Payload Details with std.net.curl:post

Kyle Ingraham kyle at kyleingraham.com
Mon Nov 29 01:49:37 UTC 2021 

On Sunday, 28 November 2021 at 07:27:35 UTC, ikod wrote:
> On Sunday, 28 November 2021 at 01:06:45 UTC, Kyle Ingraham 
> wrote:
>> On Saturday, 27 November 2021 at 22:18:48 UTC, ikod wrote:
>>> On Saturday, 27 November 2021 at 20:31:16 UTC, Kyle Ingraham
>
>
> Hi Kyle,
>
>
>> ```
>> object.Exception at C:\Users\Kyle 
>> Ingraham\AppData\Local\dub\packages\requests-2.0.2\requests\source\requests\streams.d(890): ssl connect failed: certificate verify failed
>> ```
>>
>> I checked the issues page for `hunt-http` and saw that there 
>> were similar reports there from Windows users (I have not 
>> verified them myself). I did not try `vibe-http` because the 
>> callback interface in the docs wasn't one that grabbed me.
>>
>>
>> Do you have tips on why I might be getting that exception? I'm 
>> guessing I need to point `requests` at a trust store.
>
>
> Yes, trust store location can be the problem. I hope you 
> checked this readme sections: 
> [windows-ssl-notes](https://github.com/ikod/dlang-requests#windows-ssl-notes) and [ssl-settings](https://github.com/ikod/dlang-requests#ssl-settings).
>
> It is difficult to answer without having more details, but I 
> recently fixed a bug that could lead to a similar problem on 
> 32-bit systems (regardless of OS). If this is your case, then 
> you can try to use the latest commit from the github. Anyway, 
> it would be nice if you create an issue on github and post more 
> details there, so that I can try to reproduce the problem.

I had read those sections but couldn't figure out which 
combination of certificates and function calls would make a 
difference for my URL.

I found https://pki.goog/repository/ which has links to all 
certificates relevant to Google URLs. I worked my way down the 
certificate chain and the call that worked was:

```D
auto rq = Request();
rq.sslSetCaCert(r"gtsr1.pem");
```

That certificate is for one of Google's root CAs but not the root 
of the certificate chain. With that combination my request worked 
and the payload was delivered successfully. I was also able to 
see the payload that had been sent in my request which was my 
motivation for starting this thread in the first place.

I think my trouble here was mostly due to my limited familiarity 
with SSL verification. I ended up using a CA certificate and the 
method made available was `sslSetCaCert`. A bit obvious when I 
look back. I had not used it at first because it was referenced 
as being needed for vibe.d and when perusing `requests` I thought 
that it wasn't being called for my setup.

Glad to have a working setup now. Thank you ikod for stopping by 
and asking about my experiences outside of `std.net.curl`.

P.S. `openssl s_client -connect <URL>:443` was useful for viewing 
the certificate chain.

More information about the Digitalmars-d-learn mailing list