On Mon, 10 Apr 2023, David Castillo via curl-library wrote:
I have an Android app that is using libcurl to make network calls. I'm now trying to add support for proxies. I'm testing this by using Charles proxy. I found out that the user-installed certificates on Android are installed in the "/data/misc/user/0/cacerts-added" directory, so I set the "CURLOPT_CAPATH" option using this value. But I'm getting this error:
First, that sounds like a path for *added* CA certificates. You probably will not be happy with just the added ones unless you only work against a specific server for which you add the necessary CA certs.
I got the certificate from my emulator from the "/data/misc/user/0/cacerts-added" directory, and it seems like the problem is that the certificate is in DER format instead of PEM format. Verified this by doing:
"the certificate" when talking about CA certificates sounds like something is off. Are you really only going to trust a single CA cert? Or are you talking about a client certificate here?
Client certificates are often using DER format. CA certificate less so.
(Note: I have tried also setting the "CURLOPT_SSLCERTTYPE" option, but got the same error)
CURLOPT_SSLCERTTYPE is for *client certificates*, not CA certificates.
Or does anyone know what's the proper way to handle proxies with libcurl on Android devices?
Why do you need certificates at all just because you use a proxy? Are you saying you are using a HTTPS proxy? If so, don't you want to set CURLOPT_PROXY_CAINFO rather than the CA for the server connection?
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
