How to use a Self Signed CA Cert with an API about restish HOT 7 CLOSED

You could use HTTP rather than HTTPS for quick testing locally. We'll need to add a commandline argument or config to load custom certs (or disable cert checking). I'm willing to review PRs for that.

Using HTTP is easier said than done in some scenarios, e.g. running multiple docker/lxc containers with interdependent service APIs against the software being written, where some services even refuse to talk to other services via non-HTTPS connections.

If you consider certificate check disabling / custom cert support worthwhile addition, maybe you could create a task out of it with some details from where to start (I for example have done no Go development at all), label it as 'good first issue' or alike, to increase likelihood of PRs appearing, so that maybe sometime I can make use of this really useful looking project.

from restish.

I second that question, and also ask is it somehow simply possible to skip any certificate verification for quick local tests? The error message it gives is:

ERROR: Caught error: Get "https://host:port/api": x509: certificate signed by unknown authority

from restish.

You could use HTTP rather than HTTPS for quick testing locally. We'll need to add a commandline argument or config to load custom certs (or disable cert checking). I'm willing to review PRs for that.

from restish.

That is unlikely to happen from me, primarily as my team decided we should implement our own CLI for the internal API instead of creating a wrapper for restish. Thanks for the offer of spending time to review a PR tho (reviewing PR's can be time consuming).

from restish.

@jonathan-kaufman-by, @unserializable I've added an --rsh-insecure parameter to disable TLS checks if needed in 9376569.

Before:

$ restish https://untrusted-root.badssl.com/ -v
DEBUG: Configuration: map[app-name:restish config-directory:/Users/dtaylor/.restish rsh-filter: rsh-header:[] rsh-insecure:false rsh-no-cache:false rsh-no-paginate:false rsh-output-format:auto rsh-profile:default rsh-query:[] rsh-raw:false rsh-server: rsh-verbose:true server-index:0]
DEBUG: Making request:
GET / HTTP/1.1
Host: untrusted-root.badssl.com
Accept: application/cbor;q=0.9,application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,text/*;q=0.2,*/*
Accept-Encoding: br, gzip
User-Agent: restish-dev


ERROR: Caught error: Get "https://untrusted-root.badssl.com/": x509: certificate signed by unknown authority

After:

$ restish https://untrusted-root.badssl.com/ -v --rsh-insecure
DEBUG: Configuration: map[app-name:restish config-directory:/Users/dtaylor/.restish rsh-filter: rsh-header:[] rsh-insecure:true rsh-no-cache:false rsh-no-paginate:false rsh-output-format:auto rsh-profile:default rsh-query:[] rsh-raw:false rsh-server: rsh-verbose:true server-index:0]
WARN: Disabling TLS security checks
DEBUG: Making request:
GET / HTTP/1.1
Host: untrusted-root.badssl.com
Accept: application/cbor;q=0.9,application/msgpack;q=0.8,application/ion;q=0.6,application/json;q=0.5,application/yaml;q=0.5,text/*;q=0.2,*/*
Accept-Encoding: gzip, br
User-Agent: restish-dev


DEBUG: Got response from server in 199.462334ms:
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Cache-Control: no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Sat, 30 Jan 2021 21:45:36 GMT
Etag: W/"5e79513a-258"
Last-Modified: Tue, 24 Mar 2020 00:15:54 GMT
Server: nginx/1.10.3 (Ubuntu)
...

You can also set RSH_INSECURE=1 in your environment.

from restish.

Awesome, Thank you.

from restish.

I have given it a try now and it indeed allows to perform experiments on "secured" APIs now. Couple of notes:

• ERROR: Caught error: Get "https://untrusted-root.badssl.com/api/v1/user": x509: certificate signed by unknown authority -- possibly this error message could also offer hint about --rsh-insecure / RSH_INSECURE
• From the documentation table for global options (https://rest.sh/#/configuration?id=global-configuration), it is not immediately clear whether the value of RSH_INSECURE should be
  • set to some value from predetermined value set (that is nowhere to be seen)
  • should be just defined, even if empty (RSH_INSECURE=) and its value does not matter
  • set either as 0 / 1 (I used RSH_INSECURE=1, as I came back to task comment and you had mentioned that here)

Thank you very much, @danielgtaylor!

from restish.