Re: Help using libcurl with HTTP proxy on Android device
Okay, I think I have a solution that can work for me :) I used the
https://curl.se/libcurl/c/CURLOPT_SSL_CTX_FUNCTION.html callback and I'm
reading the der file and adding it to the store, similar to the example in
the docs. It's something like this:
static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) {
X509_STORE *store;
X509 *cert = NULL;
FILE *derCert = fopen("/data/misc/user/0/cacerts-added/924c6f19.0",
"r");
// Create cert from file
cert = d2i_X509_fp(derCert, NULL);
if(cert == NULL)
printf("d2i_X509_fp failed...\n");
/* get a pointer to the X509 certificate store (which may be empty) */
store = SSL_CTX_get_cert_store((SSL_CTX *)sslctx);
/* add our certificate to this store */
if(X509_STORE_add_cert(store, cert) == 0)
printf("error adding certificate\n");
/* decrease reference counts */
X509_free(cert);
/* all set to go */
return CURLE_OK;
}
Thanks all for your help!! I'm not sure if the thread needs to be marked as
solved or anything.
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
Re: Help using libcurl with HTTP proxy on Android device
> I'm guessing the app would need the READ_EXTERNAL_STORAGE permission. I have that permission for my app, but looks like the problem is that now on Android you can only access the files that you created ( https://stackoverflow.com/questions/71777618/qt-and-android-11-accessing-file-in-download-folder ) -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
Re: Help using libcurl with HTTP proxy on Android device
On Wed, Apr 12, 2023 at 03:08:02PM -0700, David Castillo via curl-library wrote: > What permissions does OpenSSL need to read the certificates? I'm guessing the app would need the READ_EXTERNAL_STORAGE permission. -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
Re: Help using libcurl with HTTP proxy on Android device
> Surely you can put a text file in > your Android file system and tell your application's libcurl to use that file > as a CA cert? But I don't know beforehand the name of that file, since the user could use different proxies (it's not always a certificate for Charles). Although I guess as a workaround I could educate the user to load their CA cert file in the Download directory with a specific name. I tested this by setting CURLOPT_CAINFO, but I got this error: "error setting certificate verify locations: CAfile: /storage/emulated/0/Download/924c6f19.0 CApath: /system/etc/security/cacerts" Then I tried just setting the CURLOPT_CAPATH option to the Download directory and got this permission error: "BoringSSL: error:020d:system library:OPENSSL_internal:Permission denied" Does this mean that the Download directory on Android doesn't have the permissions required for OpenSSL to read the certificates? drwxrws--- 4 u0_a147 media_rw 4096 2023-04-11 17:34 Download What permissions does OpenSSL need to read the certificates? -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
Re: Help using libcurl with HTTP proxy on Android device
On Tue, 11 Apr 2023, David Castillo via curl-library wrote: I will take a look at this link you shared and see if I can figure out how to read all certs, convert them and store it in one location. Or maybe I can use the callback that Henrik shared previously ( https://curl.se/libcurl/c/CURLOPT_SSL_CTX_FUNCTION.html), seems like if I use this one I would need to only do the conversion step. A CA cert in a PEM file is just a text file. Surely you can put a text file in your Android file system and tell your application's libcurl to use that file as a CA cert? -- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
