Thanks for the reply! > First, that sounds like a path for *added* CA certificates. You probably will > not be happy with just the added ones unless you only work against a specific > server for which you add the necessary CA certs.
I think I should have added the fact that when I first tried this using Charles (https://www.charlesproxy.com/) proxy, I got this error: "SSL certificate problem: self signed certificate in certificate chain". >From my understanding, this error happens because the Charles' root certificate I installed couldn't be found since curl is only looking at the system CA certificates stored in the "/system/etc/security/cacerts" directory. So, I tried to change the CURLOPT_CAPATH option to the path where user-installed certificates are stored (the plan was to do this only when a proxy is detected). I wouldn't be surprised if I got this completely wrong and I shouldn't be changing CURLOPT_CAPATH > "the certificate" when talking about CA certificates sounds like something is > off. Are you really only going to trust a single CA cert? Or are you talking > about a client certificate here? > > Client certificates are often using DER format. CA certificate less so. I'm probably mixing terminologies here, but when I'm talking about "the certificate" I'm referring to the Charles root certificate I installed on my device > Why do you need certificates at all just because you use a proxy? Are you > saying you are using a HTTPS proxy? If so, don't you want to set > CURLOPT_PROXY_CAINFO rather than the CA for the server connection? Yes, I think in this case Charles is acting as an HTTPS proxy, since I need to trust its certificate. I tried setting CURLOPT_PROXY_CAINFO to "/data/misc/user/0/cacerts-added", but I still get the "self signed certificate in certificate chain" error. From the documentation, it looks like this option expects a file path, so I tried "/data/misc/user/0/cacerts-added/924c6f19.0" which is the file of the Charles root certificate, but no luck.
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
