New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
example failed on Android for cert verification #70
Comments
Setting envar on android device like this solved the problem: SSL_CERT_FILE=/sdcard/cacert.pem But I wonder if is there a way to use the system wide ca cert file such as the ones in /system/etc/security/cacerts. |
Does Android always have certs installed there? If so, sounds like we could file in the openssl crate to look there when on Android? |
I am also getting this error which makes reqwest unusable for https on Android |
android's certificates are stored not as a pem but separate files with the filename being edit: this works when running cargo's tests from the command line, but setting it in an app isn't working |
Do you compile openssl yourself to ship with your app, or is it always available on Android? If compiling yourself, the rust-openssl crate has instructions on configuring custom builds. If it is always there, in an expected location and format, perhaps the rust-openssl crate could take a patch to look for it on Android. |
I'm compiling openssl and statically linking into a my cdylib crate which uses reqwest. Then calling some exposed functions through JNI. Http works but https requests fail with the above error. I'm going to keep at this and hopefully will come back with answer. Surely C++ using openssl also has this problem, but i cant find any one with the answer. |
So, to be clear, the instructions (here) from rust-openssl don't help? Perhaps once the steps are found, the instructions there could be updated with an Android section as well. |
Yes those settings are already in use otherwise you can't even get passed the openssl build script. |
I have looked into this today:
Any suggestions are welcome. Rust SSL support on android is really a big deal. 😃 |
Getting the asset shouldn't be too bad with android glue. https://github.com/tomaka/android-rs-glue/tree/master/examples/use_assets Can't you set these from outside of reqwest |
@dten Yeah, but |
Ah yes sorry :) have to write it out somewhere first which would be awkward. I feel there should be a sensible answer for this. Investigation counties |
@king6cong my fork of
it should really also account for the |
@dten That's awesome! 👍 In this way we can just use android system ca certs. according to http://wiki.cacert.org/FAQ/ImportRootCert
Take older versions of Android into consideration and openssl on android will no longer be a problem :) |
Awesome work! I see you've filed an pull request to get this into the openssl crate, great. I'm going to close this issue then. |
Hi guys, maybe I am missing something, but when I try to use the API of a site with the default client:
I get a “certificate verify failed”. I tried to use the dangerous method like this guy:
but I get the exact same error. What am I missing there? |
@Boiethios the dangerous method disable only verification of the hostname in the certificate, but not that the certificate itself is trust by the current client configuration. See #198 for what's holding up the ability to disable total certificate verification. |
thread 'main' panicked at 'called
Result::unwrap()
on anErr
value: Http(Ssl(Failure(Ssl(ErrorStack([Error { code: 336134278, library: "SSL routines", function: "ssl3_get_server_certificate", reason: "certificate verify failed", file: "s3_clnt.c", line: 1264 }])))))', /checkout/src/libcore/result.rs:859note: Run with
RUST_BACKTRACE=1
for a backtrace.The text was updated successfully, but these errors were encountered: