问题
I have a command line application that is using the libcurl-4 dll's, and currently I can get everything to work by placing my CA certs in my working directory and passing their names to the CUTLOPT_CAINFO and CURLOPT_SSLCERT with ./ prefix to their names.
But, what I am working on is getting cURL to not use what is in the current directory and instead use the certs that are stored in my computers system store.
From reading cURL's documentation I understand that if you configure it without giving a specified default ca-bundle or ca-path that ti will "auto-detect a setting".
And that the CURLOPT_CAINFO is by default set to "built-in system specific"
So can anyone help me understand:
if nothing is specified at configure time with curl, is the default path it detects the system store? Or does curl use its own path for a system store?
what value do you give
curl_easy_setopt(m_curlHandle, CURLOPT_CAINFO, *<value> )to makeCURLOPT_CAINFOgo use its default value?
Any help is appreciated as i am still learning how this all works.
Thank you.
回答1:
OpenSSL does not support using the "CA certificate store" that Windows has on its own. If you want your curl build to use that cert store, you need to rebuild curl to use the schannel backend instead (aka "winssl"), which is the Windows native version that also uses the Windows cert store by default.
If you decide to keep using OpenSSL, you simple must provide CA certs in either a PEM file or a specially crafted directory as Windows doesn't provide its system store using that format you either have to get a suitable store from somewhere or figure out how to convert the Windows cert store to PEM format.
来源:https://stackoverflow.com/questions/37551409/configure-curl-to-use-default-system-cert-store