SSL error
jg-repos opened this issue · 12 comments
Error in function (type, msg, asError = TRUE) :
SSL certificate problem: self signed certificate in certificate chain
loginBF wants to verify SSL certificates with path inputs
Fix:
loginBF2 = function(username, password, applicationKey)
{
credentials <- paste("username=", username, "&password=", password, sep = "")
headersLogin <- list(Accept = "application/json", X-Application = applicationKey)
loginReturn <- RCurl::postForm("https://identitysso.betfair.com/api/login", .opts = list(postfields = credentials, httpheader = headersLogin, ssl.verifypeer = FALSE))
authenticationKey <- jsonlite::fromJSON(loginReturn)
headersPostLogin <- NULL
headersPostLogin <<- list(Accept = "application/json", X-Application = authenticationKey$product,
X-Authentication = authenticationKey$token, Content-Type = "application/json")
}
just added the ssl verification = FALSE in the RCurl options
Seems valid and a good fix. This one didn't crop up for me, as I guess I didn't have a self signed certificate in place. My only concern would be one of security. That risk is slight, but would it be better to write an if loop to deal with the error this throws? Although I suppose I could make this change now, as a quick fix, and deal with the error loop when I take on writing a wider set of error checking. Would appreciate your thoughts.
I'm by no means experienced in coding R or any other language. I was playing around with that login function all day and the only way I could get R to login was to disable the SSL check which is a good quick fix i suppose, but i agree about the concern for security. I tried adding:
cainfo = path.expand("~/client-2048.crt")
into the the RCURL POST but this would give me this first error again or an unmatched table error i cant reproduce. I know my certificates work because i was able to login to Betfair with them using cURL with Cygwin. I just think the RCurl error messages are generic and dont give enough insight into the problem. I think the error message is caused by the restriction of only being able to submit either a certificate or a key because Betfair wants both (according to the cURL requirements). Coming back to your thoughts about if loops, and think that would be a great idea to create a loop that would bypass the SSL certificate for people who are on delay and trying to just play around like im doing right now. And i appreciate the time you took to build this package, ive seen a lot of people wanting an R package for the new Betfair API-NG.
Before I make any changes, I was wondering if you were connecting through a proxy of some description? Just trying to figure out the circumstances where people are using a self signed certificate.
That completely slipped my mind, and yeah i am behind a proxy.
I think the way I am going to address this is to add another argument to the loginBF() function. By default ssl.verifypeer = TRUE, but people hitting the same error as this can manually set it to ssl.verifypeer = FALSE, from within their R code.
In this way, the default login always retains the best security through a verified SSL certificate, however people can still choose to manually change this to achieve login.
I didn't want a simple "if" loop, as it would mean some logins may default to non-verified SSL certificates, without the user being aware of it. And I didn't want to particularly add a stop to the loop, requiring user input acknowledgment, as this would make the automation process more difficult for those with self-signed certificates.
Hopefully the new argument option, with appropriate documentation, will work well.
Looking forward to the fix. I'll let you know if any more error pop up.
I've released a fix for this error. Please do re-install the package to test. loginBF() has a new argument - sslVerify. This defaults to TRUE, but may be explicitly changed to FALSE for self signed SSL certificates. If the fix tests successfully I'll close this issue.
Hi Phil,
I think the sslVerify argument needs to be added to each of the places where the PostForm() function is used, namely listEventTypes.R, listCountries.R, listMarketTypes.R, listCountries.R, listMarketBook.R, listMarketCatalogue.R and placeorders.R.
BTW the package looks as if it could be very useful, thanks for putting on github. I wondered how a cancelOrder function might look, do you have a design for it yet? If you'd like me to make a contribution in some way I'd be happy to try and help.
Regards,
Jason
Thanks Jason. Not the news I'd hoped, but at least the fix should be straight forward, if not elegant.
Haven't looked at cancelOrder yet and thanks for the offer of assistance. Please drop me an email directly. phill [at] starkingdom.co.uk as I'd like to hear more about your cancelOrder use cases.
Hey Phill does the 0.1.2 release fix all the scripts in the abettoR package or just the login? I've got the functions updated to work in R from your original package, so i'm in no rush. Just want to help confirm the package works when everything is fixed.
Apologies it's taken me so long to address this issue. However, now all functions support the sslVerify parameter (v0.1.3).
At this time, it was easiest and quickest to simply add the sslVerify parameter to all functions, rather than implement a global sslVerify function. The current solution has been tested with all functions and appears to work, but is a little inelegant. You will need to set sslVerify = FALSE as a parameter for all abettor functions, if the SSL verification is failing.
If either mrbub or JJHeathview can confirm this solution fixes the problem, I'll close out the issue.
Assuming fixed, so closing.