Have HTTP.jl accept self-signed certificates for SSL

Hi,

I’m writing a package to wrap a REST API using HTTP.jl and want to use a simple Julia local server for testing. Since all the REST calls use HTTPS I’ve generated a self-signed certificate for this test server but, of course, by default this isn’t recognised as valid when I query the server.

My preferred option would be if I could temporarily turn off certificate validation in HTTP.jl along the lines of

TestServer.start()
HTTP.set_certificate_validation(false)

@test MyPkg.fn1()
@test MyPkg.fn2()
...

HTTP.set_certificate_validation(true)
TestServer.stop()

I know about HTTP.request(...; require_ssl_verification=false) but that would require adding a testing setting in the code to turn off security which seems … bad? And adds a feature purely used for testing.

Failing this, is there a way to add my self-signed certificate / authority to wherever MbedTLS.jl looks for verification? Can this be done programatically during testing? ie something like MbedTLS.add_certificate_authority(my_self_signed) in the setup above?

I’ve tried looking at the docs for HTTP.jl / MbedTLS and can’t find anything so any pointers to documentation / advice on how to do this better is greatly appreciated

Ok, I think I’ve figured it out. HTTP.jl (and other similar packages) use the standard library NetworkOptions for configuration so the solution is simply ENV[JULIA_SSL_NO_VERIFY_HOSTS] = "127.0.0.1" or similar.

Read the docs

4 Likes