Can't connect to an HTTPS url that requires an SSL certificate - Githubissues

mamantoha / crest

HTTP and REST client for Crystal

https://mamantoha.github.io/crest/

MIT License

235 stars 14 forks source link

Can't connect to an HTTPS url that requires an SSL certificate #99

Closed kingsleyh closed 3 years ago

kingsleyh commented 6 years ago

trying to connect to an https url with:

Crest.get("https://url", read_timeout: 5.second)

but getting this error:

Unhandled exception: SSL_connect: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (OpenSSL::SSL::Error)

Is there a way to ignore the cert like in Curl with -k or something?

kingsleyh commented 6 years ago

I've switched back to native HTTP:Client with this workaround:

client = HTTP::Client.new("hostname", port: 8080, tls: OpenSSL::SSL::Context::Client.insecure)

looks like Crest doesn't support specifying the tls option for insecure

mamantoha commented 6 years ago

Crest doesn't have SSL/TLS support.

I workaround you can try:

http_client = HTTP::Client.new("hostname", port: 8080, tls: OpenSSL::SSL::Context::Client.insecure)
Crest.get("hostname", http_client: http_client)

mamantoha commented 6 years ago

Anyway, I'll add tls options in next release.

mamantoha commented 6 years ago

@kingsleyh can you try 0.15.0?

See https://github.com/mamantoha/crest#ssltls-support

kingsleyh commented 6 years ago

hi I still seem to get an error (although a different error now)

Unhandled exception: HTTP status code 500: Internal Server Error (Crest::InternalServerError)
  from lib/crest/src/crest/response.cr:103:7 in 'raise_exception!'
  from lib/crest/src/crest/response.cr:32:9 in 'return!'
  from lib/crest/src/crest/request.cr:203:7 in 'process_result'
  from lib/crest/src/crest/request.cr:173:7 in 'execute'
  from lib/crest/src/crest.cr:74:5 in 'exec'
  from lib/crest/src/crest.cr:45:3 in 'get:tls'
  from src/wekan-restarter.cr:4:1 in '__crystal_main'
  from /usr/local/Cellar/crystal/0.26.1/src/crystal/main.cr:97:5 in 'main_user_code'
  from /usr/local/Cellar/crystal/0.26.1/src/crystal/main.cr:86:7 in 'main'
  from /usr/local/Cellar/crystal/0.26.1/src/crystal/main.cr:106:3 in 'main'

mamantoha commented 6 years ago

Hi. I guess this error does not relate to crest.

Try to set handle_errors: false and see response body.

kingsleyh commented 6 years ago

hmm when I use Crest I get back that 500 error - but If I use direct Http client it works fine. Using this works fine:

class Url
  def self.get(url : String, read_timeout : Number = 5)
    uri = URI.parse(url)
    client = HTTP::Client.new(uri.host.not_nil!, port: uri.port, tls: OpenSSL::SSL::Context::Client.insecure)
    client.read_timeout = read_timeout
    client.get(uri.path.not_nil!)
  end
end

mamantoha commented 6 years ago

I have no idea how to reproduce this without real URL :confused:

benbonnet commented 3 years ago

@mamantoha would there be a way to specify the path of the cert file in the tls option, rathe than using OpenSSL::SSL::Context::Client.insecure ?