Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

command line ssl_verifypeer false #194

Closed
fvanderbiest opened this issue Mar 4, 2015 · 11 comments
Closed

command line ssl_verifypeer false #194

fvanderbiest opened this issue Mar 4, 2015 · 11 comments

Comments

@fvanderbiest
Copy link

I'm currently proofing my jekyll-generated site with htmlproof ./_site and I'd like to get rid of those warnings:

External link failed: 302 Peer certificate cannot be authenticated with given CA certificates
External link  failed: 0 SSL connect error
External link  failed: 302 SSL connect error

I could not find any documentation on how to disable ssl_verifypeer using the htmlproof binary.
@doktorbro
Copy link

The usage of the option ssl_verifypeer is a mystery. See #141.

@doktorbro
Copy link

Can you try to curl your link and show us the output?

curl --url https://www.example.com/ --verbose

@fvanderbiest
Copy link
Author

Sure.

$ curl --url https://sdi.georchestra.org/ci/ --verbose
* Hostname was NOT found in DNS cache
*   Trying 195.154.179.143...
* Connected to sdi.georchestra.org (195.154.179.143) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*    subject: C=FR; CN=sdi.georchestra.org; emailAddress=webmaster@georchestra.org
*    start date: 2014-12-30 15:31:45 GMT
*    expire date: 2015-12-31 19:14:52 GMT
*    subjectAltName: sdi.georchestra.org matched
*    issuer: C=IL; O=StartCom Ltd.; OU=Secure Digital Certificate Signing; CN=StartCom Class 1 Primary Intermediate Server CA
*    SSL certificate verify ok.

An other one

$ curl --url https://gitlab.geo.gob.bo/adsib/georchestra_ansible/tree/master --verbose
* Hostname was NOT found in DNS cache
*   Trying 200.87.148.69...
* Connected to gitlab.geo.gob.bo (200.87.148.69) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

@sroberts
Copy link

I'm also running into some similar errors, though only in CI (Circle & Travis both). It cleanly on my system though. Using the --only-4xx option works, but obviously I don't like missing all those checks.

@gjtorikian
Copy link
Owner

@sroberts Out of curiosity is your CI configured to run on Ubuntu 14.10? (I think Travis has a beta option for configuring this now.)

I ask because previously it looks like OS X and 12.04 are fine with the config, but 14.10 changed something. Just want to make sure this is not actually a 12.04 problem too.

@doktorbro
Copy link

From what I see the binary ignores Typhoeus options. I think #175 could be the solution for an easygoing command line usage.

@sroberts
Copy link

@gjtorikian According to CircleCIs documentation, and I don't think I'm doing anything special with it, this should be a 12.04 VM.

@akshayrawat
Copy link

Any updates on this? I'm seeing the same behavior on OSX (no error) and CircleCI (error).

@akshayrawat
Copy link

For now I've fixed it for CircleCI by specifying sudo apt-get install libcurl3-dev as a prerequisite dependency.

jtslear added a commit to jtslear/jtslear.github.io that referenced this issue Nov 4, 2016
@jtslear
Cuz apparently there's some CA issues on the build servers
551e8c4 
* See here: gjtorikian/html-proofer#194
jtslear added a commit to jtslear/jtslear.github.io that referenced this issue Nov 4, 2016
@jtslear
Adds post regarding memory freezing
be03c5d 
* fix rubocop problems
* removes dead links
* Cuz apparently there's some CA issues on the build servers
  * See here: gjtorikian/html-proofer#194
@fulldecent fulldecent mentioned this issue May 18, 2017
Merged
ddgenome pushed a commit to atomisthq/docs that referenced this issue May 25, 2017
Try to fix HTML Proofer SSL error
8d86ff2 
Installing libcurl3-dev seems to fix SSL error HTML Proofer gets when
trying to get https://mochajs.org/ .  See
gjtorikian/html-proofer#141
gjtorikian/html-proofer#194
gjtorikian/html-proofer#376
ddgenome pushed a commit to atomisthq/docs that referenced this issue May 25, 2017
Integrate handler testing with test doc
91694bb 
Give the entire rug test doc the once-over, integrating the content on
handler testing and adding as much missing stuff as I could think of.

Install libcurl3-dev to fix HTML Proofer SSL error when it tests
https://mochajs.org/ see
gjtorikian/html-proofer#141
gjtorikian/html-proofer#194
gjtorikian/html-proofer#376

Add retry to HTML Proofer.

Address review comments.
glasnt added a commit to glasnt/2017.djangocon.us that referenced this issue Jun 21, 2017
@glasnt
Attempt to correct html-proofer test errors
02c40d9 
gjtorikian/html-proofer#194 (comment)

"Peer certificate cannot be authenticated with given CA certificates"
jasonrudolph added a commit to atom/flight-manual.atom.io that referenced this issue Aug 17, 2017
@jasonrudolph
Attempt to fix html-proofer failure in CI
dbd89da 
xref: gjtorikian/html-proofer#194 (comment)
jasonrudolph added a commit to atom/flight-manual.atom.io that referenced this issue Aug 17, 2017
@jasonrudolph
Attempt to fix html-proofer failure in CI
9778f43 
xref: gjtorikian/html-proofer#194 (comment)
@SeanKilleen
Copy link
Contributor

SeanKilleen commented Jan 4, 2019
edited
Loading

If you're looking to set ssl_verifypeer as a typhoeus option, #490 was just merged which I think should allow this from the command line once the next gem release is published.

The syntax would be along the lines of ruby htmlproofer --typhoeus-config '{ "ssl_verifypeer": false }' [directory I'm testing]

@gjtorikian
Copy link
Owner

Seems a solution for this was already implemented!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@sroberts @gjtorikian @akshayrawat @fvanderbiest @SeanKilleen @doktorbro