The default certificate can be removed when building

[yoran4096]

Thanks for this ! Does it mean that all libraries are statically linked to run perfectly on Android? Or I need to rebuild the Android version with ndk？

PS.看了下资料，是山西的呢...

[abcfy2]

抱歉看到晚了，不知道为什么这个issue似乎没有邮件通知，平时这个项目基本没什么人提交issue，所以我个人也就提交代码的时候才会偶尔翻看下。

言归正传。

因为编译的时候指定了--with-ca-bundle='/etc/ssl/certs/ca-certificates.crt选项，所以aria2默认会去找/etc/ssl/certs/ca-certificates.crt这个路径下的ca证书链——这对于绝大多数Linux系统来说是OK的，这就是它们默认存放证书链的路径

你的问题我试了下，Android我并未找到默认的ca证书链的存放路径，甚至动用了find命令在adb shell下执行，也并未发现类似的文件在哪，不确定是不是因为没有root权限很多系统目录无法访问导致的

你的问题专门查了下aria2的issue，还真有类似的： https://github.com/aria2/aria2/issues/842 就是--check-certificate这个参数有坑，它并不影响--ca-certificate选项，你还是得指定一个有效的ca证书链文件路径。如果你的Android系统找不到，可以直接从curl网站上直接下载一个现成的放进去，用--ca-certificate选项指向这个文件试试： https://curl.se/docs/caextract.html

之前我没在android的shell中直接运行过，如果还有其他问题的话，也许我得考虑为android环境单独构建一个，不确定aria2依赖的这些库直接交叉编译会不会在android下还有其他不能用的。我自己交叉编译的那几个也只是测试过我自己的路由器，有arm的mips的，这都是能用的，android的(现在市面上大部分应该是aarch64架构的)我还真没测试过

[abcfy2]

https://github.com/aria2/aria2/releases 发现aria2官方release已经有android构建了，也许你应该考虑直接用那个……

[abcfy2]

@yoran4096 看了下aria2官方build的android，以及它的README，原来也没什么特殊的，只是android环境特殊而已，官方README全文如下:

aria2 for Android devices
=========================

aria2 is a lightweight multi-protocol & multi-source download utility
operated in command-line. It supports HTTP/HTTPS, FTP, BitTorrent and
Metalink.

Install
-------

aria2 is not an ordinary Android Java application. It is a C++ native
application and operates in command-line.  You don't have to 'root'
your device to use aria2.  Because aria2 is a command-line program,
you need a terminal emulator. First install Android Terminal Emulator
from Android Market (or build it from source and install. See
https://github.com/jackpal/Android-Terminal-Emulator/).

1. Copy aria2c executable to ``/mnt/sdcard`` on your device.
2. Run Android Terminal Emulator.
3. ``mkdir /data/data/jackpal.androidterm/aria2``
4. ``cat /mnt/sdcard/aria2c > /data/data/jackpal.androidterm/aria2/aria2c``
5. ``chmod 744 /data/data/jackpal.androidterm/aria2/aria2c``
6. Add the following commands to the initial command of Android
   Terminal Emulator::

       export HOME=/data/data/jackpal.androidterm/aria2; cd $HOME

7. Exit Android Terminal Emulator.
8. Run Android Terminal Emulator again.
9. See whether aria2c actually works by invoking ``./aria2c -v``

How to use
----------

See `the online manual
<https://aria2.github.io/manual/en/html/>`_.

Notes
-----

aria2c executable was generated using android-ndk-r14b.

The following libraries were statically linked.

* openssl 1.1.1k
* expat 2.4.1
* zlib 1.2.11
* c-ares 1.17.2
* libssh2 1.9.0

Since Android does not have ``/etc/resolv.conf``, c-ares (asynchronous
DNS resolver) is disabled by default. But name resolution is sometimes
a little bit slow, so I recommend to enable c-ares. You can enable it
using ``--async-dns`` and specify DNS servers using
``--async-dns-server`` option, like this::

  --async-dns --async-dns-server=`getprop net.dns1`,`getprop net.dns2`

Additionally, the CA certificates shipped with Android don't locate in
the same place as those of normal Unix-like systems do, so this
workaround might be useful to securely download files via HTTPS::

   cat /etc/security/cacerts/* | aria2c --ca-certificate=/proc/self/fd/0 $@

Because it is tedious to type these long parameters every time you use
aria2c, the following wrapper shell script would be handy::

    #!/system/bin/sh
    cat /etc/security/cacerts/* | \
    /data/data/jackpal.androidterm/aria2c \
      --ca-certificate=/proc/self/fd/0 \
      --async-dns \
      --async-dns-server=`getprop net.dns1`,`getprop net.dns2` \
      "$@"

Please note that you need to add executable file mode bit to this
wrapper script too. (e.g., ``chmod 744 /PATH/TO/SCRIPT``)

Known Issues
------------

* Since Android does not have ``/dev/stdout``, ``-l-`` does not work.
  ``/proc/self/fd/0`` is a workaround for Android.

* Android Terminal Emulator sometimes stops updating console. It looks
  like aria2c hangs, but aria2c continues to run.

其实已经描述了这个问题，这个--ca-certificate其实得自己bundle，我试了下它的bundle方案，用我自己的aarch64构建在我的华为手机上都能跑起来，无论libressl还是openssl版本都是OK的:

$ cat /etc/security/cacerts/* | ./aria2c --async-dns-server=223.5.5.5 --ca-certificate=/proc/self/fd/0 https://www.baidu.com/
11/04 03:10:13 [NOTICE] Downloading 1 item(s)

11/04 03:10:13 [NOTICE] File already exists. Renamed to /data/local/tmp/index.1.html.

11/04 03:10:13 [NOTICE] Download complete: /data/local/tmp/index.1.html

Download Results:
gid   |stat|avg speed  |path/URI
======+====+===========+=======================================================
5bb594|OK  |    44KiB/s|/data/local/tmp/index.1.html

Status Legend:
(OK):download completed.

发现官方README的那个getprop net.dns1在我这边不输出任何内容，google了下发现android 8以上已经不通过这个方法暴露DNS了，所以只好自己指定了一个dns

[abcfy2]

已经添加了REAMDE内容，感谢反馈。

P.S: 有点好奇你是怎么找到这个项目的，这个项目在github上都没几个星，在google上也不怎么搜得到，搜aria2 static build其他项目都比我靠前，你是怎么找到这个项目的？

[yoran4096]

我不是很懂c++，主要方向在desktop和web方向，基本都是前端，我想找个直接build好的二进制用于开发新的跨平台下载器以及手机下载器和web的netdisk，是刻意搜索的结果... 之前用rust直接lld musl build跨平台感觉挺好，正好看见这个，我最近也尝试build了多次，感觉cpp有点麻烦的，build check的时候我不知道哪些依赖可以不存在哪些必须存在我不是很清楚... 比较头疼...

[yoran4096]

rust和go基本设置个linker就行了，build cpp的时候发现大部分lib都支持可替换依赖，check的时候有的依赖是no，有的缺少头文件，但是编译都能通过，不知道用不用处理这些check为no的依赖

[abcfy2]

一般来说只要脚本不停下都是可以无视那些no的，有些是可选依赖，如果必选依赖遇到问题脚本会停止的

[yoran4096]

原来是这样，那我就理解了... 官方的build的是arm64的，我开发机是x86_64 windows，模拟器的arm仿真有点靠不住，尤其是64位，我不想开发的时候连手机，而且开发完了还是要重新编译各个架构的二进制文件... 太感谢你的解答了，解了我的依赖疑惑....