vi
commented
5 years ago Is it a good idea to download and cache some cacert.pem if normal probing fails?
For security some fingerprint may be shown to user.
Open vi opened 5 years ago
vi
commented
5 years ago Is it a good idea to download and cache some cacert.pem if normal probing fails?
For security some fingerprint may be shown to user.
alexcrichton
commented
5 years ago Android isn't necessarily specifically supported moreso than other platforms, it's mostly that if the certs are present on android they should be found and if they're not present no action is taken. If paths to search are missing though they can definitely be added!
vi
commented
5 years ago For example, /system/etc/security/cacerts is missing. Although it still fails to work when I SSL_CERT_DIR it.
alexcrichton
commented
5 years ago The answer may be no then? This is largely just designed for Cargo to work on tier 1 platforms, but if it needs patches for others they're most welcome!
timvisee
commented
5 years ago I'm not too familiar with what directory or certificate store file must be found. But, according to this StackOverflow post Android uses a /system/etc/security/cacerts.bks file, which is a Java-specific file.
Therefore I believe more steps are required than just adding its certificate file/directory to the file probing logic would be required on Android. Or would it simply work by setting /system/etc/security as SSL_CERT_DIR with the *.0 files available in there? Sadly I'm not able to test this out at this moment.
vi
commented
5 years ago Maybe there some incomplete set of *.0 files there...
I see some Android-looking things in
find_cert_dirs, but testing withadb pushandadb shellis not fruitful.