Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Help using libcurl with HTTP proxy on Android device
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: David Castillo via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 11 Apr 2023 09:16:39 -0700
Yes! That's correct! Charles inserts its own CA cert in every connection:
> Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to
view in plain text the communication between web browser and SSL web server.
> Charles does this by becoming a man-in-the-middle. Instead of your
browser seeing the server’s certificate, Charles dynamically generates a
certificate for the server and signs it with its own root certificate (the
Charles CA Certificate).
So I'm trying to verify Charles' certificate that I installed on the
Android device, but it seems that this certificate is in DER format and
it's failing to read the certificate with this error:
BoringSSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE
Is there a way I can support this root certificate from Charles using
libcurl?
On Mon, Apr 10, 2023 at 11:42 PM Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Mon, 10 Apr 2023, David Castillo wrote:
>
> > From my understanding, this error happens because the Charles' root
> > certificate I installed couldn't be found since curl is only looking at
> the
> > system CA certificates stored in the "/system/etc/security/cacerts"
> > directory. So, I tried to change the CURLOPT_CAPATH option to the path
> where
> > user-installed certificates are stored (the plan was to do this only
> when a
> > proxy is detected). I wouldn't be surprised if I got this completely
> wrong
> > and I shouldn't be changing CURLOPT_CAPATH
>
> Is Charles an TLS-intercepting proxy? Then it inserts its own CA cert in
> every
> connection and yeah, then you need to trust that certy ordinary HTTPS
> transfers.
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
>
Date: Tue, 11 Apr 2023 09:16:39 -0700
Yes! That's correct! Charles inserts its own CA cert in every connection:
> Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to
view in plain text the communication between web browser and SSL web server.
> Charles does this by becoming a man-in-the-middle. Instead of your
browser seeing the server’s certificate, Charles dynamically generates a
certificate for the server and signs it with its own root certificate (the
Charles CA Certificate).
So I'm trying to verify Charles' certificate that I installed on the
Android device, but it seems that this certificate is in DER format and
it's failing to read the certificate with this error:
BoringSSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE
Is there a way I can support this root certificate from Charles using
libcurl?
On Mon, Apr 10, 2023 at 11:42 PM Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Mon, 10 Apr 2023, David Castillo wrote:
>
> > From my understanding, this error happens because the Charles' root
> > certificate I installed couldn't be found since curl is only looking at
> the
> > system CA certificates stored in the "/system/etc/security/cacerts"
> > directory. So, I tried to change the CURLOPT_CAPATH option to the path
> where
> > user-installed certificates are stored (the plan was to do this only
> when a
> > proxy is detected). I wouldn't be surprised if I got this completely
> wrong
> > and I shouldn't be changing CURLOPT_CAPATH
>
> Is Charles an TLS-intercepting proxy? Then it inserts its own CA cert in
> every
> connection and yeah, then you need to trust that certy ordinary HTTPS
> transfers.
>
> --
>
> / daniel.haxx.se
> | Commercial curl support up to 24x7 is available!
> | Private help, bug fixes, support, ports, new features
> | https://curl.se/support.html
>
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-04-11