reqman
reqman copied to clipboard
manatlan
Certificate/SSL based authentication
How do I replicate these commands when creating reqman.conf ?
Essentially enable ssl/certificate based authentication for all my calls?
curl -k https://www.thesitetoauthenticate.com/test -v –key key.pem –cacert ca.pem –cert client.pem
curl --cert-type P12 --cert cert.p12:password https://yoursite.com
curl -E ./file.crt.pem --key ./file.key.pem https://myservice.com/service?wsdl
Thanks
When requests package is used, SSL/certificate based authentication can be achieved like below
def post(url, schema):
headers = {"Content-Type": "application/json"}
content_body = {"data": data}
print("registering schema at url: ", url)
CACERT = os.path.abspath("../../cert.pem") # Server certificate chain
CERT = os.path.abspath("../../cert.crt") # Client certificate
KEY = os.path.abspath("../../cert.key") # Client private key
try:
session = requests.Session()
session.cert = (CERT, KEY)
r = session.post(url,
data=json.dumps(content_body),
headers=headers,
verify=CACERT)
print("response status code: ", r.status_code)
print("response status code: ", r.reason)
print("response status code: ", r.text)
if r.status_code >= 300:
sys.exit(1)
except requests.exceptions.RequestException as e:
print(e)
sys.exit(1)
currently ... reqman bypass totally the SSL part : all requests are "unverified" ! There is no ways to play with certificates/keys ...
Currently it uses the aiohttp module, but plans to go with httpx (when it will support socks proxy (needed at my job)) ... (can't use requests, coz it miss async support) When It will move to httpx, I could plan to use ssl verifications (but it will definitly complexify the thing !)
But sure, it can be more valuable to be able to tests ssl keychains.
