Libcurl Certificate Pinning working on iPhone but not on Android
Question
This is my C++ code that I am using in Obj-C and JAVA projects.
string readBuffer;
string certificateBeingUsed;
CURL *curl = curl_easy_init();
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(curl, CURLOPT_URL, "https://apiServer");
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteCallback);
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &readBuffer);
curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 120);
curl_easy_setopt(curl, CURLOPT_ENCODING, GZIP);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER , true);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST , 2);
curl_easy_setopt(curl, CURLOPT_CAINFO,certificateBeingUsed);
CURLcode res;
res = curl_easy_perform(curl);
--------------------------------------------------------------------
In Xcode, I have my ceritificate "certificatePinning.der" stored in Resources/Certificates folder.
To use the code above, I set certificateBeingUsed to my certificate path:
certificateBeingUsed = "/Users/graceo/Library/Developer/CoreSimulator/Devices/1BB154CB-276B-4DDC-86C8-4975213D7E3B/data/Containers/Bundle/Application/4819EC2A-CA18-46BF-815F-445B5E3E519F/TestStoryBoardWithLibraryAndSwift.app/certificatePinning.der"
and res returns success with readBuffer containing the response sent from the server.
--------------------------------------------------------------------
In Android Studio, I have my ceritificate "certificatePinning.der" stored in assets folder. (I copy it to the data folder before using it)
To use the code above, I set certificateBeingUsed to my certificate path:
certificateBeingUsed = "/data/data/packageName/certificatePinning.der"
but res returns CURLE_SSL_CACERT_BADFILE (77) and readBuffer is empty
--------------------------------------------------------------------
What is it that I am missing in Android that could not validate the certificate stored with the server's ??
NB:
- I have SSL supported in libCurl.
- In android if I set it to the certificate cacert.pem it will return success, but I want to use my certificate instead.
1 answers
solution1
1 ACCPTED 2015-10-16 03:34:42
这可能是编码问题,尝试使用以下方法将.der文件转换为.pem格式:
openssl x509 -in cert.crt -inform der -outform pem -out cert.pem
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.