Comments (12)
On Windows and OS X, you can configure cURL to simply use the OS-provided TLS stacks (Secure Channel, Secure Transport), which has multiple upsides to shipping OpenSSL or one of its forks:
- smaller binary size, because the library is already there
- no need to maintain/update the list of trusted root certificates, which is not included in OpenSSL
- no need to issue emergency patches of your app when the next security issue in the TLS library is found, because the OS vendor will do it
On Linux, you can feed the OS-provided trusted root certificates to cURL if you can find them. Here's where we look for them in Kullo:
https://github.com/kullo/client-httpclient-curl/blob/master/httpclient/cabundle.cpp
The CA bundle can then be fed to cURL using CURLOPT_CAINFO
:
https://github.com/kullo/client-httpclient-curl/blob/master/httpclient/httpclientimpl.cpp#L137
from cpr.
Btw, couldn't find in the docs but there is a way to disable SSL checks without going down to libcurl calls.
cpr::Session session;
session.SetVerifySsl(false);
session.SetUrl(...);
auto response = session.Get();
Hope it helps someone!
from cpr.
What's the status of this? It looks like the CI has fallen behind. However the merge isn't all that big to begin with. What's holding this feature back from being merged into mainline?
from cpr.
Is this OpenSSL specific or are you talking about generic TLS support? I guess as user of curl, you should be able to abstract away from the TLS implementation used.
from cpr.
Yeah I should clarify that I want generic TLS support. The library client should probably not care what's used behind the scenes to do TLS, this is purely a build step detail.
That said, if I were to embed a particular TLS library, OpenSSL appears to be the way to go.
from cpr.
FYI for people just looking to get a quick and dirty requests over SSL should be able to do so by linking against libCURL (compiled with OpenSSL).
Just add it to your cmake lists and executable:
find_package(CURL)
include_directories(${CURL_INCLUDE_DIRS})
target_link_libraries(exe ${CURL_LIBRARY})
from cpr.
is it currently possible to make connections via Oauth?
from cpr.
There are some options for SSL:
Not check SSL:
curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYPEER, false);
curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYHOST, false);
Self-signed serfiticate:
curl_easy_setopt(curl_,CURLOPT_SSLCERTTYPE,"DER");
curl_easy_setopt(curl_,CURLOPT_CAINFO, path_to_cert_.c_str());
curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYPEER, true);
curl_easy_setopt(curl_, CURLOPT_SSL_VERIFYHOST, false);
Signed sertificate:
curl_easy_setopt(curl_, CURLOPT_CAINFO, "keys/curl-ca-bundle.crt");
I't good to use public web servers for unit tests.
For SSL it's good https://badssl.com/
Common requests: https://httpbin.org/
from cpr.
I't good to use public web servers for unit tests.
I disagree: you want unit tests to be able to run without any external dependencies. Integration tests are a different story though. But even those you probably want to run against a server which configuration you control (.e.g one you spawn as part of the test run).
from cpr.
Btw, couldn't find in the docs but there is a way to disable SSL checks without going down to libcurl calls.
cpr::Session session; session.SetVerifySsl(false); session.SetUrl(...); auto response = session.Get();
Hope it helps someone!
Thank you so much! Simple and effective!
from cpr.
+1
from cpr.
+1
from cpr.
Related Issues (20)
- INTERNAL_ERROR(4) on any requests that goes to a site protected with CloudFlare HOT 8
- can't linking to executable HOT 1
- put cpr into a cmake project and error while loading shared libraries: libinih.so: cannot open shared object file: No such file or directory HOT 1
- Cmake cache generation fails. HOT 1
- Response.GetCertInfos() is not const HOT 2
- WriteCallback should take a string_view as argument instead of a std::string to avoid a copy HOT 2
- install cpr, but the dependencies of cpr (curl) can not be installed to the correct path HOT 2
- can cpr set keepalive writetimeout readtimeout when sending a post request? HOT 5
- Set propper runtime library for use in msvc project HOT 5
- C++20 ixx Module | unresolved external symbol _Cnd_timedwait_for HOT 7
- Fully featured Url parser HOT 1
- When is the time for threadpool creation? HOT 2
- libcpr fails to build on Windows because zlib isn't found HOT 2
- Resolving linker errors with nuget package? HOT 1
- Build failure: `httpServer.cpp: error: overflow in conversion from 'long long int' to 'time_t' {aka 'long int'} changes value from '3905119080' to '-389848216' [-Werror=overflow]` HOT 2
- Some tests fail on PowerPC [84% tests passed, 4 tests failed out of 25] HOT 13
- Build failure on macOS 10.15: `error: no viable constructor or deduction guide for deduction of template arguments of 'function'` HOT 1
- Automatically manage cookies like c # CookieContainer
- cpr::ProgressCallback in combination with cpr::Download has the values of up- and download switched HOT 2
- libcpr static build option HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cpr.