Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Help using libcurl with HTTP proxy on Android device
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Jeffrey Walton via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 11 Apr 2023 14:03:03 -0400
On Tue, Apr 11, 2023 at 12:16 PM David Castillo via curl-library
<curl-library_at_lists.haxx.se> wrote:
>
> Yes! That's correct! Charles inserts its own CA cert in every connection:
> > Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to view in plain text the communication between web browser and SSL web server.
>
> > Charles does this by becoming a man-in-the-middle. Instead of your browser seeing the server’s certificate, Charles dynamically generates a certificate for the server and signs it with its own root certificate (the Charles CA Certificate).
>
> So I'm trying to verify Charles' certificate that I installed on the Android device, but it seems that this certificate is in DER format and it's failing to read the certificate with this error:
> BoringSSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE
>
> Is there a way I can support this root certificate from Charles using libcurl?
In the old days, you had to install the CA Root in the Android
Certificate Store, like
https://www.ibm.com/docs/en/mpf/7.1.0?topic=certificates-installing-root-ca-android
.
There used to be a bug that once installed, you could not remove the
installed Root CA certificate. I do not know if the bug is still
present.
Jeff
Date: Tue, 11 Apr 2023 14:03:03 -0400
On Tue, Apr 11, 2023 at 12:16 PM David Castillo via curl-library
<curl-library_at_lists.haxx.se> wrote:
>
> Yes! That's correct! Charles inserts its own CA cert in every connection:
> > Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to view in plain text the communication between web browser and SSL web server.
>
> > Charles does this by becoming a man-in-the-middle. Instead of your browser seeing the server’s certificate, Charles dynamically generates a certificate for the server and signs it with its own root certificate (the Charles CA Certificate).
>
> So I'm trying to verify Charles' certificate that I installed on the Android device, but it seems that this certificate is in DER format and it's failing to read the certificate with this error:
> BoringSSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE
>
> Is there a way I can support this root certificate from Charles using libcurl?
In the old days, you had to install the CA Root in the Android
Certificate Store, like
https://www.ibm.com/docs/en/mpf/7.1.0?topic=certificates-installing-root-ca-android
.
There used to be a bug that once installed, you could not remove the
installed Root CA certificate. I do not know if the bug is still
present.
Jeff
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-04-11