Possible to bypass cert verification in Requests.jl or HTTP.jl?


#1

Is there a way that I can bypass cert verification in Requests.jl or HTTP.jl (i.e., as a client),
similar to curl’s -k option?

       -k, --insecure
              (TLS)  By default, every SSL connection curl makes is verified to be secure. This option allows curl
              to proceed and operate even for server connections otherwise considered insecure.

              The server connection is verified by making sure the server's certificate contains  the  right  name
              and verifies successfully using the cert store.

              See this online resource for further details:
               https://curl.haxx.se/docs/sslcerts.html

              See also --proxy-insecure and --cacert.

#2

It’s an MbedTLS.jl option, so should work with either Requests or HTTP. With HTTP.jl, you’d do something like

using HTTP, MbedTLS
client = HTTP.Client(tlsconfig=MbedTLS.SSLConfig(false))
HTTP.get(client, url; options...)

#3

Thanks.

My colleague Keith Mason pointed out the following for Requests.jl.


#4

I introduced the MbedTLS integration to Requests, so it would logically fall to me to write that documentation. There isn’t much motivation though since HTTP is intended to replace Requests.