Great that you got it to work "the proper way".
/hh
Den tors 13 apr. 2023 03:12David Castillo via curl-library <
curl-library@lists.haxx.se> skrev:
> Okay, I think I have a solution that can work for me :) I used the
> https://curl.se/libcurl/c/CURLOPT_SSL_CTX_FUNCTION.html callback and I'm
> re
Okay, I think I have a solution that can work for me :) I used the
https://curl.se/libcurl/c/CURLOPT_SSL_CTX_FUNCTION.html callback and I'm
reading the der file and adding it to the store, similar to the example in
the docs. It's something like this:
static CURLcode sslctx_function(CURL *curl, voi
> I'm guessing the app would need the READ_EXTERNAL_STORAGE permission.
I have that permission for my app, but looks like the problem is that now
on Android you can only access the files that you created (
https://stackoverflow.com/questions/71777618/qt-and-android-11-accessing-file-in-download-fo
On Wed, Apr 12, 2023 at 03:08:02PM -0700, David Castillo via curl-library wrote:
> What permissions does OpenSSL need to read the certificates?
I'm guessing the app would need the READ_EXTERNAL_STORAGE permission.
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: ht
> Surely you can put a text file in
> your Android file system and tell your application's libcurl to use that
file
> as a CA cert?
But I don't know beforehand the name of that file, since the user could use
different proxies (it's not always a certificate for Charles). Although I
guess as a worka
On Tue, 11 Apr 2023, David Castillo via curl-library wrote:
I will take a look at this link you shared and see if I can figure out how
to read all certs, convert them and store it in one location. Or maybe I can
use the callback that Henrik shared previously (
https://curl.se/libcurl/c/CURLOPT
This is, unfortunately, a C++ program that is expected to be used for
multiplatform devices.
I will take a look at this link you shared and see if I can figure out how
to read all certs, convert them and store it in one location. Or maybe I
can use the callback that Henrik shared previously (
http
On Tue, Apr 11, 2023 at 9:03 PM David Castillo wrote:
>
> > There used to be at least two locations used on Android for
> > certificates. Maybe OpenSSL is only using one of them?
>
> Yes, user-installed certificates are stored in the
> "/data/misc/user/0/cacerts-added" directory while system cert
and of course the code i saw in libcurl was for loading the client cert and
there it wasn't the file extension that where used but the value of
CURLOPT_SSLKEYTYPE and the man page for that also tells ""DER" format key
file currently does not work because of a bug in OpenSSL"
So it looks back to sq
are they not linked? On Linux they are usually stored as hexdigits.0 so
openssl can find it via the hash but then that is just a link to the actual
cert file like:
lrwxrwxrwx 1 root root 23 dec 5 20:46 f081611a.1 ->
Go_Daddy_Class_2_CA.pem
/HH
Den ons 12 apr. 2023 kl 03:30 skrev David Castil
> howerver looking at the actual code it looks like what openssl calls
ASN.1 is actually DER and libcurl have code to load ASN.1 certificates. But
for this to work the certificate file must end with .DER (case
insensitive). So could it be that the file is stored with the wrong file
extension?
The
howerver looking at the actual code it looks like what openssl calls ASN.1
is actually DER and libcurl have code to load ASN.1 certificates. But for
this to work the certificate file must end with .DER (case insensitive). So
could it be that the file is stored with the wrong file extension ?
/HH
the main issue for libcurl is that openssl (of which boringssl is a fork)
only allows CA certificates in PEM format to be loaded, other types of
certificates can be in PEM or DER but CA must be in PEM. So it's really
strange (and dumb to be frank) of Google to force the CA certs to be
converted to
> There used to be at least two locations used on Android for
> certificates. Maybe OpenSSL is only using one of them?
Yes, user-installed certificates are stored in the
"/data/misc/user/0/cacerts-added" directory while system certificates are
stored in "/system/etc/security/cacerts" directory. Th
well if the plan is to always use this particular proxy then you can always
bundle the root cert and point libcurl to it as a local file. AFAIK the ssl
callback functions of libcurl could be used to load the cert in DER format
and supply it via memory buffer to the ssl library but that requires
kno
> But did you install it as a new root certificate or as a client
certificate on the android device?
As far as I understand, I installed it as a new root certificate, but I'm
not sure. I went to "Settings -> Passwords & security -> Privacy ->
Encryption and Credentials -> Install a certificate ->
but did you install it as a new root certificate or as a client certificate
on the android device? Can you access other https locations? If so then the
other root ca:s works on the device for some reason.
/HH
Den tis 11 apr. 2023 kl 20:39 skrev David Castillo via curl-library <
curl-library@lists
> In the old days, you had to install the CA Root in the Android
> Certificate Store, like
>
https://www.ibm.com/docs/en/mpf/7.1.0?topic=certificates-installing-root-ca-android
I have already installed the certificate on the device. I can see it in the
"/data/misc/user/0/cacerts-added" directory.
On Tue, Apr 11, 2023 at 12:16 PM David Castillo via curl-library
wrote:
>
> Yes! That's correct! Charles inserts its own CA cert in every connection:
> > Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to
> > view in plain text the communication between web browser and SSL we
Yes! That's correct! Charles inserts its own CA cert in every connection:
> Charles can be used as a man-in-the-middle HTTPS proxy, enabling you to
view in plain text the communication between web browser and SSL web server.
> Charles does this by becoming a man-in-the-middle. Instead of your
brow
On Mon, 10 Apr 2023, David Castillo wrote:
From my understanding, this error happens because the Charles' root
certificate I installed couldn't be found since curl is only looking at the
system CA certificates stored in the "/system/etc/security/cacerts"
directory. So, I tried to change the CU
Thanks for the reply!
> First, that sounds like a path for *added* CA certificates. You probably
will
> not be happy with just the added ones unless you only work against a
specific
> server for which you add the necessary CA certs.
I think I should have added the fact that when I first tried thi
On Mon, 10 Apr 2023, David Castillo via curl-library wrote:
I have an Android app that is using libcurl to make network calls. I'm now
trying to add support for proxies. I'm testing this by using Charles proxy.
I found out that the user-installed certificates on Android are installed in
the "/
23 matches
Mail list logo
