/abc.key.pem");
Now we want to move these certificate files to a different directory. Even if I change the path in the commands above it does not work because I think the certificate path is hard coded as /etc/ssl in libcurl.
Based on googling I tried adding first,
curl_easy_setopt(curl, CURLOPT_CAPATH, "/MyDir/");
and then the four lines with the correct relative path. It didnt work.
How to change the path (the directory where the certificates are stored) into something I want. Example or explanation will be appreciated.
Thanks
James
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
不,libcurl 中根本没有客户端证书的硬编码路径,您的理论是不正确的。
但是您将 CURLOPT_SSLCERT 选项(用于客户端证书)和同一问题中的 CURLOPT_CAPATH 选项(用于 CA 证书)可能会暗示您误解了这些选项的真正含义和用途。
capath/bundle 在 libcurl 中具有硬编码默认值,但您始终可以使用 CA* 选项之一设置您自己的首选。
No, there's no hardcoded paths for client certificates at all in libcurl, your theory is incorrect.
But your mixing of the CURLOPT_SSLCERT option (which is for client certificates) and the CURLOPT_CAPATH option (which is for CA certs) in the same question here, might imply that you've misunderstood what the options really are and do.
The capath/bundle has a hardcoded default within libcurl, but you can always set your own preferred one with one of the the CA* options.