aviaviavi / curl-runnings

A declarative test framework for quickly and easily writing integration tests against JSON APIs.
MIT License
158 stars 13 forks source link

Skip certificate check #37

Closed meiremans closed 5 years ago

meiremans commented 5 years ago

Hi Is there a way to activate the -k option in curl? My certificate is self signed and tests will fail. (Yes I can also download the CA, but I prefer not to keep testing as simple as possible)

I think it will be easier for everybody to skip certificate checks by default in curl-runnings because certificate issues are not problems that should be caught while using curl-runnings?

Or give an option eg --self-signed to allow self signed certificates if you don't agree with the statement above.

aviaviavi commented 5 years ago

There currently isn't, but I agree that seems reasonable. I'm ok skipping this check by default, and adding an option to actually perform the check.

aviaviavi commented 5 years ago

@meiremans I should be able to look into this within a week or so (i'm a bit busy with the holidays). If you want to open up a PR for this change sooner than that, it shouldn't be a large change to just disable this by default. I'd be happy to merge :)

meiremans commented 5 years ago

I have looked into it. It is my first time ever looking at Haskell code :) I cannot seem to find where I can add it. :(

aviaviavi commented 5 years ago

ah for sure :) i took a look too. not completely trivial actually, involves adding a new dependency to override the request manager.

i'll add this feature when i have time but it won't be immediately, hope that's ok

meiremans commented 5 years ago

ah for sure :) i took a look too. not completely trivial actually, involves adding a new dependency to override the request manager.

i'll add this feature when i have time but it won't be immediately, hope that's ok

Hi @aviaviavi Is there by any chance an update on this in the near future?

I have a workaround so no problem, but it would be nice to know if I need to mark the workaround as permanent or keep it as "temporary" workaround.

aviaviavi commented 5 years ago

Hi @meiremans. Thanks for the reminder. I had most of the solution coded up already, and just had some time to get a PR open for this. Are you able to build curl-runnings yourself to test that it works for you? the branch is skip-tls-check. things look ok from my end but i'd like to verify this actually solves your problem before i merge this change. i don't have a self signed cert to test with at the moment.

You'd simply need to clone curl runnings, download stack, then:

cd curl-runnings
stack install
~/.local/bin/curl-runnings -f <your_file>
meiremans commented 5 years ago

Hi @aviaviavi Thank you for your effort however, if you run it with your command it still gives (InternalException (HandshakeFailed (Error_Protocol ("certificate rejected: [SelfSigned]",True,CertificateUnknown))))

So I tried something like ~/.local/bin/curl-runnings -f test.yml --skip_tls_check

doesn't work either. Can you give the correct argument?

On a sidenote. If you want to test. I quickly spun up a host reachable on https://curlrunnings.ab-it.io/

It will just give you a 502 Bad Gateway error but with a self signed certificate

aviaviavi commented 5 years ago

oh sorry i left the most important flag out of my example!

~/.local/bin/curl-runnings -f test.yml --skip-tls-check (or -s) seems to work for me when i hit your URL, https://curlrunnings.ab-it.io/. thanks for putting that url up.

let me know if that works for you

aviaviavi commented 5 years ago

cc @meiremans, forgot to @ you in the previous comment for notification purposes

meiremans commented 5 years ago

Hi Sorry for the late reply!

Seems to work. Thank you!