我们无法使用货运,因为我们的IT部门拦截了所有HTTPS流量并替换了证书。我需要将公司根CA添加到Cargo的受信任CA列表中。 Cargo用来存储这些文件的文件在哪里?
答案 0 :(得分:3)
我在一个随机项目中开始git fetch tokenized-origin
,并且看起来,至少在Linux上,strace cargo fetch只是在使用我的系统证书:
cargo 524 stat("/etc/pki/ca-trust/extracted/pem", 0x7ffccad52c70) = -1 ENOENT (No such file or directory)
529 stat("/usr/local/share/cert.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
530 stat("/usr/local/share/certs.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
531 stat("/usr/local/share/certs/ca-certificates.crt", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
532 stat("/usr/local/share/certs/ca-root-nss.crt", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
533 stat("/usr/local/share/certs/ca-bundle.crt", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
534 stat("/usr/local/share/CARootCertificates.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
535 stat("/usr/local/share/tls-ca-bundle.pem", 0x7ffccad52da0) = -1 ENOENT (No such file or directory)
537 stat("/etc/ssl/cert.pem", {st_mode=S_IFREG|0444, st_size=220132, ...}) = 0
571 openat(AT_FDCWD, "/etc/ssl/cert.pem", O_RDONLY) = 3
包含许多证书,默认情况下,其中一个足以容纳/etc/ssl/cert.pem。
默认情况下,该注册表托管在GitHub上,最终由“ DigiCert高保证EV根CA”签名,该文件确实包含在该文件中。
在某些发行版上(尽管我不知道标准是什么),您可以使用以下命令将证书添加到系统存储中:
cargo