Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Help using libcurl with HTTP proxy on Android device
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Henrik Holst via curl-library <curl-library_at_lists.haxx.se>
Date: Tue, 11 Apr 2023 23:37:28 +0200
well if the plan is to always use this particular proxy then you can always
bundle the root cert and point libcurl to it as a local file. AFAIK the ssl
callback functions of libcurl could be used to load the cert in DER format
and supply it via memory buffer to the ssl library but that requires
knowledge of the exact ssl library used and not all of them support the ssl
callback functions AFAIK.
/HH
Den tis 11 apr. 2023 kl 23:09 skrev David Castillo <casvel.d_at_gmail.com>:
> > But did you install it as a new root certificate or as a client
> certificate on the android device?
>
> As far as I understand, I installed it as a new root certificate, but I'm
> not sure. I went to "Settings -> Passwords & security -> Privacy ->
> Encryption and Credentials -> Install a certificate -> CA certificate".
> Then if I go to "Trusted Credentials" on the device, I can see the Charles
> certificate in the "User" tab
>
> > Can you access other https locations? If so then the other root ca:s
> works on the device for some reason
>
> Yeah, I can access HTTPS locations without the proxy. I think the system
> certificates that are in the "/system/etc/security/cacerts" directory
> don't have any problem because those are PEM format (I checked that by
> grabbing one of those certificates and doing "openssl x509 -in
> <certificate> -inform PEM -text -noout" on my computer).
>
> The problem seems to be that when Android installs the new certificate, it
> converts it to DER format for some reason, which libcurl can't handle. I
> want to know if there's a way to handle this using libcurl. Maybe there's a
> way to convert the certificate before libcurl tries to verify it?
>
Date: Tue, 11 Apr 2023 23:37:28 +0200
well if the plan is to always use this particular proxy then you can always
bundle the root cert and point libcurl to it as a local file. AFAIK the ssl
callback functions of libcurl could be used to load the cert in DER format
and supply it via memory buffer to the ssl library but that requires
knowledge of the exact ssl library used and not all of them support the ssl
callback functions AFAIK.
/HH
Den tis 11 apr. 2023 kl 23:09 skrev David Castillo <casvel.d_at_gmail.com>:
> > But did you install it as a new root certificate or as a client
> certificate on the android device?
>
> As far as I understand, I installed it as a new root certificate, but I'm
> not sure. I went to "Settings -> Passwords & security -> Privacy ->
> Encryption and Credentials -> Install a certificate -> CA certificate".
> Then if I go to "Trusted Credentials" on the device, I can see the Charles
> certificate in the "User" tab
>
> > Can you access other https locations? If so then the other root ca:s
> works on the device for some reason
>
> Yeah, I can access HTTPS locations without the proxy. I think the system
> certificates that are in the "/system/etc/security/cacerts" directory
> don't have any problem because those are PEM format (I checked that by
> grabbing one of those certificates and doing "openssl x509 -in
> <certificate> -inform PEM -text -noout" on my computer).
>
> The problem seems to be that when Android installs the new certificate, it
> converts it to DER format for some reason, which libcurl can't handle. I
> want to know if there's a way to handle this using libcurl. Maybe there's a
> way to convert the certificate before libcurl tries to verify it?
>
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2023-04-11