ssl issues
Opened this issue · 4 comments
all https requests are error.
01-23 23:34:31.541 17869 17989 V SDK : curly error:Info: TLSv1.2 (OUT), TLS handshake, Client hello (1):
01-23 23:34:31.541 17869 17989 V SDK :
01-23 23:34:31.672 17869 17989 V SDK : curly error:Info: TLSv1.2 (IN), TLS handshake, Server hello (2):
01-23 23:34:31.672 17869 17989 V SDK :
01-23 23:34:31.673 17869 17989 V SDK : curly error:Info: TLSv1.2 (IN), TLS handshake, Certificate (11):
01-23 23:34:31.673 17869 17989 V SDK :
01-23 23:34:31.674 17869 17989 V SDK : curly error:Info: TLSv1.2 (OUT), TLS alert, Server hello (2):
01-23 23:34:31.674 17869 17989 V SDK :
01-23 23:34:31.674 17869 17989 V SDK : curly error:Info: SSL certificate problem: unable to get local issuer certificate
01-23 23:34:31.674 17869 17989 V SDK :
01-23 23:34:31.674 17869 17989 V SDK : curly error:Info: TLSv1.2 (OUT), TLS alert, Client hello (1):
It is what it says in the log. The ssl certification does not pass since we do not provide a list of trusted CA.
You can temporarily turn this off by toggling the VerifyPeer flag (see curl docs for more info).
For a real solution in Android you must extract the certificates on the device. I have a gist here with the code I use:
https://gist.github.com/johanlantz/6c53af21723ac9adfd00
I updated the README.md with this info.
https://curl.haxx.se/ca/cacert.pem
download this file, and set to my_cfg.certificate_path
it will work fine.
i think you need create a android sample project, tell how to use this lib.
it may be help guys. and to bring you more "stars"
👍 )
Sure, you can put any certificate file that includes the trusted CA of the site you want to visit. You just have to choose who to trust :-) I think trusting curl is fine. We choose to trust what the device manufacturer put on the Android device. If its for a project you control, you can choose to just include the single certificate you need for your server.