{verify, verify_peer} warning or error
pablo platt
pablo.platt@REDACTED
Fri Sep 10 16:41:37 CEST 2021
Thanks. This works:
Url = "https://content.googleapis.com/youtube/v3/videos",
httpc:request(get,
{Url, []},
[{ssl, [
{verify, verify_peer},
{cacertfile, "/etc/ssl/certs/ca-certificates.crt"},
{depth, 3},
{customize_hostname_check, [
{match_fun, public_key:pkix_verify_hostname_match_fun(https)}
]}]}
],
[]).
Shouldn't we have easy to use defaults?
On Fri, Sep 10, 2021 at 5:26 PM Bram Verburg <bram.verburg@REDACTED>
wrote:
> This should help you get going making HTTPS requests using httpc:
>
> https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/ssl
>
>
>
> On Fri, Sep 10, 2021 at 17:17, pablo platt <pablo.platt@REDACTED> wrote:
>
> Hi,
>
> When I'm sending a request to content.googleapis.com without the verify
> ssl option I'm getting a warning:
> Url = "https://content.googleapis.com/youtube/v3/videos",
> httpc:request(get,
> {Url, []},
> [],
> []).
>
> Description: "Authenticity is not established by certificate path
> validation"
> Reason: "Option {verify, verify_peer} and cacertfile/cacerts is
> missing"
>
> When I'm adding the verify_peer option I'm getting an error:
> Url = "https://content.googleapis.com/youtube/v3/videos",
> httpc:request(get,
> {Url, []},
> [{ssl, [{verify, verify_peer}]}],
> []).
>
> {error,{failed_connect,[{to_address,{"content.googleapis.com",
> 443}},
> {inet,[inet],{options,{cacertfile,[]}}}]}}
>
> What is the correct way to send the request?
>
> Thanks
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20210910/2b6e776e/attachment.htm>
More information about the erlang-questions
mailing list