HTTPS Get Request with unverifiable certificate

newer
Haskell for Programmers Workshop:...

Friedrich Wiemer

11 Jun 2013 11 Jun '13

10 a.m.

Hey, I'm trying to send a HTTPS-Get Request to a private server, which has a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit and this code-snipped:

...

myGetRequest url = do req <- parseUrl url return $ req {secure = True}

*Main Network.HTTP.Conduit> myGetRequest "https://my.private.server" >>= (\x -> withManager (httpLbs x)) which results in *** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate rejected: FQDN do not match this certificate",True,CertificateUnknown)))

I guess that's due to the unverifiable, self-signed certificate? Can I disable the test or accept my certificate? Thanks in advance! Friedrich

Show replies by date

Friedrich Wiemer

11 Jun 11 Jun

10:19 a.m.

New subject: HTTPS Get Request with unverifiable certificate

edit: if I change the the url from "https://servers-ip/" to "https://servers-FQDN/" the error changes to:

...

*** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)))

so the self-signed certificate causes the error. How can I tell Network.HTTP.Conduit to accept unknown CA's certificates? 2013/6/11 Friedrich Wiemer :

...

Hey,

I'm trying to send a HTTPS-Get Request to a private server, which has a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit and this code-snipped:

...
myGetRequest url = do req <- parseUrl url return $ req {secure = True}

*Main Network.HTTP.Conduit> myGetRequest "https://my.private.server" >>= (\x -> withManager (httpLbs x)) which results in *** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate rejected: FQDN do not match this certificate",True,CertificateUnknown)))

I guess that's due to the unverifiable, self-signed certificate? Can I disable the test or accept my certificate?

Thanks in advance! Friedrich

Michael Snoyman

10:23 a.m.

New subject: HTTPS Get Request with unverifiable certificate

You have to override managerCheckCerts[1] when creating your manager. It would look something like: do manager <- newManager def { managerCheckCerts = yourChecker } httpLbs req manager yourChecker _ _ _ = return CertificateUsageAccept Which would allow any certificate. [1] http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTT... On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer

...

wrote:

...

edit: if I change the the url from "https://servers-ip/" to "https://servers-FQDN/" the error changes to:

...
*** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)))

so the self-signed certificate causes the error. How can I tell Network.HTTP.Conduit to accept unknown CA's certificates?

2013/6/11 Friedrich Wiemer :

...
Hey,

I'm trying to send a HTTPS-Get Request to a private server, which has a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit and this code-snipped:

...
myGetRequest url = do req <- parseUrl url return $ req {secure = True}

*Main Network.HTTP.Conduit> myGetRequest "https://my.private.server" = (\x -> withManager (httpLbs x)) which results in *** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate rejected: FQDN do not match this certificate",True,CertificateUnknown)))

I guess that's due to the unverifiable, self-signed certificate? Can I disable the test or accept my certificate?

Thanks in advance! Friedrich

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

Adrian May

10:46 a.m.

New subject: HTTPS Get Request with unverifiable certificate

You could always ask somebody to sign your certificate for you. Somebody like http://www.startcom.org. I had great support from these guys. Adrian. On 11 Jun 2013 22:26, "Michael Snoyman" wrote:

...

You have to override managerCheckCerts[1] when creating your manager. It would look something like:

do manager <- newManager def { managerCheckCerts = yourChecker } httpLbs req manager

yourChecker _ _ _ = return CertificateUsageAccept

Which would allow any certificate.

[1] http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTT...

On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer < friedrichwiemer@gmail.com> wrote:

...
edit: if I change the the url from "https://servers-ip/" to "https://servers-FQDN/" the error changes to:

...
*** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)))

so the self-signed certificate causes the error. How can I tell Network.HTTP.Conduit to accept unknown CA's certificates?

2013/6/11 Friedrich Wiemer :

...
Hey,

I'm trying to send a HTTPS-Get Request to a private server, which has a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit and this code-snipped:

...
myGetRequest url = do req <- parseUrl url return $ req {secure = True}

*Main Network.HTTP.Conduit> myGetRequest "https://my.private.server" = (\x -> withManager (httpLbs x)) which results in *** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate rejected: FQDN do not match this certificate",True,CertificateUnknown)))

I guess that's due to the unverifiable, self-signed certificate? Can I disable the test or accept my certificate?

Thanks in advance! Friedrich

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

Friedrich Wiemer

1:56 p.m.

New subject: HTTPS Get Request with unverifiable certificate

Adrian: yea, that would be a solution, but i looked for the changed certificate checker, as Michael suggested. I now have this code: http://hpaste.org/89795 which rises a "no isntance" error like this one: http://hpaste.org/80820 What do I miss? 2013/6/11 Adrian May :

...

You could always ask somebody to sign your certificate for you. Somebody like http://www.startcom.org. I had great support from these guys.

Adrian.

On 11 Jun 2013 22:26, "Michael Snoyman" wrote:

...
You have to override managerCheckCerts[1] when creating your manager. It would look something like:

do manager <- newManager def { managerCheckCerts = yourChecker } httpLbs req manager

yourChecker _ _ _ = return CertificateUsageAccept

Which would allow any certificate.

[1] http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTT...

On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer wrote:

...
edit: if I change the the url from "https://servers-ip/" to "https://servers-FQDN/" the error changes to:

...
*** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)))

so the self-signed certificate causes the error. How can I tell Network.HTTP.Conduit to accept unknown CA's certificates?

2013/6/11 Friedrich Wiemer :

...
Hey,

I'm trying to send a HTTPS-Get Request to a private server, which has a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit and this code-snipped:

...
myGetRequest url = do req <- parseUrl url return $ req {secure = True}

*Main Network.HTTP.Conduit> myGetRequest "https://my.private.server"

...
>= (\x -> withManager (httpLbs x)) which results in *** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate rejected: FQDN do not match this certificate",True,CertificateUnknown)))

I guess that's due to the unverifiable, self-signed certificate? Can I disable the test or accept my certificate?

Thanks in advance! Friedrich

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

Michael Snoyman

10:29 p.m.

New subject: HTTPS Get Request with unverifiable certificate

You need to use runResourceT before your do-block. On Tue, Jun 11, 2013 at 8:56 PM, Friedrich Wiemer

...

wrote:

...

Adrian: yea, that would be a solution, but i looked for the changed certificate checker, as Michael suggested.

I now have this code: http://hpaste.org/89795 which rises a "no isntance" error like this one: http://hpaste.org/80820 What do I miss?

2013/6/11 Adrian May :

...
You could always ask somebody to sign your certificate for you. Somebody like http://www.startcom.org. I had great support from these guys.

Adrian.

On 11 Jun 2013 22:26, "Michael Snoyman" wrote:

...
You have to override managerCheckCerts[1] when creating your manager. It would look something like:

do manager <- newManager def { managerCheckCerts = yourChecker } httpLbs req manager

yourChecker _ _ _ = return CertificateUsageAccept

Which would allow any certificate.

[1]

http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTT...

...
On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer wrote:

...
edit: if I change the the url from "https://servers-ip/" to "https://servers-FQDN/" the error changes to:

...
*** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)))

so the self-signed certificate causes the error. How can I tell Network.HTTP.Conduit to accept unknown CA's

certificates?

...
...
2013/6/11 Friedrich Wiemer :

...
Hey,

I'm trying to send a HTTPS-Get Request to a private server, which has a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit and this code-snipped:

...
myGetRequest url = do req <- parseUrl url return $ req {secure = True}

*Main Network.HTTP.Conduit> myGetRequest "https://my.private.server

"

...
...
...
>>= (\x -> withManager (httpLbs x)) which results in *** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate rejected: FQDN do not match this certificate",True,CertificateUnknown)))

I guess that's due to the unverifiable, self-signed certificate? Can I disable the test or accept my certificate?

Thanks in advance! Friedrich

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

Friedrich Wiemer

12 Jun 12 Jun

3:24 a.m.

New subject: HTTPS Get Request with unverifiable certificate

Great, thanks! 2013/6/12 Michael Snoyman :

...

You need to use runResourceT before your do-block.

On Tue, Jun 11, 2013 at 8:56 PM, Friedrich Wiemer wrote:

...
Adrian: yea, that would be a solution, but i looked for the changed certificate checker, as Michael suggested.

I now have this code: http://hpaste.org/89795 which rises a "no isntance" error like this one: http://hpaste.org/80820 What do I miss?

2013/6/11 Adrian May :

...
You could always ask somebody to sign your certificate for you. Somebody like http://www.startcom.org. I had great support from these guys.

Adrian.

On 11 Jun 2013 22:26, "Michael Snoyman" wrote:

...
You have to override managerCheckCerts[1] when creating your manager. It would look something like:

do manager <- newManager def { managerCheckCerts = yourChecker } httpLbs req manager

yourChecker _ _ _ = return CertificateUsageAccept

Which would allow any certificate.

[1]

http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTT...

On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer wrote:

...
edit: if I change the the url from "https://servers-ip/" to "https://servers-FQDN/" the error changes to:

...
*** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate has unknown CA",True,UnknownCa)))

so the self-signed certificate causes the error. How can I tell Network.HTTP.Conduit to accept unknown CA's certificates?

2013/6/11 Friedrich Wiemer :

...
Hey,

I'm trying to send a HTTPS-Get Request to a private server, which has a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit and this code-snipped:

> myGetRequest url = do > req <- parseUrl url > return $ req {secure = True} > > *Main Network.HTTP.Conduit> myGetRequest > "https://my.private.server" > >>= (\x -> withManager (httpLbs x)) which results in > *** Exception: TlsException (HandshakeFailed (Error_Protocol > ("certificate rejected: FQDN do not match this > certificate",True,CertificateUnknown)))

I guess that's due to the unverifiable, self-signed certificate? Can I disable the test or accept my certificate?

Thanks in advance! Friedrich

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

_______________________________________________ Beginners mailing list Beginners@haskell.org http://www.haskell.org/mailman/listinfo/beginners

4360

Age (days ago)

4361

Last active (days ago)

List overview

Download

6 comments

3 participants

participants (3)

Adrian May
Friedrich Wiemer
Michael Snoyman