Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Help using libcurl with HTTP proxy on Android device
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: David Castillo via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 10 Apr 2023 15:28:20 -0700
I have an Android app that is using libcurl to make network calls. I'm now
trying to add support for proxies. I'm testing this by using Charles proxy.
I found out that the user-installed certificates on Android are installed
in the "/data/misc/user/0/cacerts-added" directory, so I set the
"CURLOPT_CAPATH" option using this value. But I'm getting this error:
BoringSSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE
I got the certificate from my emulator from the
"/data/misc/user/0/cacerts-added" directory, and it seems like the problem
is that the certificate is in DER format instead of PEM format. Verified
this by doing:
openssl x509 -in 924c6f19.0 -inform PEM -text -noout unable to load
certificate 140704516269696:error:09FFF06C:PEM routines:CRYPTO_internal:no
start
line:/AppleInternal/Library/BuildRoots/9e200cfa-7d96-11ed-886f-a23c4f261b56/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/crypto/pem/pem_lib.c:694:Expecting:
TRUSTED CERTIFICATE
I tried to convert this certificate to PEM format and then install it in
the emulator, but looks like Android converts it back to DER format when
installing it.
Does anyone know how I can handle DER certificates with libcurl? Is there a
way to convert them before curl tries to read them, maybe using
"CURLOPT_SSL_CTX_FUNCTION"? (Note: I have tried also setting the
"CURLOPT_SSLCERTTYPE" option, but got the same error)
Or does anyone know what's the proper way to handle proxies with libcurl on
Android devices?
Thanks,
-David
Date: Mon, 10 Apr 2023 15:28:20 -0700
I have an Android app that is using libcurl to make network calls. I'm now
trying to add support for proxies. I'm testing this by using Charles proxy.
I found out that the user-installed certificates on Android are installed
in the "/data/misc/user/0/cacerts-added" directory, so I set the
"CURLOPT_CAPATH" option using this value. But I'm getting this error:
BoringSSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE
I got the certificate from my emulator from the
"/data/misc/user/0/cacerts-added" directory, and it seems like the problem
is that the certificate is in DER format instead of PEM format. Verified
this by doing:
openssl x509 -in 924c6f19.0 -inform PEM -text -noout unable to load
certificate 140704516269696:error:09FFF06C:PEM routines:CRYPTO_internal:no
start
line:/AppleInternal/Library/BuildRoots/9e200cfa-7d96-11ed-886f-a23c4f261b56/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/crypto/pem/pem_lib.c:694:Expecting:
TRUSTED CERTIFICATE
I tried to convert this certificate to PEM format and then install it in
the emulator, but looks like Android converts it back to DER format when
installing it.
Does anyone know how I can handle DER certificates with libcurl? Is there a
way to convert them before curl tries to read them, maybe using
"CURLOPT_SSL_CTX_FUNCTION"? (Note: I have tried also setting the
"CURLOPT_SSLCERTTYPE" option, but got the same error)
Or does anyone know what's the proper way to handle proxies with libcurl on
Android devices?
Thanks,
-David
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-04-11