[C Bindings] open remote connection fails with CA certificates on Android

tursodatabase / libsql

libSQL is a fork of SQLite that is both Open Source, and Open Contributions.

https://turso.tech/libsql

MIT License

11.28k stars 286 forks source link

[C Bindings] open remote connection fails with CA certificates on Android #1432

Closed ospfranco closed 5 months ago

ospfranco commented 5 months ago

I seem to have hit this issue:

https://github.com/rustls/hyper-rustls/issues/187

Here a user tried to connect to a turso remote database on Android:

https://github.com/OP-Engineering/op-sqlite/issues/102#event-12993539677

The proposed solution is using a different API which has been made available only on Rust:

https://github.com/tursodatabase/libsql/issues/789

On rust the open_remote_with_connector function has been exposed, which does not use root certificates but webpki. I guess I would also need the same function exposed to the C bindings.

haaawk commented 5 months ago

This is what you have to do to get this working on Android:

let https = hyper_rustls::HttpsConnectorBuilder::new()
                    .with_webpki_roots()
                    .https_or_http()
                    .enable_http1()
                    .build();
            Builder::new_remote_replica(db_file, url, auth_token)
                    .connector(https)
                    .build()
                    .await

haaawk commented 5 months ago

I guess I could expose a new C function just for Android that would do the above internally.

haaawk commented 5 months ago

You should be able to use libql_open_sync_with_webpki and libsql_open_remote_with_webpki introduced in https://github.com/tursodatabase/libsql/pull/1433

ospfranco commented 5 months ago

awesome. thanks!