Bypassing SSL cert verification is not working

[JaYa]

Currently i am using Create Session Keyword of RequestsLibrary, used verify parameter to 'false' to bypass the cert verification.


Create Session    alias=test    url=${SERVER}    verify=false               

I am getting below error after execution,

20171005 16:51:24.418 :  FAIL : IOError: Could not find a suitable TLS CA certificate bundle, invalid path: false

[Kevin O.]

Hello Jaya,

I ran into this as well. And I'm surprised I didn't report it.

The logic for handling verify is fine up until this:

    self.verify = verify if self.builtin.convert_to_boolean(verify) != True else None

What happens here is that if verify is considered False after converting to boolean, then self.verify is set to the original value, the string "false".

If you do not specify verify on each request, then RequestsLibrary is sending verify="false", which requests is not expecting.

As a workaround, use a real bool

Create Session    alias=test    url=${SERVER}    verify=${False}

Please do also keep in mind that this verify setting is RequestsLibrary-level setting where it should be a per-session setting.

What this means in practice is that whatever the value is for verify on the last session created will be used as the default value for requests regardless of session.

So if you create a session A with verify=True, then session B with verify=False, then when you send requests on session A without sending the verify parameter, then verification will not happen.