{verify, verify_peer} warning or error
2,055 views
Skip to first unread message
pablo platt
Sep 10, 2021, 10:18:19 AM9/10/21
to erlang questions
Hi,
When I'm sending a request to content.googleapis.com without the verify ssl option I'm getting a warning:
Description: "Authenticity is not established by certificate path validation"
Reason: "Option {verify, verify_peer} and cacertfile/cacerts is missing"
Reason: "Option {verify, verify_peer} and cacertfile/cacerts is missing"
When I'm adding the verify_peer option I'm getting an error:
Url = "https://content.googleapis.com/youtube/v3/videos",
httpc:request(get,
{Url, []},
[{ssl, [{verify, verify_peer}]}],
[]).
httpc:request(get,
{Url, []},
[{ssl, [{verify, verify_peer}]}],
[]).
{error,{failed_connect,[{to_address,{"content.googleapis.com",
443}},
{inet,[inet],{options,{cacertfile,[]}}}]}}
443}},
{inet,[inet],{options,{cacertfile,[]}}}]}}
What is the correct way to send the request?
Thanks
Bram Verburg
Sep 10, 2021, 10:26:48 AM9/10/21
to pablo platt, erlang questions
This should help you get going making HTTPS requests using httpc:
pablo platt
Sep 10, 2021, 10:42:01 AM9/10/21
to Bram Verburg, erlang questions
Thanks. This works:
{Url, []},
[{ssl, [
{verify, verify_peer},
{cacertfile, "/etc/ssl/certs/ca-certificates.crt"},
{depth, 3},
{customize_hostname_check, [
{match_fun, public_key:pkix_verify_hostname_match_fun(https)}
]}]}
],
{depth, 3},
{customize_hostname_check, [
{match_fun, public_key:pkix_verify_hostname_match_fun(https)}
]}]}
],
[]).
Shouldn't we have easy to use defaults?
Olivier Boudeville
Sep 10, 2021, 2:05:13 PM9/10/21
to Erlang-Questions Questions
Hi,
And on a related subject, I was
wondering why the warning being discussed in this thread was not
suppressed when using:
httpc:request(get,
{"https://acme-staging-v02.api.letsencrypt.org/directory", []},
[{ssl, [{verify, verify_none}]}], []).
=WARNING REPORT==== 10-Sep-2021::19:54:29.258613 ===
=WARNING REPORT==== 10-Sep-2021::19:54:29.258613 ===
Description: "Authenticity is not established by certificate path validation"
Reason: "Option {verify, verify_peer} and cacertfile/cacerts is missing"
{ok,{{"HTTP/1.1",200,"OK"},
[{"cache-control","public, max-age=0, no-cache"},
[{"cache-control","public, max-age=0, no-cache"},
[...]
(OTP 24.0 ; once initialised with
inets:start() and ssl:start() )
Thanks in advance for any hint,
Best regards,
Olivier.
-- Olivier Boudeville
Reply all
Reply to author
Forward
0 new messages