Skip to content

Add Android certificate paths to CURL_CA_PATH #5283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
marcprux wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add Android certificate paths to CURL_CA_PATH #5283

marcprux wants to merge 1 commit into from
+19 −0

Conversation

@marcprux
Copy link

@marcprux marcprux commented Oct 31, 2025

On Android devices, there is not single aggregate .cer file we can set with CFURLSessionInfoCAINFO, but rather a system managed folder that needs to be specified with CFURLSessionOptionCAPATH. This is similar to how swift-nio handles it (apple/swift-nio-ssl#453).

This is a better solution than #5163, so I'll close that in favor of this.

It only affects Android codepaths, so this change should be low-risk.

@marcprux marcprux mentioned this pull request Oct 31, 2025
Closed
@zhenchaoli zhenchaoli requested a review from compnerd November 5, 2025 20:26
@marcprux marcprux moved this to In Progress in Swift on Android Dec 27, 2025
marcprux added a commit to swift-android-sdk/swift-docker that referenced this pull request Dec 27, 2025
@marcprux
Try applying patch for swiftlang/swift-corelibs-foundation#5283
150af98
@marcprux
Copy link
Author

marcprux commented Dec 29, 2025

Can I get someone to take a look at this, maybe @compnerd or @parkera?

compnerd
compnerd reviewed Dec 31, 2025
View reviewed changes
Sources/FoundationNetworking/URLSession/libcurl/EasyHandle.swift
isDirectory: &isDirectory)
&& isDirectory.boolValue {
path.withCString { pathPtr in
try! CFURLSession_easy_setopt_ptr(rawHandle, CFURLSessionOptionCAPATH, UnsafeMutablePointer(mutating: pathPtr)).asError()
Copy link
Member

@compnerd compnerd Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is try! safe here? Why is the result of .asError being ignored? In particular, it seems that we are losing failure information.

Copy link
Author

@marcprux marcprux Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's just the convention I observed from every other call to CFURLSesson_easy* functions in this file. They all follow the same pattern.

Copy link
Member

@compnerd compnerd Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that we should understand the error handling here, else we can do something like:

do {
  try CFURLSession_easy_setopt_ptr(rawHandle, CFURLSessionOptionCAPATH, UnsafeMutablePointer(mutating: pathPatr)).asError()
} catch let error {
  fatalError(error.message)
}

Copy link
Author

@marcprux marcprux Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This exact pattern is followed 50 other times in this file, and is the documented way to handle errors:

swift-corelibs-foundation/Sources/FoundationNetworking/URLSession/URLSession.swift

Lines 109 to 125 in 8c60d6b

/// ## Error Handling
///
/// Most libcurl functions either return a `CURLcode` or `CURLMcode` which
/// are represented in Swift as `CFURLSessionEasyCode` and
/// `CFURLSessionMultiCode` respectively. We turn these functions into throwing
/// functions by appending `.asError()` onto their calls. This turns the error
/// code into `Void` but throws the error if it's not `.OK` / zero.
///
/// This is combined with `try!` is almost all places, because such an error
/// indicates a programming error. Hence the pattern used in this code is
///
/// ```
/// try! someFunction().asError()
/// ```
///
/// where `someFunction()` is a function that returns a `CFURLSessionEasyCode`.
///

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@compnerd compnerd compnerd left review comments

@zhenchaoli zhenchaoli Awaiting requested review from zhenchaoli

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Swift on Android
Status: In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@marcprux @compnerd