问题描述

因此，我正在尝试将libcurl与JNI一起使用，但它返回curle_ssl_cacert_badfile错误.这是我的代码.

jni侧:

static size_t WriteCallback(void *contents, size_t size, size_t nmemb, void *userp)
{
    ((string*)userp)->append((char*)contents, size * nmemb);
    return size * nmemb;
}


//jList is an array containing the certificate.

 Java_packageName_MainActivity_Test(JNIEnv *env, jobject thiz, jobject jList)
    {

        vector<string> certificatesPinning;

        // Convert jobject to jobjectArray
        // retrieve the java.util.List interface class
        jclass cList = env->FindClass("java/util/List");
        // retrieve the toArray method and invoke it
        jmethodID mToArray = env->GetMethodID(cList, "toArray", "()[Ljava/lang/Object;");
        jobjectArray stringArray = (jobjectArray)env->CallObjectMethod(jList, mToArray);

        // Add each certificate to the list
        int stringCount = (env)->GetArrayLength(stringArray);
        for (int i=0; i < stringCount; i++)
        {
            jstring certificateString = (jstring)(env)-> GetObjectArrayElement(stringArray, i);
            const char *cert = (env)->GetStringUTFChars(certificateString, 0);
            const jsize len = env->GetStringUTFLength(certificateString);

            string certificatePinningObj(cert,len);

            certificatesPinning.push_back(certificatePinningObj);
            (env)->ReleaseStringUTFChars( certificateString, cert);
        }

        string readBuffer;
        CURL *curl = curl_easy_init();
        curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
        curl_easy_setopt(curl, CURLOPT_URL, "https://theapi.com");
        curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteCallback);// Fill the response in the readBuffer
        curl_easy_setopt(curl, CURLOPT_WRITEDATA, &readBuffer);
        curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 120); // 120 s connect timeout
        curl_easy_setopt(curl, CURLOPT_ENCODING, GZIP);
        curl_easy_setopt(curl,CURLOPT_SSLCERTTYPE,"der");

        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER , 1);
        curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST , 2L);
        curl_easy_setopt(curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
        curl_easy_setopt(curl, CURLOPT_CAINFO,certificatesPinning[0].c_str());//buf


        CURLcode res;
        res = curl_easy_perform(curl);
        if(!readBuffer.empty())
        {
           printf("success \n");
        }
        else
        {
            printf("error \n");
        int a = (int)res;// this is 77 = CURLE_SSL_CACERT_BADFILE

        }
    }

Java侧:

// Define the function
native void Test(ArrayList<String> certificates);

// Prepare the certificate
ArrayList<String> certificatesPinning = new ArrayList<String>();
certificatesPinning.add(saveCertPemFile());

// Call the function
Test(certificatesPinning);


 // Helpers
    private String saveCertPemFile()
    {
        Context context=getApplicationContext();
        String assetFileName="certificateName.der";

        if(context==null || !FileExistInAssets(assetFileName,context))
        {
            Log.i("TestActivity", "Context is null or asset file doesnt exist");
            return null;
        }
        //destination path is data/data/packagename
        String destPath=getApplicationContext().getApplicationInfo().dataDir;
        String CertFilePath =destPath + "/" +assetFileName;
        File file = new File(CertFilePath);
        if(file.exists())
        {
            //delete file
            file.delete();
        }
        //copy to internal storage
        if(CopyAssets(context,assetFileName,CertFilePath)==1) return CertFilePath;

        return CertFilePath=null;

    }

    private int CopyAssets(Context context,String assetFileName, String toPath)
    {
        AssetManager assetManager = context.getAssets();
        InputStream in = null;
        OutputStream out = null;
        try {
            in = assetManager.open(assetFileName);
            new File(toPath).createNewFile();
            out = new FileOutputStream(toPath);
            byte[] buffer = new byte[1024];
            int read;
            while ((read = in.read(buffer)) != -1)
            {
                out.write(buffer, 0, read);
            }
            in.close();
            in = null;
            out.flush();
            out.close();
            out = null;
            return 1;
        } catch(Exception e) {
            Log.e("tag", "CopyAssets"+e.getMessage());

        }
        return 0;

    }

    private boolean FileExistInAssets(String fileName,Context context)
    {
        try {
            return Arrays.asList(context.getResources().getAssets().list("")).contains(fileName);
        } catch (IOException e) {
            // TODO Auto-generated catch block

            Log.e("tag", "FileExistInAssets"+e.getMessage());

        }
        return false;
    }

” cearterateName.der”是存储在资产文件夹中的证书.

这是发送到JNI的证书路径:

/data/data/packagename/certificatename.der

参考

推荐答案

您尚未完全解释您在这里使用的内容，但是正如我将猜测，您有一个针对OpenSSL的libcurl. curlopt_cainfo”> curlopt_cainfo 应该使用pem识别pem bundle 格式.该捆绑包是您值得信赖的CAS的所有证书.

您的描述听起来像您有一个der文件，但是您不能使用openssl的ca cert捆绑.

获得不错的Ca捆绑的一种常见方法是下载 pem版本船只包括在Firefox中.

以上所述是小编给大家介绍的libcurl CURLE_SSL_CACERT_BADFILE在安卓上的错误,希望对大家有所帮助，如果大家有任何疑问请给我留言，小编会及时回复大家的。在此也非常感谢大家对77isp云服务器技术网的支持！