0

curl version is 7.78.0 openssl version is 1.1.1k

I ran a sample code to test. The certificates path on Android is /system/etc/security/cacerts

curl_easy_setopt(curl_.get(), CURLOPT_SSL_VERIFYPEER, 1L);
curl_easy_setopt(curl_.get(), CURLOPT_CAPATH, "/system/etc/security/cacerts");

one more thing, i use a pem file, put it in this path. set it to curl through CURLOPT_CAINFO. it works well.

but when i use CURLOPT_CAPATH, no matter it has the pem file or not, it doesn't work.

i have seen this :How to make SSL peer_verify work on Android?

try : 1.build with -DCURL_CA_PATH=/system/etc/security/cacerts 2.modify the by_dir.c at openssl source X509_NAME_hash to X509_NAME_hash_old

both dont work.

BirdQAQ
  • 3
  • 1
  • Why do you look for the info on SO, whereas the complete information is on the manual page [CURLOPT_CAPATH](https://curl.se/libcurl/c/CURLOPT_CAPATH.html): **the certificate directory must be prepared using the OpenSSL `c_rehash` utility.** – 273K Nov 24 '22 at 05:18
  • thank you for replay. @273K You reminded me of the overlooked tip. However, I didn't find any relevant tutorials on curl's official website, and I don't know how to do c_rehash. hope you can help – BirdQAQ Nov 24 '22 at 12:16
  • seems i need to use openssl re_hash to deal with the file in /system/etc/security/cacerts/ but how to do it throught code not to use cmd line. – BirdQAQ Nov 24 '22 at 13:22

0 Answers0