Skip to content

Instantly share code, notes, and snippets.

@afpro

afpro/android_ssl.rs

Created September 29, 2021 04:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save afpro/401a8d3bc9da7bfbc4c5906cf97c0ff5 to your computer and use it in GitHub Desktop.
Save afpro/401a8d3bc9da7bfbc4c5906cf97c0ff5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
android_ssl.rs
#[cfg(target_os = "android")]
mod android {
use crate::{
exceptions::PyBaseExceptionRef, stdlib::ssl::convert_openssl_error, VirtualMachine,
};
use openssl::{
ssl::SslContextBuilder,
x509::{store::X509StoreBuilder, X509},
};
use std::{
fs::{read_dir, File},
io::Read,
path::Path,
};
static CERT_DIR: &'static str = "/system/etc/security/cacerts";
pub(super) fn load_client_ca_list(
vm: &VirtualMachine,
b: &mut SslContextBuilder,
) -> Result<(), PyBaseExceptionRef> {
let root = Path::new(CERT_DIR);
if !root.is_dir() {
return Err(vm.new_exception_msg(
vm.ctx.exceptions.file_not_found_error.clone(),
CERT_DIR.to_string(),
));
}
let mut combined_pem = String::new();
let entries =
read_dir(root).map_err(|err| vm.new_os_error(format!("read cert root: {}", err)))?;
for entry in entries {
let entry = entry.map_err(|err| vm.new_os_error(format!("iter cert root: {}", err)))?;
let path = entry.path();
if !path.is_file() {
continue;
}
File::open(&path)
.and_then(|mut file| file.read_to_string(&mut combined_pem))
.map_err(|err| {
vm.new_os_error(format!("open cert file {}: {}", path.display(), err))
})?;
combined_pem.push('\n');
}
let mut store_b = X509StoreBuilder::new().map_err(|err| convert_openssl_error(vm, err))?;
let x509_vec = X509::stack_from_pem(combined_pem.as_bytes())
.map_err(|err| convert_openssl_error(vm, err))?;
for x509 in x509_vec {
store_b
.add_cert(x509)
.map_err(|err| convert_openssl_error(vm, err))?;
}
b.set_cert_store(store_b.build());
Ok(())
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment