Yes! That's correct! Charles inserts its own CA cert in every connection: > Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to view in plain text the communication between web browser and SSL web server.
> Charles does this by becoming a man-in-the-middle. Instead of your browser seeing the server’s certificate, Charles dynamically generates a certificate for the server and signs it with its own root certificate (the Charles CA Certificate). So I'm trying to verify Charles' certificate that I installed on the Android device, but it seems that this certificate is in DER format and it's failing to read the certificate with this error: BoringSSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE Is there a way I can support this root certificate from Charles using libcurl? On Mon, Apr 10, 2023 at 11:42 PM Daniel Stenberg <dan...@haxx.se> wrote: > On Mon, 10 Apr 2023, David Castillo wrote: > > > From my understanding, this error happens because the Charles' root > > certificate I installed couldn't be found since curl is only looking at > the > > system CA certificates stored in the "/system/etc/security/cacerts" > > directory. So, I tried to change the CURLOPT_CAPATH option to the path > where > > user-installed certificates are stored (the plan was to do this only > when a > > proxy is detected). I wouldn't be surprised if I got this completely > wrong > > and I shouldn't be changing CURLOPT_CAPATH > > Is Charles an TLS-intercepting proxy? Then it inserts its own CA cert in > every > connection and yeah, then you need to trust that certy ordinary HTTPS > transfers. > > -- > > / daniel.haxx.se > | Commercial curl support up to 24x7 is available! > | Private help, bug fixes, support, ports, new features > | https://curl.se/support.html >
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
