问题描述

我目前认为 cacert.pem 是一堆密钥，我可以用它来检查我正在与之交谈的站点是否确实是它声称的站点.因此，如果我向某人发送了一个依赖于 cacert.pem 的程序，我可以向他们发送我计算机上的一个版本，这对我没有安全威胁.

I currently believe cacert.pem is a bunch of keys that I can use to check that the site I'm talking to is in fact the site its claiming to be. As such, if I sent someone a program that was dependent on cacert.pem I can just send them a version on my computer and this has no security threat to me.

唯一的安全威胁是针对他们的，那就是如果我向他们发送虚假的 cacert.pem.

The only security threat would be for them and that is if I sent them a phony cacert.pem.

这是否正确，我是否可以安全地将我计算机上的 cacert.pem 版本发送给另一个可能不受信任的人?

Is this correct and am I safe sending the version of cacert.pem on my computer to another potentially untrusted person?

AS Steffen 指出，cacert.pem 可以引用任何文件.我特别指的是在 Requests Python 包中找到的那个.

AS Steffen pointed out, cacert.pem could refer to any file. I was referring to in particular the one that is found in the Requests Python package.

推荐答案

我不知道你说的是哪个 cacert.pem 文件，但是/etc/ssl/cacert.BSD 上的 pem 或 Linux 上的 /etc/ssl/certs 文件夹只包含可信证书机构的公共列表，用于验证 SSL 连接的信任.这些文件中没有秘密，通常它们甚至不是特定于系统的(尽管可以添加或删除 CA 来管理自己的信任设置).

I don't know which cacert.pem file you are talking about, but/etc/ssl/cacert.pem on BSD or the /etc/ssl/certs folder on Linux contain just a public list of trusted certificate agencies, which are used to verify trust for SSL connections. There is no secret in these files and usually they are not even system specific (although one might add or remove CAs to manage own trust settings).

但同样，我不知道你的 cacert.pem 文件包含什么，因为这个文件名没有内在的语义.如果它还包含私钥，则绝对不应该将其提供给他人.

But again, I don't know what your cacert.pem file contains, because there is no inherent semantic with this file name. If it contains also private keys you should definitely not give it to others.

这篇关于cacert.pem 是我电脑独有的吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！