I need to make a request to an internal web service, and need to provide a custom SSL certificate chain.
In python + requests, I would set the REQUESTS_CA_BUNDLE environment variable to the path of the bundle, /etc/ssl/certs/ca-bundle.crt. What is the equivalent with Julia's HTTP.jl? It doesn't seem to be picking up the bundle automatically.
HTTP.jl uses MbedTLS to process certificates, so I wonder if your Julia install somehow is missing that library. You might try installing MbedTLS directly for you platform and see where it looks for certificates by default.
According to the docs you can pass an sslconfig object to the call. You can supply the certificate to this object:
Untested
using HTTP, MbedTLS
conf = MbedTLS.SSLConfig(cert_file, key_file)
resp = HTTP.get("https://httpbin.org/ip", sslconfig=conf)
println(resp)
Related
I want to verify my pact against an API that has an https endpoint.
My request is timing out when I run the pact.
Does Pact.Net supports https verification or am I missing something?
Yes, it should be able to do this.
I'm going to guess that the https target is using a self-signed certificate. To work around that you can specify the following env vars to fix this:
To connect to a Pact Broker that uses custom SSL cerificates, set the environment variable $SSL_CERT_FILE or $SSL_CERT_DIR to a path that contains the appropriate certificate.
(see also https://github.com/pact-foundation/pact-ruby-standalone/releases)
You could enable debug logging to see what the process is doing, consult the docs on how to do that.
I would like to know how to include a cert file when sending requests in HTTP.jl.
In Python, using Requests it would look like this,
requests.get(url, params=payload, verify=cert_file)
The documentation mentions SSL certs, but is unclear.
It really is poorly documented, and in similar cases I've had to look at the source code to
MbedTLS (within the site https://tls.mbed.org/), which is what the package HTTP.jl calls for certificates.
MbedTLS in turn looks for the systems's installed certificates, so if you install the certificate for your user, HTTP.jl should use it for https. I realize this may not help your specific need, which may require something like this (untested):
using HTTP, MbedTLS
conf = MbedTLS.SSLConfig(cert_file, key_file)
resp = HTTP.get("https://httpbin.org/ip", sslconfig=conf)
println(resp)
itself.
If you have to go back to the MbedTLS source as I did, I suggest you look at the example at https://github.com/JuliaLang/MbedTLS.jl and the source at
https://github.com/JuliaLang/MbedTLS.jl/blob/master/src/MbedTLS.jl,
especially the function SSLConfig(cert_file, key_file) on line 103.
My meteor server will fetch data from another source on Internet. The request has to go via a proxy. How can I specify the proxy server for server-side HTTP.call's?
You could easily make all HTTP.* calls through a proxy if only Meteor developers accepted my pull request to pass through options like proxy to the request module, on which the HTTP package is based.
Please comment on this GitHub issue to ask for that.
UPDATE: Since the Meteor devs refused to implement that change, I published an Atmosphere package that lets you transmit to Node (i.e. to the request module) any options you want.
Check out http-more on Atmosphere.
Found a solution for my problem.
I'm using Windows and could not find a way to set a default proxy for the OS as Serkan mentioned. Setting proxy server in Internet Explorer internet options LAN settings did not work. Settings proxy in winHTTP did not work. Anyone else know how to do it?
The most reasonable would be that Node read a environment variable and used that. So, I created an environment variable "HTTP_PROXY" and to see if node would read it I tried:
D:\Appl\.meteor\tools\a5dc07c9ab\bin>node -e "console.log(process.env.http_proxy)"
and it did output my variable. But, when trying to make a http.get() request directly within Node it failed. Node is obviously not using that variable ...
The conclusion of that is that I have to explicitly set the proxy in my app, but that is not possible with Meteor HTTP. Instead I could use the request module (that Meteor HTTP is using) and set the proxy. Not the ideal solution, because my app has to know about the proxy, but ok for my purpose.
if (Meteor.isServer) {
var request = Npm.require("request");
var makeRequest = Meteor._wrapAsync(thirdLibMakeRequest);
function thirdLibMakeRequest(options, callback) {
options.proxy = "http://myProxyServer:8080";
request(options, callback);
};
var response = makeRequest({ url: "http://UrlToSomeSite" });
}
Include the request module
Wrap the 3rd-lib async method so we can use it in Meteor
set the proxy property of the request module
use makeRequest to make requests.
Since the platform your meteor app will be running on will be behind the proxy as a whole, you'll be needing proxy access generally anyway.
Therefore, you can set your platform (os) up to connect to the proxy server by default, therefore Meteor will not necessarily know/care about the presence of a proxy since it will be transparent to it.
I am working with a historic API which grants access via a key/secret combo, which the original API designer specified should be passed as the user name & password in an HTTP Basic auth header, e.g.:
curl -u api_key:api_secret http://api.example.com/....
Now that our API client base is going to be growing, we're looking to using 3scale to handle both authentication, rate limiting and other functions. As per 3scale's instructions and advice, we'll be using an Nginx proxy in front of our API server, which authenticates against 3scale's services to handle all the access control systems.
We'll be exporting our existing clients' keys and secrets into 3scale and keeping the two systems in sync. We need our existing app to continue to receive the key & secret in the existing manner, as some of the returned data is client-specific. However, I need to find a way of converting that HTTP basic auth request, which 3scale doesn't natively support as an authentication method, into rewritten custom headers which they do.
I've been able to set up the proxy using the Nginx and Lua configs that 3scale configures for you. This allows the -u key:secret to be passed through to our server, and correctly processed. At the moment, though, I need to additionally add the same authentication information either as query params or custom headers, so that 3scale can manage the access.
I want my Nginx proxy to handle that for me, so that users provide one set of auth details, in the pre-existing manner, and 3scale can also pick it up.
In a language I know, e.g., Ruby, I can decode the HTTP_AUTHORIZATION header, pick out the Base64-encoded portion, and decode it to find the key & secret components that have been supplied. But I'm an Nginx newbie, and don't know how to achieve the same within Nginx (I also don't know if 3scale's supplied Lua script can/will be part of a solution)...
Reusing the HTTP Authorization header for the 3scale keys can be supported with a small tweak in your Nginx configuration files. As you were rightly pointing out, the Lua script that you download is the place to do this.
However, I would suggest a slightly different approach regarding the keys that you import to 3scale. Instead of using the app_id/app_key authentication pattern, you could use the user_key mode (which is a single key). Then what you would import to 3scale for each application would be the base64 string of api_key+api_secret combined.
This way the changes you will need to do to the configuration files will be fewer and simpler.
The steps you will need to follow are:
in your 3scale admin portal, set the authentication mode to API key (https://support.3scale.net/howtos/api-configuration/authentication-patterns)
go to the proxy configuration screen (where you set your API backend, mappings and where you download the Nginx files).
under "Authentication Settings", set the location of the credentials to HTTP headers.
download the Nginx config files and open the Lua script
find the following line (should be towards the end of the file):
local parameters = get_auth_params("headers", string.split(ngx.var.request, " ")[1] )
replace it with:
local parameters = get_auth_params("basicauth", string.split(ngx.var.request, " ")[1] )
finally, within the same file, replace the entire function named "get_auth_params" for the one in this gist: https://gist.github.com/vdel26/9050170
I hope this approach suits your needs. You can also contact at support#3scale.net if you need more help.
Is it possible to use the flash.net.NetConnection object to connect to my Flash remoting enabled web application over HTTPS within Tomcat or any other servlet container?
I am using the SpiceFactory cinnamon project for amf remoting and have searched for examples of using HTTPS but see only the reference to a proxy type in the NetConnection object.
If someone could provide a reference or example that would be awesome. Or if it is not possible using the flash.net.NetConnection object are there any recommendations of how to configure HTTPS for the spicefactory cinnamon library.
According to the creator Jens Halm, it should just work out of the box.
http://www.spicefactory.org/forum/viewtopic.php?t=407
flex https works fine , if you use self signed certificate end user needs to add the public key manually to the trusted store, by directly connecting to the site using https://...
and accept the certificate.
second way is run the connection over http and do the encryption / description manually using
as3crypto - flex http://code.google.com/p/as3crypto/ and php openssl