Re: HTTP GET with SSL and Self-Signed Certificates
1,284 views
Skip to first unread message
Pent
Aug 8, 2012, 2:16:36 AM8/8/12
to Tasker
> errors? I tried adding the certificate to the built-in trusted store in
> Jelly Bean, but that didn't seem to do anything. Even the browser still
> threw an error so I'm guessing the trust store only works for WiFi/VPN
> certs.
Did you reboot after that ?
Pent
Ryan
Aug 8, 2012, 11:23:28 AM8/8/12
to tas...@googlegroups.com
Yeah, I did try to reboot, and unfortunately it didn't make a difference.
Pent
Aug 8, 2012, 12:36:40 PM8/8/12
to Tasker
> Yeah, I did try to reboot, and unfortunately it didn't make a difference.
I'll add a parameter after the next release.
Pent
Vladimir Oz
Oct 19, 2012, 2:02:34 AM10/19/12
to tas...@googlegroups.com
+100500 support for HTTP digest auth
Pent
Nov 25, 2012, 10:42:28 AM11/25/12
to Tasker
Regards the OP problem: thinking about this further, what's the point
of using HTTPS if you're going to ignore certificate errors ?
Pent
of using HTTPS if you're going to ignore certificate errors ?
Pent
Scott Miller
Nov 25, 2012, 11:23:31 AM11/25/12
to tas...@googlegroups.com
> Regards the OP problem: thinking about this further, what's the point
> of using HTTPS if you're going to ignore certificate errors ?
I can think of a few reasons. If the root CA is trusted by the user, but the root cert is not installed on the device, the encryption is still valid, but an error would occur. The same holds true if the cert is expired, or if it is a self signed cert. Certainly it increases the risk, but if the user is comfortable with those risks, it's still better to use https instead of http.
Pent
Nov 25, 2012, 12:57:29 PM11/25/12
to Tasker
Right, true.
Looking at the code, it's not as trivial to implement as I had
expected and so won't be in a coming-soon release, sorry.
However, it remains at higher-than-most-other-things priority.
Pent
Looking at the code, it's not as trivial to implement as I had
expected and so won't be in a coming-soon release, sorry.
However, it remains at higher-than-most-other-things priority.
Pent
Ryan
Dec 5, 2012, 1:44:53 PM12/5/12
to tas...@googlegroups.com
Thanks for the update Pent. I'm using this for my home automation system, and so I want the password to be encrypted. Interestingly I just saw a post from someone using the same system as me, but they seem to be fine using HTTP despite the fact that their username/password could easily be sniffed out:
It sounds like the developer of one of the popular apps to manage the home automation system is looking to add Tasker integration, which would solve this issue.
Chris Lawrence
Mar 14, 2013, 6:18:36 PM3/14/13
to tas...@googlegroups.com
Hi All,
On Wednesday, August 8, 2012 12:19:12 AM UTC-5, Ryan wrote:
I am doing just exactly this without any issue. I use the 3rd party HTTP GET plugin for tasker rather than the built-in, and it works great with my self-signed cert. It is a home-grown web interface to interact with my windows based HA system (Home Control Assistant, best bang for the buck option IMHO :)).
Anyways, the web interface sits behind Apache with a self-signed cert, embedding the user:pass@ in the URL with the plugin works fine.
On Wednesday, August 8, 2012 12:19:12 AM UTC-5, Ryan wrote:
I love this app, and I was trying to configure an HTTP GET action using SSL and noticed that it doesn't play too nice with self-signed/untrusted certificates. This is the error I get:"Input/Output error for https://example.com/blah: javax.net.ssl.SSLHandshakeException: java.security.cert. CertPathValidatorException: Trust anchor for certification path not found..."I'm using a self-signed certificate so I wasn't all that surprised to see the error, but was hoping that maybe you could add an option to the HTTP GET (and probably HTTP POST, too) to be able to ignore any certificate errors? I tried adding the certificate to the built-in trusted store in Jelly Bean, but that didn't seem to do anything. Even the browser still threw an error so I'm guessing the trust store only works for WiFi/VPN certs.I'm using the latest Beta so I'm open to test out any changes if you consider incorporating this.
Ryan
Mar 16, 2013, 1:41:14 AM3/16/13
to tas...@googlegroups.com
I'd be curious to know what plugin you are using. I ended up taking a different approach. I downloaded cURL for Android, and then set Tasker to run a shell script like this:
curl https://example.com/test --insecure
The key here is the "--insecure" flag which tells cURL to ignore the SSL certificate warning.
Chris Lawrence
Mar 16, 2013, 11:28:10 AM3/16/13
to tas...@googlegroups.com
Apologies for not being more specific, I was in a rush walking out the door to lunch while at work when I posted that, wasn't thinking clearly. :)
The plugin has changed its name a few times I think, I recall it being called "HTTP POST", but its now called "HTTP Poster and Locale Plugin" - however once installed, inside Tasker's plugin section, its called "HTTP Post" still.
URL to the play store link is: https://play.google.com/store/apps/details?id=com.steelgirder.LocaleSendEmailPlugin#?t=W251bGwsMSwxLDIxMiwiY29tLnN0ZWVsZ2lyZGVyLkxvY2FsZVNlbmRFbWFpbFBsdWdpbiJd
Again, seems to do the trick for me with self-signed certs. I've been using it since I started using Tasker (about a year ago) without incident. I actually *like* how you did it better as I'm a sysadmin by trade (so it appeals to the nerd in me ;)), but if you're interested in making a built-in plugin with a GUI work for you, try HTTP Post, it seems to work for me. Heck just try and get a test done within the 15 minutes you can always get a refund if it doesn't do what you're trying to do.
Wietse van Buitenen
Mar 16, 2013, 3:36:54 PM3/16/13
to tas...@googlegroups.com
didn't know there's finally a binary of cURL out for Android, been looking for this over a year ago and then it wasn't available..
thanks for the link :)
Ivaylo Kalatchev
Jun 14, 2013, 2:08:22 PM6/14/13
to tas...@googlegroups.com
Chris - thanks for the tip!
I was having the same trouble with the self-signed certificate doing HTTP Post inside Tasker and the "HTTP Poster and Locale Plugin" plugin solved the problem!
Paul
Dec 29, 2013, 5:58:01 AM12/29/13
to tas...@googlegroups.com
Did anyone get this to work for https get? I get a successful toast message using the HTTP Poster plugin but I got no way to retrieve the data? Is it stored in some variable I am missing?
Op woensdag 8 augustus 2012 07:19:12 UTC+2 schreef Ryan:
Op woensdag 8 augustus 2012 07:19:12 UTC+2 schreef Ryan:
Pent
Dec 31, 2013, 6:08:09 AM12/31/13
to tas...@googlegroups.com
Addressing the OP: I've added a parameter to HTTP Get/Post for the next version to ignore Anchor errors.
At the moment I'm just catching the exception and continuing. It could be I'll need to do something a bit deeper,
let me know if it works. Probably you'll get a different exception.
Pent
At the moment I'm just catching the exception and continuing. It could be I'll need to do something a bit deeper,
let me know if it works. Probably you'll get a different exception.
Pent
Keith Lawrence
Apr 2, 2014, 6:56:23 PM4/2/14
to tas...@googlegroups.com
Would love to have this feature so that I can connect to my trusted but uncertified home automation system - can't see it in the latest version though, did it go out with the previous update?
(Have also tried the HTTP Poster and Locale plug-in, but it doesn't seem to skip the unknown cert errors either)
Cheers,
Keith
Pent
Apr 3, 2014, 1:33:30 AM4/3/14
to tas...@googlegroups.com
I expect to publish it in a few days.
Pent
Pent
Reply all
Reply to author
Forward
0 new messages