Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Disable SSL/TLS certificate validation in Network.HTTP.Conduit

Tags:

ssl

haskell

conduit

http-conduit

I use the http-conduit library version 2.0+ to fetch the contents from a http:// URL:

import Network.HTTP.Conduit
myurl = ... -- Your URL goes here
main = do content <- simpleHttp myurl
          print $ content

When running this program, I get this error:

*** Exception: TlsException (HandshakeFailed (Error_Protocol
      ("certificate rejected: certificate is not allowed to sign another certificate",
        True,CertificateUnknown)))

As can be told from the error message, the problem is the inability of Network.HTTP.Conduit to validate the server certificate appropriately (in this case, there seem to be problems in the certificate chain)

How can I change the above code to ignore the certificate error (i.e. by not verifying certificates at all)?

like image 725
Uli Köhler Avatar asked Jan 23 '14 14:01

Uli Köhler

People also ask

How do I disable SSL certificate validation in IIS?

In the navigation tree, under SSL 3.0, select Server and then, in the right pane, double-click the Enabled DWORD value. In the Edit DWORD (32-bit) Value window, in the Value Data box leave the value at 0 and then, click OK. Restart your Windows server. You have successfully disabled the SSL v3 protocol.

1 Answers

simpleHttp itself does not support this feature. You'll need to create a manager with modified ManagerSettings and then use that to fetch the URL.

Note that this code only applies for http-conduits version 2.0+ -- the library version 1 has a similar yet different API for this purpose.

import Network.HTTP.Conduit
import Network.Connection
import qualified Data.ByteString.Lazy.Char8 as LB

myurl = ... -- Your URL goes here

-- | Get a new Manager that doesn't verify SSL certificates
noSSLVerifyManager :: IO Manager
noSSLVerifyManager = let tlsSettings = TLSSettingsSimple {
                            -- This is where we disable certificate verification
                            settingDisableCertificateValidation = True,
                            settingDisableSession=False,
                            settingUseServerName=True}
                     in newManager $ mkManagerSettings tlsSettings Nothing

-- | Download like with simpleHttp, but using an existing manager for the task
simpleHttpWithManager :: Manager -> String -> IO LB.ByteString
simpleHttpWithManager manager url = do url' <- parseUrl url
                                       fmap responseBody $ httpLbs url' manager

main = do manager <- noSSLVerifyManager
          content <- simpleHttpWithManager manager myurl
          print $ content

Note that you should only disable SSL certificate verification if absolutely neccessary, as it makes you vulnerable for man-in-the-middle attacks

like image 163
Uli Köhler Avatar answered Sep 18 '22 23:09

Uli Köhler
Sign in to Comment

Related questions

Applying a function with arguments that could be either Ints or Doubles
Read / Write Haskell Integer in two's complement representation
Is this Haskell function known/implemented as another name?
Mixing ByteString parsing and network IO in Haskell
How should I represent an AST annotated with additional information?
Haskell Persistent insert rows if not already in database
What's the most efficient way to run cross-platform, deterministic simulations in Haskell?
How to write a pure String to String function in Haskell FFI to C++
Monad Transformers and lift function
Is there a way to shortcut adding handlers to Yesod?
Haskell quickcheck to generate and test rose trees?
Generalized type-defaulting rules
How to work around inability to use lenses with existential types?
If I am using Haskell Platform (2013.2.0.0) with GHC (7.6.3) is it okay to install Xcode 5?
Why use cabal instead of make
How exactly do kind lists work?
What happens when an Async value is garbage-collected?
In the Yesod ecosystem, what is the best way to urlencode some Text?
Plotting a graph using Haskell
How do you express a computation that recursively descend a tree and keep a fresh local state upon each split?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!