Hi @nrich
I got some more information on this.
We use libcurl on all platforms, although I believe that on Linux we use the system version of libcurl, and we ship our own version on Windows and Mac.
For SSL,/TLS we use the system libraries on Windows and Mac, and OpenSSL on Linux. As a result, the SSL certificates in the install folder are only used on Linux, because we use the system certificate storage on Windows and Mac.
FME can be configured to use the system proxy settings. See
here. Alternatively, it turns out you can set some environment variable that libcurl will pick up for proxy configuration.Those comments really only apply to the HTTPCaller, and generally speaking also to readers which have a URL dataset.
Setting up web connections uses a Java HTTP(S) client, and python plugins have their own libraries as well.
Hi @nrich
I got some more information on this.
We use libcurl on all platforms, although I believe that on Linux we use the system version of libcurl, and we ship our own version on Windows and Mac.
For SSL,/TLS we use the system libraries on Windows and Mac, and OpenSSL on Linux. As a result, the SSL certificates in the install folder are only used on Linux, because we use the system certificate storage on Windows and Mac.
FME can be configured to use the system proxy settings. See
here. Alternatively, it turns out you can set some environment variable that libcurl will pick up for proxy configuration.Those comments really only apply to the HTTPCaller, and generally speaking also to readers which have a URL dataset.
Setting up web connections uses a Java HTTP(S) client, and python plugins have their own libraries as well.
Thanks @jlutherthomas
for the quick and detailed response.
So in my case a https call made from a httpcaller in a job running on fme server would:
1) use the safe version of libcurl to make a connection, but
2) libcurl would use the windows OS default browsers certificate storage and TLS settings to verify and encrypt the link
This is kind of what I thought would be happening, although I'm a little confused, because I have IE8 installed as my default browser, which doesn't support tls1.2. Yet my fme installation does. Firefox is also installed on this box, so perhaps libcurl has managed to attach to that instead.
Is their anyway to tell what security certificates/ system libraries libcurl has a dependency on do you know?
regards,
Nick
(internet proxy - interesting that you can perhaps set system variables for libcurl, configuring the windows internet proxy settings for the service user running fmeserver was a bit of a pain when we were configuring it - setting it as system variables would be much easier and clearer for the system admins. presumably more info on that would be on the libcurl website, i'll go have a look.)