abao icon indicating copy to clipboard operation
abao copied to clipboard

Published 20 hours ago verified publisher icon cybertk

Security Certificate Issue

Open agrover8 opened this issue 8 years ago • 6 comments

Hi, I am getting Uncaught AssertionError: expected [Error: self signed certificate] to equal error in ABAO as my API's is using secured certificate. Is there any way in ABAO if I can pass the security certificate file?

agrover8 avatar Mar 07 '16 15:03 agrover8

How would you define your test if all you had was curl? If you can describe your use-case, maybe I can come up with something... Otherwise, wondering if this isn't something you can already do with HTTP headers...

plroebuck avatar Mar 17 '16 02:03 plroebuck

Hi @plroebuck, one use case for this is running Abao on a local development environment, where you may need to use a self-signed certificate for logistical reasons or convenience. If I had to define the test via cURL, I'd use its -k/--insecure insecure option on the command line or set the CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST options to 0 if I were using libcurl.

itafroma avatar Jun 17 '16 20:06 itafroma

If the idea is to do insecure testing, would this work?

$ env NODE_TLS_REJECT_UNAUTHORIZED=0 abao api.raml --server localhost:8181

plroebuck avatar Jun 18 '16 19:06 plroebuck

That totally works, thanks!

itafroma avatar Jun 26 '16 00:06 itafroma

@agrover8, does the workaround above address your issue? Still need a real longterm solution, but we can document this as stand-in procedure until then...

plroebuck avatar Jun 26 '16 18:06 plroebuck

@plroebuck the use case is one where the server is secured using Mutual TLS. So a specific cert needs to be passed by the client. Curl handles it with the --cert option. Here is a description of how it works with curl: http://callistaenterprise.se/blogg/teknik/2011/04/04/curl-mutual-authentication-and-web-services/

gbarker avatar Sep 09 '16 19:09 gbarker