Hi, I've successfully built libcurl-7.36.0 with openssl-1.0.1h on Android. I ran a sample code to test HTTPS connection. The SSL_VERIFYPEER is enabled by default. The certificates path on Android is /system/etc/security/cacerts, so I set CURLOPT_CAPATH to /system/etc/security/cacerts.
ls -l /system/etc/security/cacerts -rw-r--r-- root root 4767 2012-09-22 11:57 00673b5b.0 -rw-r--r-- root root 4573 2012-09-22 11:57 03e16f6c.0 -rw-r--r-- root root 5292 2012-09-22 11:57 08aef7bb.0 ...... Here is a snippet of my codes.. curl = curl_easy_init(); curl_easy_setopt(curl, CURLOPT_URL, "https://www.google.com:443";); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L); // default curl_easy_setopt(curl, CURLOPT_CAPATH, "/system/etc/security/cacerts"); curl_easy_perform(curl); Curl always returns an error: == Info: SSL certificate problem: unable to get local issuer certificate == Info: Closing connection 0 curl_easy_perform() failed: Peer certificate cannot be authenticated with given CA certificates It's working if I download the CA bundle file ca-bundle.crt from http://curl.haxx.se/docs/caextract.html and curl_easy_setopt(curl, CURLOPT_CAINFO, "path:/ca-bundle.crt"). I've also tried openssl-0.9.8zb. It's working on Android without the CA bundle file. Here is my question: Is it possible to make openssl-1.0.x work on Android without manually downloading the CA bundle file and specifying CURLOPT_CAINFO? Thanks, Robert Chou
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
