On Tue, Apr 11, 2023 at 12:16 PM David Castillo via curl-library <curl-library@lists.haxx.se> wrote: > > Yes! That's correct! Charles inserts its own CA cert in every connection: > > Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to > > view in plain text the communication between web browser and SSL web server. > > > Charles does this by becoming a man-in-the-middle. Instead of your browser > > seeing the server’s certificate, Charles dynamically generates a > > certificate for the server and signs it with its own root certificate (the > > Charles CA Certificate). > > So I'm trying to verify Charles' certificate that I installed on the Android > device, but it seems that this certificate is in DER format and it's failing > to read the certificate with this error: > BoringSSL: error:0900006e:PEM routines:OPENSSL_internal:NO_START_LINE > > Is there a way I can support this root certificate from Charles using libcurl?
In the old days, you had to install the CA Root in the Android Certificate Store, like https://www.ibm.com/docs/en/mpf/7.1.0?topic=certificates-installing-root-ca-android . There used to be a bug that once installed, you could not remove the installed Root CA certificate. I do not know if the bug is still present. Jeff -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
