[Haskell-beginners] HTTPS Get Request with unverifiable certificate

Michael Snoyman michael at snoyman.com
Wed Jun 12 04:29:50 CEST 2013


You need to use runResourceT before your do-block.


On Tue, Jun 11, 2013 at 8:56 PM, Friedrich Wiemer <friedrichwiemer at gmail.com
> wrote:

> Adrian: yea, that would be a solution, but i looked for the changed
> certificate checker, as Michael suggested.
>
> I now have this code: http://hpaste.org/89795
> which rises a "no isntance" error like this one: http://hpaste.org/80820
> What do I miss?
>
> 2013/6/11 Adrian May <adrian.alexander.may at gmail.com>:
> > You could always ask somebody to sign your certificate for you. Somebody
> > like http://www.startcom.org. I had great support from these guys.
> >
> > Adrian.
> >
> > On 11 Jun 2013 22:26, "Michael Snoyman" <michael at snoyman.com> wrote:
> >>
> >> You have to override managerCheckCerts[1] when creating your manager. It
> >> would look something like:
> >>
> >>
> >> do
> >>     manager <- newManager def { managerCheckCerts = yourChecker }
> >>     httpLbs req manager
> >>
> >> yourChecker _ _ _ = return CertificateUsageAccept
> >>
> >> Which would allow any certificate.
> >>
> >> [1]
> >>
> http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTTP-Conduit.html#v:managerCheckCerts
> >>
> >>
> >> On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer
> >> <friedrichwiemer at gmail.com> wrote:
> >>>
> >>> edit:
> >>> if I change the the url from "https://servers-ip/" to
> >>> "https://servers-FQDN/" the error changes to:
> >>> >*** Exception: TlsException (HandshakeFailed (Error_Protocol
> >>> > ("certificate has unknown CA",True,UnknownCa)))
> >>>
> >>> so the self-signed certificate causes the error.
> >>> How can I tell Network.HTTP.Conduit to accept unknown CA's
> certificates?
> >>>
> >>> 2013/6/11 Friedrich Wiemer <friedrichwiemer at gmail.com>:
> >>> > Hey,
> >>> >
> >>> > I'm trying to send a HTTPS-Get Request to a private server, which has
> >>> > a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit
> >>> > and this code-snipped:
> >>> >
> >>> >> myGetRequest url = do
> >>> >>  req <- parseUrl url
> >>> >>  return $ req {secure = True}
> >>> >>
> >>> >> *Main Network.HTTP.Conduit> myGetRequest "https://my.private.server
> "
> >>> >> >>= (\x -> withManager (httpLbs x))
> >>> > which results in
> >>> >> *** Exception: TlsException (HandshakeFailed (Error_Protocol
> >>> >> ("certificate rejected: FQDN do not match this
> >>> >> certificate",True,CertificateUnknown)))
> >>> >
> >>> > I guess that's due to the unverifiable, self-signed certificate? Can
> I
> >>> > disable the test or accept my certificate?
> >>> >
> >>> > Thanks in advance!
> >>> > Friedrich
> >>>
> >>> _______________________________________________
> >>> Beginners mailing list
> >>> Beginners at haskell.org
> >>> http://www.haskell.org/mailman/listinfo/beginners
> >>
> >>
> >>
> >> _______________________________________________
> >> Beginners mailing list
> >> Beginners at haskell.org
> >> http://www.haskell.org/mailman/listinfo/beginners
> >>
> >
> > _______________________________________________
> > Beginners mailing list
> > Beginners at haskell.org
> > http://www.haskell.org/mailman/listinfo/beginners
> >
>
> _______________________________________________
> Beginners mailing list
> Beginners at haskell.org
> http://www.haskell.org/mailman/listinfo/beginners
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/beginners/attachments/20130612/cc385d6c/attachment-0001.htm>


More information about the Beginners mailing list