[Haskell-beginners] HTTPS Get Request with unverifiable certificate

Friedrich Wiemer friedrichwiemer at gmail.com
Tue Jun 11 19:56:12 CEST 2013


Adrian: yea, that would be a solution, but i looked for the changed
certificate checker, as Michael suggested.

I now have this code: http://hpaste.org/89795
which rises a "no isntance" error like this one: http://hpaste.org/80820
What do I miss?

2013/6/11 Adrian May <adrian.alexander.may at gmail.com>:
> You could always ask somebody to sign your certificate for you. Somebody
> like http://www.startcom.org. I had great support from these guys.
>
> Adrian.
>
> On 11 Jun 2013 22:26, "Michael Snoyman" <michael at snoyman.com> wrote:
>>
>> You have to override managerCheckCerts[1] when creating your manager. It
>> would look something like:
>>
>>
>> do
>>     manager <- newManager def { managerCheckCerts = yourChecker }
>>     httpLbs req manager
>>
>> yourChecker _ _ _ = return CertificateUsageAccept
>>
>> Which would allow any certificate.
>>
>> [1]
>> http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTTP-Conduit.html#v:managerCheckCerts
>>
>>
>> On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer
>> <friedrichwiemer at gmail.com> wrote:
>>>
>>> edit:
>>> if I change the the url from "https://servers-ip/" to
>>> "https://servers-FQDN/" the error changes to:
>>> >*** Exception: TlsException (HandshakeFailed (Error_Protocol
>>> > ("certificate has unknown CA",True,UnknownCa)))
>>>
>>> so the self-signed certificate causes the error.
>>> How can I tell Network.HTTP.Conduit to accept unknown CA's certificates?
>>>
>>> 2013/6/11 Friedrich Wiemer <friedrichwiemer at gmail.com>:
>>> > Hey,
>>> >
>>> > I'm trying to send a HTTPS-Get Request to a private server, which has
>>> > a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit
>>> > and this code-snipped:
>>> >
>>> >> myGetRequest url = do
>>> >>  req <- parseUrl url
>>> >>  return $ req {secure = True}
>>> >>
>>> >> *Main Network.HTTP.Conduit> myGetRequest "https://my.private.server"
>>> >> >>= (\x -> withManager (httpLbs x))
>>> > which results in
>>> >> *** Exception: TlsException (HandshakeFailed (Error_Protocol
>>> >> ("certificate rejected: FQDN do not match this
>>> >> certificate",True,CertificateUnknown)))
>>> >
>>> > I guess that's due to the unverifiable, self-signed certificate? Can I
>>> > disable the test or accept my certificate?
>>> >
>>> > Thanks in advance!
>>> > Friedrich
>>>
>>> _______________________________________________
>>> Beginners mailing list
>>> Beginners at haskell.org
>>> http://www.haskell.org/mailman/listinfo/beginners
>>
>>
>>
>> _______________________________________________
>> Beginners mailing list
>> Beginners at haskell.org
>> http://www.haskell.org/mailman/listinfo/beginners
>>
>
> _______________________________________________
> Beginners mailing list
> Beginners at haskell.org
> http://www.haskell.org/mailman/listinfo/beginners
>



More information about the Beginners mailing list