No TLS/SSL CA verify

Question

No TLS/SSL CA verify

jmwilkinson opened this issue a month ago · comments

Req appears to rely on Finch, which in turn relies on Mint.

Within this chain of dependencies, it is unclear how to ignore TLS/SSL verification.

Being able to run insecure HTTPS requests is an important step of prototyping and early development, before official TLS certs etc. have been procured. It would be very useful to know how to do this within req.

Wojtek Mach · Answer 1 · Fri Aug 02 2024 14:25:07 GMT+0800 (China Standard Time)

Thank you for the report. It's this:

Req.get!(
  "https://self-signed.badssl.com",
  connect_options: [transport_opts: [verify: :verify_none]]
)

The place to document this would be run_finch step. We have a few usage examples and we could add this one. WDYT?

jmwilkinson · Answer 2 · Sat Aug 03 2024 00:43:23 GMT+0800 (China Standard Time)

I think that would be useful, especially if there are enough keywords in the docs that someone searching would be able to find that section.

Currently, even if you know you need to look under connect_options and then under transport_opts and then follow the link to Mint docs, mint doesn't even call out :verify_none as an option... it just says:

:verify - defaults to :verify_peer. May be overridden by the caller.

The option can be inferred by reading the docs of the following option.

So yes, I think adding that would help substantially. Thank you for the rapid response!

jmwilkinson · Answer 3 · Sat Aug 03 2024 00:46:25 GMT+0800 (China Standard Time)

I would also add, a few of the keywords that could help for those searching might be: tls, ssl, verify, insecure, and perhaps CA. Hopefully this github issue will also enhance visibility.

Wojtek Mach · Answer 4 · Thu Aug 08 2024 04:23:03 GMT+0800 (China Standard Time)

@jmwilkinson Agreed. A PR would be appreciated!