curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Help using libcurl with HTTP proxy on Android device

From: David Castillo via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 11 Apr 2023 09:16:39 -0700

Yes! That's correct! Charles inserts its own CA cert in every connection:
> Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to
view in plain text the communication between web browser and SSL web server.

> Charles does this by becoming a man-in-the-middle. Instead of your
browser seeing the server’s certificate, Charles dynamically generates a
certificate for the server and signs it with its own root certificate (the
Charles CA Certificate).
So I'm trying to verify Charles' certificate that I installed on the
Android device, but it seems that this certificate is in DER format and
it's failing to read the certificate with this error:
BoringSSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE

Is there a way I can support this root certificate from Charles using
libcurl?

On Mon, Apr 10, 2023 at 11:42 PM Daniel Stenberg <daniel_at_haxx.se> wrote:

> On Mon, 10 Apr 2023, David Castillo wrote:
>
> > From my understanding, this error happens because the Charles' root
> > certificate I installed couldn't be found since curl is only looking at
> the
> > system CA certificates stored in the "/system/etc/security/cacerts"
> > directory. So, I tried to change the CURLOPT_CAPATH option to the path
> where
> > user-installed certificates are stored (the plan was to do this only
> when a
> > proxy is detected). I wouldn't be surprised if I got this completely
> wrong
> > and I shouldn't be changing CURLOPT_CAPATH
>
> Is Charles an TLS-intercepting proxy? Then it inserts its own CA cert in
> every
> connection and yeah, then you need to trust that certy ordinary HTTPS
> transfers.
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
>


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2023-04-11