SSL error on android

[tkkcc]

Basic https fetch fails on genymotion android 10. Enable vendored-openssl doesn't help.

repo.find_remote("origin")?
    .fetch(&[&branch], None, None)?;

Git(Error { code: -17, klass: 16, message: "the SSL certificate is invalid" })

Dependency

reqwest = { version = "0.11", features =[ "blocking"] }
openssl = {version = "0.10", features = ["vendored"]}

# git2 = { version = "0.16.1"}
git2 = { version = "0.16.1", features = ["vendored-openssl"]}

BTW, reqwest https works.

[tkkcc]

related https://github.com/alexcrichton/openssl-probe/issues/8

[newproplus]

I have the same question. Does anyone know how to resolve it?

[AuTsing]

Same here, is there any solutions?

[tkkcc]

Here are several non-perfect ways to use git on android

1. use java library jgit, then call it via jni-rs. clone/fetch/reset work.

2. disable cert check by modifing libgit2's code in libgit2-sys/libgit2/src/libgit2/streams/openssl.c, comment out these code

   if (SSL_get_verify_result(ssl) != X509_V_OK) {
       git_error_set(GIT_ERROR_SSL, "the SSL certificate is invalid");
       return GIT_ECERTIFICATE;
   }

3. disable cert check via git2-rs's RemoteCallbacks

   let mut callbacks = RemoteCallbacks::new();
   callbacks.certificate_check(|_, _| Ok(CertificateCheckStatus::CertificateOk));
   let mut fo = git2::FetchOptions::new();
   fo.remote_callbacks(callbacks);
   let mut builder = git2::build::RepoBuilder::new();
   builder.fetch_options(fo);
   let repo = builder.clone(url, input.as_ref())?;

Also reqwest with feature native-tls-vendored works on android. the key may be native-tls loads android system certs by default, this load includes conversion from pem to X509. i tried use git2-rs's set_ssl_cert_dir or set env var SSL_CERT_DIR, but no help, so may be we must load manually like native-tls https://github.com/sfackler/rust-native-tls/blob/0b69ce6a3c4bfe973ede44f6862fc13f3f09c773/src/imp/openssl.rs#L97-L107