I have an Android app that is using libcurl to make network calls. I'm now trying to add support for proxies. I'm testing this by using Charles proxy. I found out that the user-installed certificates on Android are installed in the "/data/misc/user/0/cacerts-added" directory, so I set the "CURLOPT_CAPATH" option using this value. But I'm getting this error:
BoringSSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE I got the certificate from my emulator from the "/data/misc/user/0/cacerts-added" directory, and it seems like the problem is that the certificate is in DER format instead of PEM format. Verified this by doing: openssl x509 -in 924c6f19.0 -inform PEM -text -noout unable to load certificate 140704516269696:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/AppleInternal/Library/BuildRoots/9e200cfa-7d96-11ed-886f-a23c4f261b56/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/crypto/pem/pem_lib.c:694:Expecting: TRUSTED CERTIFICATE I tried to convert this certificate to PEM format and then install it in the emulator, but looks like Android converts it back to DER format when installing it. Does anyone know how I can handle DER certificates with libcurl? Is there a way to convert them before curl tries to read them, maybe using "CURLOPT_SSL_CTX_FUNCTION"? (Note: I have tried also setting the "CURLOPT_SSLCERTTYPE" option, but got the same error) Or does anyone know what's the proper way to handle proxies with libcurl on Android devices? Thanks, -David
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
