No TLS/SSL CA verify

[jmwilkinson]

Req appears to rely on Finch, which in turn relies on Mint.

Within this chain of dependencies, it is unclear how to ignore TLS/SSL verification.

Being able to run insecure HTTPS requests is an important step of prototyping and early development, before official TLS certs etc. have been procured. It would be very useful to know how to do this within req.

[wojtekmach]

Thank you for the report. It's this:

Req.get!(
  "https://self-signed.badssl.com",
  connect_options: [transport_opts: [verify: :verify_none]]
)

The place to document this would be run_finch step. We have a few usage examples and we could add this one. WDYT?

[jmwilkinson]

I think that would be useful, especially if there are enough keywords in the docs that someone searching would be able to find that section.

Currently, even if you know you need to look under connect_options and then under transport_opts and then follow the link to Mint docs, mint doesn't even call out :verify_none as an option... it just says:

:verify - defaults to :verify_peer. May be overridden by the caller.

The option can be inferred by reading the docs of the following option.

So yes, I think adding that would help substantially. Thank you for the rapid response!

[jmwilkinson]

I would also add, a few of the keywords that could help for those searching might be: tls, ssl, verify, insecure, and perhaps CA. Hopefully this github issue will also enhance visibility.

[wojtekmach]

@jmwilkinson Agreed. A PR would be appreciated!