Is Android supported?

[vi]

I see some Android-looking things in find_cert_dirs, but testing with adb push and adb shell is not fruitful.

[vi]

Is it a good idea to download and cache some cacert.pem if normal probing fails?

For security some fingerprint may be shown to user.

[alexcrichton]

Android isn't necessarily specifically supported moreso than other platforms, it's mostly that if the certs are present on android they should be found and if they're not present no action is taken. If paths to search are missing though they can definitely be added!

[vi]

For example, /system/etc/security/cacerts is missing. Although it still fails to work when I SSL_CERT_DIR it.

[alexcrichton]

The answer may be no then? This is largely just designed for Cargo to work on tier 1 platforms, but if it needs patches for others they're most welcome!

[timvisee]

I'm not too familiar with what directory or certificate store file must be found. But, according to this StackOverflow post Android uses a /system/etc/security/cacerts.bks file, which is a Java-specific file.

Therefore I believe more steps are required than just adding its certificate file/directory to the file probing logic would be required on Android. Or would it simply work by setting /system/etc/security as SSL_CERT_DIR with the *.0 files available in there? Sadly I'm not able to test this out at this moment.

[vi]

Maybe there some incomplete set of *.0 files there...