Open-EO/openeo-r-client

Fail to connect locally hosted openEO backend - Not connecting due to Self Signed Certificate

przell opened this issue · 5 comments

Hi Florian,
we have locally hosted an openEO backend on top of rasdaman at EURAC for a big data course.
I try to acces through the openeo-r-client like this (the x are there for masking):

driver_url = "https://xx.x.xxx.xxx:xxxx/" 
user = "xxx"
password = "xxx"
conn = connect(host = driver_url, 
               user = user, 
               password = password, 
               login_type = "basic")

I get the error:
SSL certificate problem: self signed certificateError in con$connect(url = host, version = version)$login(user = user, :
attempt to apply non-function

When I access directly in the browser I get the warning:
Your connection is not private
NET::ERR_CERT_AUTHORITY_INVALID

But I can choose to Proceed to xx.x.xxx.xxx (unsafe)

Would it be possible to include the Proceed to xx.x.xxx.xxx (unsafe) somehow into the r package?
Best,
Peter
@prateekbudhwar
@aljacob

flahn commented

I use the httr package (more or less a curl wrapper) for the HTTP communication. Maybe you can try to set the global httr options:
httr::set_config(httr::config(ssl_verifypeer = 0L))

Found at stackoverflow

If this works, I can also add this as an additional connection parameter, probably next week.

Thanks for the suggestion. This solved the last error. But resulted in a new one.

driver_url = "https://xx.x.xxx.xxx:xxxx/" # This driver creates the SSL certificate problem. Is also not solved by httr::set_config()

user = "xxx"
password = "xxx"
httr::set_config(httr::config(ssl_verifypeer = 0L))

#' establish the connection
conn = connect(host = driver_url, 
               user = user, 
               password = password, 
               login_type = "basic")

SSL: certificate subject name 'Alexander Jacob' does not match target host name '10.8.244.203'Error in con$connect(url = host, version = version)$login(user = user, :
attempt to apply non-function

Best,
Peter

flahn commented

It seems httr is completely passing all parameters into curl, which is good. The R-client, or to be more precise 'curl' is negotiating a SSL handshake with the back-end and your back-end uses a self signed key. However, curl is resolving all informations from the certificate (first it checks if the certificate is peer reviewed, then it checks subject in the certificate matches the host).

httr::set_config(httr::config(ssl_verifyhost= 0L)) should disable the second check.

HTTR options: https://rdrr.io/cran/httr/man/httr_options.html
CURL problems with self signed certificate: https://stackoverflow.com/questions/44445368/curl51-ssl-certificate-subject-name-does-not-match-target-host-name?rq=1

Thanks Florian! The combination of the two commands works!

httr::set_config(httr::config(ssl_verifypeer = 0L))
httr::set_config(httr::config(ssl_verifyhost= 0L))

Are these global options for the r session or could they be integretade into the function connect(). Don't know if this is a good idea.
Thanks a lot!

flahn commented

those are global options for the httr package which handles the technical part of the HTTP(S) interactions. Usually the SSL certificated should be valid if this runs on a server and should not be part of the connect() function. I also understand that this would be great for development.