Cargo 的证书颁发机构商店在哪里?
Where is Cargo's certificate authority store?
我们无法使用 Cargo,因为我们的 IT 部门拦截了所有 HTTPS 流量并替换了证书。我需要将企业根 CA 添加到 Cargo 的受信任 CA 列表中。 Cargo 用来存储这些文件的文件在哪里?
我在一个随机项目中开始 strace cargo fetch,看起来,至少在 Linux 上,cargo 只是在使用我的系统证书:
524 stat("/etc/pki/ca-trust/extracted/pem", 0x7ffccad52c70) = -1 ENOENT (No such file or directory)
529 stat("/usr/local/share/cert.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
530 stat("/usr/local/share/certs.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
531 stat("/usr/local/share/certs/ca-certificates.crt", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
532 stat("/usr/local/share/certs/ca-root-nss.crt", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
533 stat("/usr/local/share/certs/ca-bundle.crt", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
534 stat("/usr/local/share/CARootCertificates.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
535 stat("/usr/local/share/tls-ca-bundle.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
537 stat("/etc/ssl/cert.pem", {st_mode=S_IFREG|0444, st_size=220132, ...}) = 0
571 openat(AT_FDCWD, "/etc/ssl/cert.pem", O_RDONLY) = 3
/etc/ssl/cert.pem 包含许多证书,默认情况下,其中一个足以满足 cargo。
注册表默认托管在 GitHub,最终由 "DigiCert High Assurance EV Root CA" 签名,它确实包含在此文件中。
在某些发行版上(虽然我不知道那有多标准),您可以使用以下命令将证书添加到系统存储:
# trust anchor your-cert.crt
我们无法使用 Cargo,因为我们的 IT 部门拦截了所有 HTTPS 流量并替换了证书。我需要将企业根 CA 添加到 Cargo 的受信任 CA 列表中。 Cargo 用来存储这些文件的文件在哪里?
我在一个随机项目中开始 strace cargo fetch,看起来,至少在 Linux 上,cargo 只是在使用我的系统证书:
524 stat("/etc/pki/ca-trust/extracted/pem", 0x7ffccad52c70) = -1 ENOENT (No such file or directory)
529 stat("/usr/local/share/cert.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
530 stat("/usr/local/share/certs.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
531 stat("/usr/local/share/certs/ca-certificates.crt", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
532 stat("/usr/local/share/certs/ca-root-nss.crt", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
533 stat("/usr/local/share/certs/ca-bundle.crt", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
534 stat("/usr/local/share/CARootCertificates.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
535 stat("/usr/local/share/tls-ca-bundle.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
537 stat("/etc/ssl/cert.pem", {st_mode=S_IFREG|0444, st_size=220132, ...}) = 0
571 openat(AT_FDCWD, "/etc/ssl/cert.pem", O_RDONLY) = 3
/etc/ssl/cert.pem 包含许多证书,默认情况下,其中一个足以满足 cargo。
注册表默认托管在 GitHub,最终由 "DigiCert High Assurance EV Root CA" 签名,它确实包含在此文件中。
在某些发行版上(虽然我不知道那有多标准),您可以使用以下命令将证书添加到系统存储:
# trust anchor your-cert.crt