How to disable ssl verification when making a get request to https

Hello - I have the following code

require "http/client"
require "openssl"


class Harbor

    def initialize(p2env : String, microsvc : String)
        @p2env = p2env
        @microsvc = microsvc
    end 

    def get_last_image
        url = URI.parse("https://example.com/api/v2.0/projects/#{@p2env}/repositories/#{@microsvc}/artifacts?page=1&page_size=1&with_
        ā”‚                tag=true&with_label=false&with_scan_overview=false&with_signature=false&with_immutable_status=false&q=type=IMAGE")
        headers = HTTP::Headers.new
        headers["Authorization"] = "Basic xxxxx"
        #headers["Accept"] = "application/json"
        #headers["X-Accept-Vulnerabilities"] = "application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"

        resp = HTTP::Client.get(url, headers)

        if resp.status_code == 200 
            puts "Response: #{resp.body}"
        else 
            puts "Error: #{resp.status} - #{resp.body}"
        end

    end
end


last_dev = Harbor.new("dev2-p2", "profilesservice")

last_dev.get_last_image

it fails with the following error. Is there an option to turn off ssl cert verification ?

Unhandled exception: SSL_connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (OpenSSL::SSL::Error)
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/openssl/ssl/socket.cr:34:11 in 'initialize'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/openssl/ssl/socket.cr:3:5 in 'new:context:sync_close:hostname'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:802:5 in 'io'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:678:19 in 'send_request'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:609:5 in 'exec_internal_single'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:592:18 in 'exec_internal'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:585:7 in 'exec'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:721:5 in 'exec'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:753:7 in 'exec'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:410:3 in 'get'
  from HarborApi.cr:22:9 in 'get_last_image'
  from HarborApi.cr:36:1 in '__crystal_main'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/crystal/main.cr:129:5 in 'main_user_code'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/crystal/main.cr:115:7 in 'main'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/crystal/main.cr:141:3 in 'main'
  from /lib/x86_64-linux-gnu/libc.so.6 in '__libc_start_main'
  from /home/raj/.cache/crystal/crystal-run-HarborApi.tmp in '_start'
  from ???

The HTTP::Client.get class method has an optional tls parameter, which you could use to pass a custom OpenSSL::SSL::Context::Client instance.

ctx = OpenSSL::SSL::Context::Client.new
ctx.verify_mode = OpenSSL::SSL::VerifyMode::NONE

# alternatively:
# ctx = OpenSSL::SSL::Context::Client.insecure

resp = HTTP::Client.get(url, headers, tls: ctx)
1 Like

Thank you for your reply. I added the following

        ctx = OpenSSL::SSL::Context::Client.new
        ctx.verify_mode = OpenSSL::SSL::VerifyMode::NONE

        resp = HTTP::Client.get(url, headers, tls: ctx)
        

Now, Iā€™m getting the following error

Unhandled exception: Unsupported HTTP version: 400 (Exception)
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client/response.cr:134:7 in 'from_io?'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:610:5 in 'exec_internal_single'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:592:18 in 'exec_internal'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:585:7 in 'exec'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:721:5 in 'exec'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:753:7 in 'exec'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/http/client.cr:410:3 in 'get:tls'
  from HarborApi.cr:24:9 in 'get_last_image'
  from HarborApi.cr:38:1 in '__crystal_main'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/crystal/main.cr:129:5 in 'main_user_code'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/crystal/main.cr:115:7 in 'main'
  from /home/raj/.asdf/installs/crystal/1.10.1/share/crystal/src/crystal/main.cr:141:3 in 'main'
  from /lib/x86_64-linux-gnu/libc.so.6 in '__libc_start_main'
  from /home/raj/.cache/crystal/crystal-run-HarborApi.tmp in '_start'
  from ???

I also tried with ctx = OpenSSL::SSL::Context::Client.insecure still the same error

Edit: The issue is resolved. The issue was multiline URI.parse that was causing the above error.