search

httprb / http

HTTP (The Gem! a.k.a. http.rb) - a fast Ruby HTTP client with a chainable API, streaming support, and timeouts
MIT License
3.01k stars 321 forks source link

Is OpenSSL::SSL::VERIFY_NONE chainable? #655

Closed c2ofh closed 3 years ago

c2ofh commented 3 years ago

We have a RestAPI wrapper for all Apis with http.rb included.

The HTTP request is composed depending on what the API needs or requires.

Now there is one API where we need to disable the SSL Verify. Can this be included in the generic HTTP object?

 def http(headers = {})
    http = HTTP.headers(__request_params.merge(headers)).timeout(timeout)
    http = http.follow if __request_follow == :follow
    http = http.cookies(__rest_cookies) if __rest_cookies
    http = http.basic_auth(__rest_basic_auth) if __rest_basic_auth
    http
  end

  def get(url = '', headers = {})
    request do
      http(headers).get("#{@rest_url_base}#{url}", params: __rest_query)
    end
  end

  ...

I would like to add this as option within the http-method or is it needed to append it to the get like this?

  def ssl_context
    return unless  __rest_sll_verify_none

    ctx = OpenSSL::SSL::SSLContext.new
    ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
    ctx
  end

  def get(url = '', headers = {})
    request do
      http(headers).get("#{@rest_url_base}#{url}", params: __rest_query, ssl_context: ssl_context)
    end
  end
tarcieri commented 3 years ago

I'm unclear what you are asking here. Note that we do not recommend setting OpenSSL::SSL::VERIFY_NONE.

marckohlbrugge commented 2 years ago

For anyone else with the same question, here's a workaround to "chain" the SSL context:

options = if use_insecure_mode?
  HTTP::Options.new(ssl: { verify_mode: OpenSSL::SSL::VERIFY_NONE })
else
  HTTP::Options.new
end

http = HTTP::Client.new(options)
http.get("https://untrusted-root.badssl.com").to_s