reqwest: example failed on Android for cert verification
cargo dinghy run --example simple
thread ‘main’ panicked at ‘called Result::unwrap() on an Err value: Http(Ssl(Failure(Ssl(ErrorStack([Error { code: 336134278, library: “SSL routines”, function: “ssl3_get_server_certificate”, reason: “certificate verify failed”, file: “s3_clnt.c”, line: 1264 }])))))’, /checkout/src/libcore/result.rs:859
note: Run with RUST_BACKTRACE=1 for a backtrace.
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Comments: 17 (5 by maintainers)
Commits related to this issue
- feat: Add dsn and transport to options and deprecate disabled methods (#70) — committed to EmbarkStudios/reqwest by mitsuhiko 6 years ago
@Boiethios the dangerous method disable only verification of the hostname in the certificate, but not that the certificate itself is trust by the current client configuration.
See https://github.com/seanmonstar/reqwest/pull/198 for what’s holding up the ability to disable total certificate verification.
@king6cong
add_root_certificatedidn’t work becauseCertificate::from_pemonly returns the first certificate as far as I can tell. I triedinclude_str!instead of bytes and string split to add each key to thekey_storeand it worked.my fork of
rust-opensslhas a commit that will read the system certs and it’s working without any messing with files and assets https://github.com/dten/rust-openssl/commit/72da006c498f8ae518be0bc936c78de2b86a0f1d all i need to use it is this replace block in my Cargo.tomlit should really also account for the
user-addedanduser-removedkeys that are elsewhere on the system but i haven’t bothered yetSetting envar on android device like this solved the problem:
SSL_CERT_FILE=/sdcard/cacert.pem
But I wonder if is there a way to use the system wide ca cert file such as the ones in /system/etc/security/cacerts.