Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Help using libcurl with HTTP proxy on Android device
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 11 Apr 2023 00:39:08 +0200 (CEST)
On Mon, 10 Apr 2023, David Castillo via curl-library wrote:
> I have an Android app that is using libcurl to make network calls. I'm now
> trying to add support for proxies. I'm testing this by using Charles proxy.
> I found out that the user-installed certificates on Android are installed in
> the "/data/misc/user/0/cacerts-added" directory, so I set the
> "CURLOPT_CAPATH" option using this value. But I'm getting this error:
First, that sounds like a path for *added* CA certificates. You probably will
not be happy with just the added ones unless you only work against a specific
server for which you add the necessary CA certs.
> I got the certificate from my emulator from the
> "/data/misc/user/0/cacerts-added" directory, and it seems like the problem
> is that the certificate is in DER format instead of PEM format. Verified
> this by doing:
"the certificate" when talking about CA certificates sounds like something is
off. Are you really only going to trust a single CA cert? Or are you talking
about a client certificate here?
Client certificates are often using DER format. CA certificate less so.
> (Note: I have tried also setting the "CURLOPT_SSLCERTTYPE" option, but got
> the same error)
CURLOPT_SSLCERTTYPE is for *client certificates*, not CA certificates.
> Or does anyone know what's the proper way to handle proxies with libcurl on
> Android devices?
Why do you need certificates at all just because you use a proxy? Are you
saying you are using a HTTPS proxy? If so, don't you want to set
CURLOPT_PROXY_CAINFO rather than the CA for the server connection?
Date: Tue, 11 Apr 2023 00:39:08 +0200 (CEST)
On Mon, 10 Apr 2023, David Castillo via curl-library wrote:
> I have an Android app that is using libcurl to make network calls. I'm now
> trying to add support for proxies. I'm testing this by using Charles proxy.
> I found out that the user-installed certificates on Android are installed in
> the "/data/misc/user/0/cacerts-added" directory, so I set the
> "CURLOPT_CAPATH" option using this value. But I'm getting this error:
First, that sounds like a path for *added* CA certificates. You probably will
not be happy with just the added ones unless you only work against a specific
server for which you add the necessary CA certs.
> I got the certificate from my emulator from the
> "/data/misc/user/0/cacerts-added" directory, and it seems like the problem
> is that the certificate is in DER format instead of PEM format. Verified
> this by doing:
"the certificate" when talking about CA certificates sounds like something is
off. Are you really only going to trust a single CA cert? Or are you talking
about a client certificate here?
Client certificates are often using DER format. CA certificate less so.
> (Note: I have tried also setting the "CURLOPT_SSLCERTTYPE" option, but got
> the same error)
CURLOPT_SSLCERTTYPE is for *client certificates*, not CA certificates.
> Or does anyone know what's the proper way to handle proxies with libcurl on
> Android devices?
Why do you need certificates at all just because you use a proxy? Are you
saying you are using a HTTPS proxy? If so, don't you want to set
CURLOPT_PROXY_CAINFO rather than the CA for the server connection?
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-04-11