Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL error on android #920

Open
tkkcc opened this issue Jan 22, 2023 · 4 comments
Open

SSL error on android #920

tkkcc opened this issue Jan 22, 2023 · 4 comments

Comments

@tkkcc
Copy link

tkkcc commented Jan 22, 2023
edited

Basic https fetch fails on genymotion android 10. Enable vendored-openssl doesn't help.

repo.find_remote("origin")?
    .fetch(&[&branch], None, None)?;
Git(Error { code: -17, klass: 16, message: "the SSL certificate is invalid" })

Dependency

reqwest = { version = "0.11", features =[ "blocking"] }
openssl = {version = "0.10", features = ["vendored"]}

# git2 = { version = "0.16.1"}
git2 = { version = "0.16.1", features = ["vendored-openssl"]}

BTW, reqwest https works.
@tkkcc
Copy link
Author

tkkcc commented Apr 12, 2023

related alexcrichton/openssl-probe#8

@ehuss ehuss mentioned this issue Jan 8, 2024
Closed
@newproplus
Copy link

I have the same question. Does anyone know how to resolve it?

@AuTsing
Copy link

AuTsing commented Apr 15, 2024

Same here, is there any solutions?

@tkkcc
Copy link
Author

tkkcc commented May 5, 2024

Here are several non-perfect ways to use git on android

  1. use java library jgit = "3.7.1.201504261725-r", then call it via jni-rs. clone/fetch/reset work. the version is old and tricky, and newer version just hang on android 
    3.7.1.201504261725-r, from mgit, last 3.x, work in android 7
5.13.1.202206130422-r, last 5.x, not work in android 7
6.4.0.202211300538-r not work in android 11
  2. disable cert check by modifing libgit2's code
    in libgit2-sys/libgit2/src/libgit2/streams/openssl.c, comment out these code 
    if (SSL_get_verify_result(ssl) != X509_V_OK) {
	git_error_set(GIT_ERROR_SSL, "the SSL certificate is invalid");
	return GIT_ECERTIFICATE;
}
  3. disable cert check via git2-rs's RemoteCallbacks 
    let mut callbacks = RemoteCallbacks::new();
callbacks.certificate_check(|_, _| Ok(CertificateCheckStatus::CertificateOk));
let mut fo = git2::FetchOptions::new();
fo.remote_callbacks(callbacks);
let mut builder = git2::build::RepoBuilder::new();
builder.fetch_options(fo);
let repo = builder.clone(url, input.as_ref())?;

Also reqwest with feature native-tls-vendored works on android. the key may be native-tls loads android system certs by default, this load includes conversion from pem to X509. i tried use git2-rs's set_ssl_cert_dir or set env var SSL_CERT_DIR, but no help, so may be we must load manually like native-tls
https://github.com/sfackler/rust-native-tls/blob/0b69ce6a3c4bfe973ede44f6862fc13f3f09c773/src/imp/openssl.rs#L97-L107

tkkcc added a commit to tkkcc/GameBot that referenced this issue May 5, 2024
@tkkcc
make git2 work: rust-lang/git2-rs#920
e01ae5e 
x86_64 size:
jni-rs
132K

+android_logger
892K

+reqwest      +git2
6.9M          6.1M

+git2
7.7M
tkkcc added a commit to tkkcc/GameBot that referenced this issue May 5, 2024
@tkkcc
make git2 work: rust-lang/git2-rs#920
6a771e2 
jni-rs
132K

+android_logger
892K

+reqwest(native-tls-vendored)      +git2  +reqwest(rustls) +reqwest(rustls-http2-charset)
6.9M                               6.1M   2.1M             +1.7

+git2
7.7M
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tkkcc @AuTsing @newproplus