Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Does clj-http correctly handle self-signed certificates? #376

Closed
doomchild opened this issue May 18, 2017 · 7 comments
Closed

Does clj-http correctly handle self-signed certificates? #376

doomchild opened this issue May 18, 2017 · 7 comments
Assignees

Comments

@doomchild
Copy link

@doomchild doomchild commented May 18, 2017

I've got a service that I hit in Java using a particular keystore and password. Using the same keystore and password in clj-http 3.5.0, I'm getting SunCertPathBuilderException unable to find valid certification path to requested target errors when doing a GET. The server is using a self-signed certificate, and I've seen at least one other issue in here talking about problems with those. Is that still a problem, or should I be looking somewhere else?

@dakrone

This comment has been minimized.

Copy link
Owner

@dakrone dakrone commented May 24, 2017

I believe it should handle it with the correct keystore, do you have an example I could retry to reproduce it?

@doomchild

This comment has been minimized.

Copy link
Author

@doomchild doomchild commented May 24, 2017

I don't have one right this second (my current version hits some of our internal stuff), but give me a day or two and I should be able to hack something together.

@doomchild

This comment has been minimized.

Copy link
Author

@doomchild doomchild commented May 24, 2017

Okay, it didn't take me as long as I thought it would. This is a little messy, but it shows what I'm hitting.

The server is in server.js. The PEM and KEY files were generated as a self-signed cert, and then I made a JKS file out of them as well (PEM and KEY for the node server, JKS for Clojure).

https_test.zip

If I run the server, then try to hit it with the following Clojure snippet, I get the above error.

(ns client.client
  (:require [clj-http.client :as clj]))

(defn get-client [base-url keystore keystore-pass]
  {:url base-url
   :keystore keystore
   :keystore-pass keystore-pass
   :accept :json
   })

(defn get [client]
  (clj/get (:url client) (dissoc client :url)))
@RokLenarcic

This comment has been minimized.

Copy link
Contributor

@RokLenarcic RokLenarcic commented Feb 18, 2018

Did you try adding self-signed cert to your JVM's truststore?

@dakrone

This comment has been minimized.

Copy link
Owner

@dakrone dakrone commented Feb 21, 2018

I'll look into adding documentation for how to get this set up and working.

@dakrone dakrone self-assigned this Feb 21, 2018
@dakrone dakrone closed this in 9350490 Feb 21, 2018
@dakrone

This comment has been minimized.

Copy link
Owner

@dakrone dakrone commented Feb 21, 2018

@doomchild I pushed a new file (https://github.com/dakrone/clj-http/blob/master/SSL.org) where I document how to do this, let me know if it doesn't work for you!

@doomchild

This comment has been minimized.

Copy link
Author

@doomchild doomchild commented Feb 21, 2018

Excellent. Thanks a lot!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.