maestro icon indicating copy to clipboard operation
maestro copied to clipboard
verified publisher icon mobile-dev-inc

Allow SSL verification to be disabled locally

Open Conor-Hughes opened this issue 7 months ago • 3 comments

Use case

We're developing an Expo app with a Laravel backend. We're using a JS script to use http to create a user on our test server:

function createNewUser() {
  const url = 'https://our-api.test/factory/user';

  const response = http.post(url, {
    body: JSON.stringify({
      email: '[email protected]',
      password: 'password'
    }),
    headers: {'Content-Type': 'application/json'}
  });

  const data = json(response.body);
  return data;
}

output.user = createNewUser();

However, the request fails with:

org.mozilla.javascript.WrappedException: Wrapped javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (../scripts/createUser.js#10)                                              
        at org.mozilla.javascript.Context.throwAsScriptRuntimeEx(Context.java:1825)
        ....
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Which is understandable since we're using a self-signed Laravel Valet certificate to develop locally.

We want to use our local API for running tests against so need to either:

  1. Ignore SSL verification locally
  2. Pass in a custom certificate store

I've had a look and it seems there's no way to configure Maestro to do either. Is this something that could be added?

Happy to create a PR if this is something that would be useful!

Proposal

We add a new key that allows the user to disable SSL verification on a request:

const response = http.post(url, {
    body: JSON.stringify({
      email: '[email protected]',
      password: 'password'
    }),
    headers: {'Content-Type': 'application/json'},
    verify: false,
  });

Anything else?

No response

Conor-Hughes avatar May 27 '25 10:05 Conor-Hughes

MAE-184 Allow SSL verification to be disabled locally

linear[bot] avatar May 27 '25 10:05 linear[bot]

Hi @Conor-Hughes did you happen to find any workaround for this? I am also encountering the same issue when sending out http requests

CloseTheTicket avatar Jul 18 '25 21:07 CloseTheTicket

Under the hood, it's just a wrapper around okhttp3 - maybe that already has a parameter for this? Probably not, given it'd be a weird thing to do on a per-request basis, but it's an avenue of Googling someone could pick up?

Fishbowler avatar Aug 06 '25 08:08 Fishbowler