在Network.HTTP.Conduit中禁用SSL / TLS证书验证 [英] Disable SSL/TLS certificate validation in Network.HTTP.Conduit
问题描述
我使用 http-conduit
library version 2.0+从
I use the http-conduit
library version 2.0+ to fetch the contents from a http://
URL:
import Network.HTTP.Conduit
myurl = ... -- Your URL goes here
main = do content <- simpleHttp myurl
print $ content
运行此程序时,出现此错误:
When running this program, I get this error:
*** Exception: TlsException (HandshakeFailed (Error_Protocol
("certificate rejected: certificate is not allowed to sign another certificate",
True,CertificateUnknown)))
从错误信息可以看出,问题在于 Network.HTTP.Conduit
以便适当地验证服务器证书(在这种情况下,证书链中似乎存在问题)
As can be told from the error message, the problem is the inability of Network.HTTP.Conduit
to validate the server certificate appropriately (in this case, there seem to be problems in the certificate chain)
我如何更改上述内容代码忽略证书错误(即通过不验证证书)?
How can I change the above code to ignore the certificate error (i.e. by not verifying certificates at all)?
推荐答案
simpleHttp
本身不会支持这个功能。您需要创建一个修改了 ManagerSettings
的管理器,然后使用它来获取该URL。
simpleHttp
itself does not support this feature. You'll need to create a manager with modified ManagerSettings
and then use that to fetch the URL.
请注意,此代码仅适用于 http-conduits
版本2.0+ - 库版本1为此具有类似但不同的API。
Note that this code only applies for http-conduits
version 2.0+ -- the library version 1 has a similar yet different API for this purpose.
import Network.HTTP.Conduit
import Network.Connection
import qualified Data.ByteString.Lazy.Char8 as LB
myurl = ... -- Your URL goes here
-- | Get a new Manager that doesn't verify SSL certificates
noSSLVerifyManager :: IO Manager
noSSLVerifyManager = let tlsSettings = TLSSettingsSimple {
-- This is where we disable certificate verification
settingDisableCertificateValidation = True,
settingDisableSession=False,
settingUseServerName=True}
in newManager $ mkManagerSettings tlsSettings Nothing
-- | Download like with simpleHttp, but using an existing manager for the task
simpleHttpWithManager :: Manager -> String -> IO LB.ByteString
simpleHttpWithManager manager url = do url' <- parseUrl url
fmap responseBody $ httpLbs url' manager
main = do manager <- noSSLVerifyManager
content <- simpleHttpWithManager manager myurl
print $ content
请注意,您应该只禁用SSL证书验证,如果绝对必要的话,因为它使你容易受到中间人攻击。
Note that you should only disable SSL certificate verification if absolutely neccessary, as it makes you vulnerable for man-in-the-middle attacks
这篇关于在Network.HTTP.Conduit中禁用SSL / TLS证书验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!