Send Beginners mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://www.haskell.org/mailman/listinfo/beginners
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Beginners digest..."
Today's Topics:
1. HTTPS Get Request with unverifiable certificate
(Friedrich Wiemer)
2. Re: HTTPS Get Request with unverifiable certificate
(Friedrich Wiemer)
3. Re: HTTPS Get Request with unverifiable certificate
(Michael Snoyman)
4. Re: HTTPS Get Request with unverifiable certificate (Adrian May)
5. Re: HTTPS Get Request with unverifiable certificate
(Friedrich Wiemer)
6. Re: HTTPS Get Request with unverifiable certificate
(Michael Snoyman)
----------------------------------------------------------------------
Message: 1
Date: Tue, 11 Jun 2013 16:00:50 +0200
From: Friedrich Wiemer <[email protected]>
Subject: [Haskell-beginners] HTTPS Get Request with unverifiable
certificate
To: The Haskell-Beginners Mailing List - Discussion of primarily
beginner-level topics related to Haskell <[email protected]>
Message-ID:
<cagvtqw7wzq5g1lnqhqrnjbrm2f9p0ua3gn+kgb9qfcxy87g...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Hey,
I'm trying to send a HTTPS-Get Request to a private server, which has
a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit
and this code-snipped:
> myGetRequest url = do
> req <- parseUrl url
> return $ req {secure = True}
>
> *Main Network.HTTP.Conduit> myGetRequest "https://my.private.server"; >>= (\x
> -> withManager (httpLbs x))
which results in
> *** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate
> rejected: FQDN do not match this certificate",True,CertificateUnknown)))
I guess that's due to the unverifiable, self-signed certificate? Can I
disable the test or accept my certificate?
Thanks in advance!
Friedrich
------------------------------
Message: 2
Date: Tue, 11 Jun 2013 16:19:59 +0200
From: Friedrich Wiemer <[email protected]>
Subject: Re: [Haskell-beginners] HTTPS Get Request with unverifiable
certificate
To: The Haskell-Beginners Mailing List - Discussion of primarily
beginner-level topics related to Haskell <[email protected]>
Message-ID:
<cagvtqw5up4kv87wnmqo0tv8y5uutkl+w5b3_gjra7wecn8i...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
edit:
if I change the the url from "https://servers-ip/"; to
"https://servers-FQDN/"; the error changes to:
>*** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate has
>unknown CA",True,UnknownCa)))
so the self-signed certificate causes the error.
How can I tell Network.HTTP.Conduit to accept unknown CA's certificates?
2013/6/11 Friedrich Wiemer <[email protected]>:
> Hey,
>
> I'm trying to send a HTTPS-Get Request to a private server, which has
> a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit
> and this code-snipped:
>
>> myGetRequest url = do
>> req <- parseUrl url
>> return $ req {secure = True}
>>
>> *Main Network.HTTP.Conduit> myGetRequest "https://my.private.server"; >>= (\x
>> -> withManager (httpLbs x))
> which results in
>> *** Exception: TlsException (HandshakeFailed (Error_Protocol ("certificate
>> rejected: FQDN do not match this certificate",True,CertificateUnknown)))
>
> I guess that's due to the unverifiable, self-signed certificate? Can I
> disable the test or accept my certificate?
>
> Thanks in advance!
> Friedrich
------------------------------
Message: 3
Date: Tue, 11 Jun 2013 17:23:50 +0300
From: Michael Snoyman <[email protected]>
Subject: Re: [Haskell-beginners] HTTPS Get Request with unverifiable
certificate
To: The Haskell-Beginners Mailing List - Discussion of primarily
beginner-level topics related to Haskell <[email protected]>
Message-ID:
<CAKA2JgJe=azvo5dv503e_f7lr7htt2wby2fjwup+nvrgq25...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
You have to override managerCheckCerts[1] when creating your manager. It
would look something like:
do
manager <- newManager def { managerCheckCerts = yourChecker }
httpLbs req manager
yourChecker _ _ _ = return CertificateUsageAccept
Which would allow any certificate.
[1]
http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTTP-Conduit.html#v:managerCheckCerts
On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer <[email protected]
> wrote:
> edit:
> if I change the the url from "https://servers-ip/"; to
> "https://servers-FQDN/"; the error changes to:
> >*** Exception: TlsException (HandshakeFailed (Error_Protocol
> ("certificate has unknown CA",True,UnknownCa)))
>
> so the self-signed certificate causes the error.
> How can I tell Network.HTTP.Conduit to accept unknown CA's certificates?
>
> 2013/6/11 Friedrich Wiemer <[email protected]>:
> > Hey,
> >
> > I'm trying to send a HTTPS-Get Request to a private server, which has
> > a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit
> > and this code-snipped:
> >
> >> myGetRequest url = do
> >> req <- parseUrl url
> >> return $ req {secure = True}
> >>
> >> *Main Network.HTTP.Conduit> myGetRequest "https://my.private.server";
> >>= (\x -> withManager (httpLbs x))
> > which results in
> >> *** Exception: TlsException (HandshakeFailed (Error_Protocol
> ("certificate rejected: FQDN do not match this
> certificate",True,CertificateUnknown)))
> >
> > I guess that's due to the unverifiable, self-signed certificate? Can I
> > disable the test or accept my certificate?
> >
> > Thanks in advance!
> > Friedrich
>
> _______________________________________________
> Beginners mailing list
> [email protected]
> http://www.haskell.org/mailman/listinfo/beginners
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.haskell.org/pipermail/beginners/attachments/20130611/bfc4c772/attachment-0001.htm>
------------------------------
Message: 4
Date: Tue, 11 Jun 2013 22:46:14 +0800
From: Adrian May <[email protected]>
Subject: Re: [Haskell-beginners] HTTPS Get Request with unverifiable
certificate
To: The Haskell-Beginners Mailing List - Discussion of primarily
beginner-level topics related to Haskell <[email protected]>
Message-ID:
<CAD-UbzHMQv=zpjq_ncdgcfvjg3eggqawrnx2tfp3ky+bcyr...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
You could always ask somebody to sign your certificate for you. Somebody
like http://www.startcom.org. I had great support from these guys.
Adrian.
On 11 Jun 2013 22:26, "Michael Snoyman" <[email protected]> wrote:
> You have to override managerCheckCerts[1] when creating your manager. It
> would look something like:
>
>
> do
> manager <- newManager def { managerCheckCerts = yourChecker }
> httpLbs req manager
>
> yourChecker _ _ _ = return CertificateUsageAccept
>
> Which would allow any certificate.
>
> [1]
> http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTTP-Conduit.html#v:managerCheckCerts
>
>
> On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer <
> [email protected]> wrote:
>
>> edit:
>> if I change the the url from "https://servers-ip/"; to
>> "https://servers-FQDN/"; the error changes to:
>> >*** Exception: TlsException (HandshakeFailed (Error_Protocol
>> ("certificate has unknown CA",True,UnknownCa)))
>>
>> so the self-signed certificate causes the error.
>> How can I tell Network.HTTP.Conduit to accept unknown CA's certificates?
>>
>> 2013/6/11 Friedrich Wiemer <[email protected]>:
>> > Hey,
>> >
>> > I'm trying to send a HTTPS-Get Request to a private server, which has
>> > a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit
>> > and this code-snipped:
>> >
>> >> myGetRequest url = do
>> >> req <- parseUrl url
>> >> return $ req {secure = True}
>> >>
>> >> *Main Network.HTTP.Conduit> myGetRequest "https://my.private.server";
>> >>= (\x -> withManager (httpLbs x))
>> > which results in
>> >> *** Exception: TlsException (HandshakeFailed (Error_Protocol
>> ("certificate rejected: FQDN do not match this
>> certificate",True,CertificateUnknown)))
>> >
>> > I guess that's due to the unverifiable, self-signed certificate? Can I
>> > disable the test or accept my certificate?
>> >
>> > Thanks in advance!
>> > Friedrich
>>
>> _______________________________________________
>> Beginners mailing list
>> [email protected]
>> http://www.haskell.org/mailman/listinfo/beginners
>>
>
>
> _______________________________________________
> Beginners mailing list
> [email protected]
> http://www.haskell.org/mailman/listinfo/beginners
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.haskell.org/pipermail/beginners/attachments/20130611/ec5568af/attachment-0001.htm>
------------------------------
Message: 5
Date: Tue, 11 Jun 2013 19:56:12 +0200
From: Friedrich Wiemer <[email protected]>
Subject: Re: [Haskell-beginners] HTTPS Get Request with unverifiable
certificate
To: The Haskell-Beginners Mailing List - Discussion of primarily
beginner-level topics related to Haskell <[email protected]>
Message-ID:
<cagvtqw7mk+sd0to+xljkltypr5yfvk2dughngwcuuwy4t80...@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Adrian: yea, that would be a solution, but i looked for the changed
certificate checker, as Michael suggested.
I now have this code: http://hpaste.org/89795
which rises a "no isntance" error like this one: http://hpaste.org/80820
What do I miss?
2013/6/11 Adrian May <[email protected]>:
> You could always ask somebody to sign your certificate for you. Somebody
> like http://www.startcom.org. I had great support from these guys.
>
> Adrian.
>
> On 11 Jun 2013 22:26, "Michael Snoyman" <[email protected]> wrote:
>>
>> You have to override managerCheckCerts[1] when creating your manager. It
>> would look something like:
>>
>>
>> do
>> manager <- newManager def { managerCheckCerts = yourChecker }
>> httpLbs req manager
>>
>> yourChecker _ _ _ = return CertificateUsageAccept
>>
>> Which would allow any certificate.
>>
>> [1]
>> http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTTP-Conduit.html#v:managerCheckCerts
>>
>>
>> On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer
>> <[email protected]> wrote:
>>>
>>> edit:
>>> if I change the the url from "https://servers-ip/"; to
>>> "https://servers-FQDN/"; the error changes to:
>>> >*** Exception: TlsException (HandshakeFailed (Error_Protocol
>>> > ("certificate has unknown CA",True,UnknownCa)))
>>>
>>> so the self-signed certificate causes the error.
>>> How can I tell Network.HTTP.Conduit to accept unknown CA's certificates?
>>>
>>> 2013/6/11 Friedrich Wiemer <[email protected]>:
>>> > Hey,
>>> >
>>> > I'm trying to send a HTTPS-Get Request to a private server, which has
>>> > a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit
>>> > and this code-snipped:
>>> >
>>> >> myGetRequest url = do
>>> >> req <- parseUrl url
>>> >> return $ req {secure = True}
>>> >>
>>> >> *Main Network.HTTP.Conduit> myGetRequest "https://my.private.server";
>>> >> >>= (\x -> withManager (httpLbs x))
>>> > which results in
>>> >> *** Exception: TlsException (HandshakeFailed (Error_Protocol
>>> >> ("certificate rejected: FQDN do not match this
>>> >> certificate",True,CertificateUnknown)))
>>> >
>>> > I guess that's due to the unverifiable, self-signed certificate? Can I
>>> > disable the test or accept my certificate?
>>> >
>>> > Thanks in advance!
>>> > Friedrich
>>>
>>> _______________________________________________
>>> Beginners mailing list
>>> [email protected]
>>> http://www.haskell.org/mailman/listinfo/beginners
>>
>>
>>
>> _______________________________________________
>> Beginners mailing list
>> [email protected]
>> http://www.haskell.org/mailman/listinfo/beginners
>>
>
> _______________________________________________
> Beginners mailing list
> [email protected]
> http://www.haskell.org/mailman/listinfo/beginners
>
------------------------------
Message: 6
Date: Wed, 12 Jun 2013 05:29:50 +0300
From: Michael Snoyman <[email protected]>
Subject: Re: [Haskell-beginners] HTTPS Get Request with unverifiable
certificate
To: The Haskell-Beginners Mailing List - Discussion of primarily
beginner-level topics related to Haskell <[email protected]>
Message-ID:
<caka2jg+j6mk_zyuksocwyqucp53kh60ndgfdatpsuaqzrr9...@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
You need to use runResourceT before your do-block.
On Tue, Jun 11, 2013 at 8:56 PM, Friedrich Wiemer <[email protected]
> wrote:
> Adrian: yea, that would be a solution, but i looked for the changed
> certificate checker, as Michael suggested.
>
> I now have this code: http://hpaste.org/89795
> which rises a "no isntance" error like this one: http://hpaste.org/80820
> What do I miss?
>
> 2013/6/11 Adrian May <[email protected]>:
> > You could always ask somebody to sign your certificate for you. Somebody
> > like http://www.startcom.org. I had great support from these guys.
> >
> > Adrian.
> >
> > On 11 Jun 2013 22:26, "Michael Snoyman" <[email protected]> wrote:
> >>
> >> You have to override managerCheckCerts[1] when creating your manager. It
> >> would look something like:
> >>
> >>
> >> do
> >> manager <- newManager def { managerCheckCerts = yourChecker }
> >> httpLbs req manager
> >>
> >> yourChecker _ _ _ = return CertificateUsageAccept
> >>
> >> Which would allow any certificate.
> >>
> >> [1]
> >>
> http://haddocks.fpcomplete.com/fp/7.4.2/20130508-82/http-conduit/Network-HTTP-Conduit.html#v:managerCheckCerts
> >>
> >>
> >> On Tue, Jun 11, 2013 at 5:19 PM, Friedrich Wiemer
> >> <[email protected]> wrote:
> >>>
> >>> edit:
> >>> if I change the the url from "https://servers-ip/"; to
> >>> "https://servers-FQDN/"; the error changes to:
> >>> >*** Exception: TlsException (HandshakeFailed (Error_Protocol
> >>> > ("certificate has unknown CA",True,UnknownCa)))
> >>>
> >>> so the self-signed certificate causes the error.
> >>> How can I tell Network.HTTP.Conduit to accept unknown CA's
> certificates?
> >>>
> >>> 2013/6/11 Friedrich Wiemer <[email protected]>:
> >>> > Hey,
> >>> >
> >>> > I'm trying to send a HTTPS-Get Request to a private server, which has
> >>> > a self-signed ssl-certificate. Currently I use Network.HTTP.Conduit
> >>> > and this code-snipped:
> >>> >
> >>> >> myGetRequest url = do
> >>> >> req <- parseUrl url
> >>> >> return $ req {secure = True}
> >>> >>
> >>> >> *Main Network.HTTP.Conduit> myGetRequest "https://my.private.server
> "
> >>> >> >>= (\x -> withManager (httpLbs x))
> >>> > which results in
> >>> >> *** Exception: TlsException (HandshakeFailed (Error_Protocol
> >>> >> ("certificate rejected: FQDN do not match this
> >>> >> certificate",True,CertificateUnknown)))
> >>> >
> >>> > I guess that's due to the unverifiable, self-signed certificate? Can
> I
> >>> > disable the test or accept my certificate?
> >>> >
> >>> > Thanks in advance!
> >>> > Friedrich
> >>>
> >>> _______________________________________________
> >>> Beginners mailing list
> >>> [email protected]
> >>> http://www.haskell.org/mailman/listinfo/beginners
> >>
> >>
> >>
> >> _______________________________________________
> >> Beginners mailing list
> >> [email protected]
> >> http://www.haskell.org/mailman/listinfo/beginners
> >>
> >
> > _______________________________________________
> > Beginners mailing list
> > [email protected]
> > http://www.haskell.org/mailman/listinfo/beginners
> >
>
> _______________________________________________
> Beginners mailing list
> [email protected]
> http://www.haskell.org/mailman/listinfo/beginners
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.haskell.org/pipermail/beginners/attachments/20130612/cc385d6c/attachment.htm>
------------------------------
_______________________________________________
Beginners mailing list
[email protected]
http://www.haskell.org/mailman/listinfo/beginners
End of Beginners Digest, Vol 60, Issue 20
*****************************************
