Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Please how do we get Tesla to emulate -k/--insecure of curl ? #389

Closed
CharlesOkwuagwu opened this issue Jun 11, 2020 · 4 comments
Closed

Please how do we get Tesla to emulate -k/--insecure of curl ? #389

CharlesOkwuagwu opened this issue Jun 11, 2020 · 4 comments
Labels
question

Comments

@CharlesOkwuagwu
Copy link

Please how do we get Tesla to emulate -k/--insecure of curl ?

Tell libcurl to not verify the peer. With libcurl you disable this with curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);

With the curl command line tool, you disable this with -k/--insecure.

Tesla

iex> Tesla.get("https://localhost:44384/get_company_mappings/10")
[error: :econnrefused]
iex>

CURL

c:\Projects\dl                                                                                                 
λ curl -v  https://localhost:44384/get_company_mappings/10                                                     
*   Trying ::1:44384...                                                                                        
* TCP_NODELAY set                                                                                              
* Connected to localhost (::1) port 44384 (#0)                                                                 
* ALPN, offering h2                                                                                            
* ALPN, offering http/1.1                                                                                      
* successfully set certificate verify locations:                                                               
*   CAfile: C:\Tools\curl\bin\curl-ca-bundle.crt                                                               
  CApath: none                                                                                                 
* TLSv1.3 (OUT), TLS handshake, Client hello (1):                                                              
* TLSv1.3 (IN), TLS handshake, Server hello (2):                                                               
* TLSv1.2 (IN), TLS handshake, Certificate (11):                                                               
* TLSv1.2 (OUT), TLS alert, unknown CA (560):                                                                  
* SSL certificate problem: unable to get local issuer certificate                                              
* Closing connection 0                                                                                         
curl: (60) SSL certificate problem: unable to get local issuer certificate                                     
More details here: https://curl.haxx.se/docs/sslcerts.html                                                     
                                                                                                               
curl failed to verify the legitimacy of the server and therefore could not                                     
establish a secure connection to it. To learn more about this situation and                                    
how to fix it, please visit the web page mentioned above.

CURL -k

λ curl -v -k  https://localhost:44384/get_company_mappings/10                                                  
*   Trying ::1:44384...                                                                                        
* TCP_NODELAY set                                                                                              
* Connected to localhost (::1) port 44384 (#0)                                                                 
* ALPN, offering h2                                                                                            
* ALPN, offering http/1.1                                                                                      
* TLSv1.3 (OUT), TLS handshake, Client hello (1):                                                              
* TLSv1.3 (IN), TLS handshake, Server hello (2):                                                               
* TLSv1.2 (IN), TLS handshake, Certificate (11):                                                               
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):                                                       
* TLSv1.2 (IN), TLS handshake, Server finished (14):                                                           
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):                                                      
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):                                                    
* TLSv1.2 (OUT), TLS handshake, Finished (20):                                                                 
* TLSv1.2 (IN), TLS handshake, Finished (20):                                                                  
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384                                                   
* ALPN, server accepted to use h2                                                                              
* Server certificate:                                                                                          
*  subject: CN=localhost                                                                                       
*  start date: Oct 13 11:12:11 2019 GMT                                                                        
*  expire date: Oct 13 00:00:00 2024 GMT                                                                       
*  issuer: CN=localhost                                                                                        
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.              
* Using HTTP2, server supports multi-use                                                                       
* Connection state changed (HTTP/2 confirmed)                                                                  
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0                               
* Using Stream ID: 1 (easy handle 0x133fdae9130)                                                               
> GET /get_company_mappings/10 HTTP/2                                                                          
> Host: localhost:44384                                                                                        
> User-Agent: curl/7.65.0                                                                                      
> Accept: */*                                                                                                  
>                                                                                                              
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!                                                    
< HTTP/2 200                                                                                                   
< content-length: 6636                                                                                         
< content-type: application/json; charset=utf-8                                                                
< server: Microsoft-IIS/10.0                                                                                   
< x-powered-by: ASP.NET                                                                                        
< date: Thu, 11 Jun 2020 11:08:37 GMT
@chulkilee
Copy link
Contributor

chulkilee commented Jun 11, 2020
edited
Loading

It depends on the adapter.

For hackney:

{:error, {:tls_alert, {:bad_certificate, _}}} =
  Tesla.client([], Tesla.Adapter.Hackney) |> Tesla.get("https://self-signed.badssl.com/")

{:ok, %Tesla.Env{}} =
  Tesla.client([], {Tesla.Adapter.Hackney, insecure: true})
  |> Tesla.get("https://self-signed.badssl.com/")

@CharlesOkwuagwu
Copy link
Author

CharlesOkwuagwu commented Jun 11, 2020
edited
Loading

Ah, I Was using the default adapter: Tesla.Adapter.Httpc

config :tesla, :adapter, {Tesla.Adapter.Hackney, insecure: true}

Solved. @chulkilee Thanks

@chulkilee
Copy link
Contributor

@CharlesOkwuagwu if you use Httpc, by default it does not check SSL.

{:ok, %Tesla.Env{}} =
  Tesla.client([], Tesla.Adapter.Httpc) |> Tesla.get("https://self-signed.badssl.com/")

httpc_client =
  Tesla.client(
    [],
    {Tesla.Adapter.Httpc,
     ssl: [cacerts: :certifi.cacerts(), verify_fun: &:ssl_verify_hostname.verify_fun/3]}
  )

{:error, :econnrefused} = Tesla.get(httpc_client, "https://self-signed.badssl.com/")
{:ok, %Tesla.Env{}} = Tesla.get(httpc_client, "https://mozilla-modern.badssl.com/")

@teamon
Copy link
Member

teamon commented Jun 15, 2020

Thanks @chulkilee !

@teamon teamon closed this as completed Jun 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@teamon @chulkilee @CharlesOkwuagwu