Closed meiremans closed 5 years ago
There currently isn't, but I agree that seems reasonable. I'm ok skipping this check by default, and adding an option to actually perform the check.
@meiremans I should be able to look into this within a week or so (i'm a bit busy with the holidays). If you want to open up a PR for this change sooner than that, it shouldn't be a large change to just disable this by default. I'd be happy to merge :)
I have looked into it. It is my first time ever looking at Haskell code :) I cannot seem to find where I can add it. :(
ah for sure :) i took a look too. not completely trivial actually, involves adding a new dependency to override the request manager.
i'll add this feature when i have time but it won't be immediately, hope that's ok
ah for sure :) i took a look too. not completely trivial actually, involves adding a new dependency to override the request manager.
i'll add this feature when i have time but it won't be immediately, hope that's ok
Hi @aviaviavi Is there by any chance an update on this in the near future?
I have a workaround so no problem, but it would be nice to know if I need to mark the workaround as permanent or keep it as "temporary" workaround.
Hi @meiremans. Thanks for the reminder. I had most of the solution coded up already, and just had some time to get a PR open for this. Are you able to build curl-runnings yourself to test that it works for you? the branch is skip-tls-check. things look ok from my end but i'd like to verify this actually solves your problem before i merge this change. i don't have a self signed cert to test with at the moment.
You'd simply need to clone curl runnings, download stack, then:
cd curl-runnings
stack install
~/.local/bin/curl-runnings -f <your_file>
Hi @aviaviavi Thank you for your effort
however, if you run it with your command it still gives
(InternalException (HandshakeFailed (Error_Protocol ("certificate rejected: [SelfSigned]",True,CertificateUnknown))))
So I tried something like
~/.local/bin/curl-runnings -f test.yml --skip_tls_check
doesn't work either. Can you give the correct argument?
On a sidenote. If you want to test. I quickly spun up a host reachable on https://curlrunnings.ab-it.io/
It will just give you a 502 Bad Gateway error but with a self signed certificate
oh sorry i left the most important flag out of my example!
~/.local/bin/curl-runnings -f test.yml --skip-tls-check
(or -s
) seems to work for me when i hit your URL, https://curlrunnings.ab-it.io/. thanks for putting that url up.
let me know if that works for you
cc @meiremans, forgot to @ you in the previous comment for notification purposes
Hi Sorry for the late reply!
Seems to work. Thank you!
Hi Is there a way to activate the -k option in curl? My certificate is self signed and tests will fail. (Yes I can also download the CA, but I prefer not to keep testing as simple as possible)
I think it will be easier for everybody to skip certificate checks by default in curl-runnings because certificate issues are not problems that should be caught while using curl-runnings?
Or give an option eg --self-signed to allow self signed certificates if you don't agree with the statement above.