Open vi opened 5 years ago
Is it a good idea to download and cache some cacert.pem if normal probing fails?
For security some fingerprint may be shown to user.
Android isn't necessarily specifically supported moreso than other platforms, it's mostly that if the certs are present on android they should be found and if they're not present no action is taken. If paths to search are missing though they can definitely be added!
For example, /system/etc/security/cacerts
is missing. Although it still fails to work when I SSL_CERT_DIR
it.
The answer may be no then? This is largely just designed for Cargo to work on tier 1 platforms, but if it needs patches for others they're most welcome!
I'm not too familiar with what directory or certificate store file must be found. But, according to this StackOverflow post Android uses a /system/etc/security/cacerts.bks
file, which is a Java-specific file.
Therefore I believe more steps are required than just adding its certificate file/directory to the file probing logic would be required on Android. Or would it simply work by setting /system/etc/security
as SSL_CERT_DIR
with the *.0
files available in there? Sadly I'm not able to test this out at this moment.
Maybe there some incomplete set of *.0
files there...
I see some Android-looking things in
find_cert_dirs
, but testing withadb push
andadb shell
is not fruitful.