How to ignore SSL check for resource http_request in cookbook

Hi All,

In my recipe I want to test a POST request with resource http_request in a
chef client:

http_request ‘posting data’ do

action :post

url ‘https://my_restful_service:8080/test’

message ‘{}’

headers({‘Authorization’ => "Basic #{

Base64.encode64('guest:guest ')}",

'Content-Type' => 'application/xml'

})

end

And get below errors in the chef client node:

[2015-08-05T05:18:38-04:00] ERROR: http_request[posting data] (test::default
line 14) had an error: OpenSSL::SSL::SSLError: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed

[2015-08-05T05:18:38-04:00] FATAL: Chef::Exceptions::ChildConvergeError:
Chef run process exited unsuccessfully (exit code 1)

How to solve this? Is it possible disable SSL checking for this?

And if the post succeed how to do something based on the post status and
response content?

Thanks & Regards

Jason

On Saturday, September 26, 2015 at 9:32 PM, jeffty wrote:

Hi All,

In my recipe I want to test a POST request with resource http_request in a
chef client:

http_request ‘posting data’ do

action :post

url ‘https://my_restful_service:8080/test’

message ‘{}’

headers({‘Authorization’ => "Basic #{

Base64.encode64('guest:guest ')}",

‘Content-Type’ => ‘application/xml’

})

end

And get below errors in the chef client node:

[2015-08-05T05:18:38-04:00] ERROR: http_request[posting data] (test::default
line 14) had an error: OpenSSL::SSL::SSLError: SSL_connect returned=1
errno=0 state=SSLv3 read server certificate B: certificate verify failed

[2015-08-05T05:18:38-04:00] FATAL: Chef::Exceptions::ChildConvergeError:
Chef run process exited unsuccessfully (exit code 1)

How to solve this? Is it possible disable SSL checking for this?
The SSL verify setting is global, so you’d need to modify Chef::Config[:ssl_verify_mode] before and after (you can do that with ruby_block resources). Though if the certificate is reasonable (i.e., the hostname stuff is correct), but it’s just not signed, you can use knife ssl fetch to pull down the cert and make chef trust it thereafter.

And if the post succeed how to do something based on the post status and
response content?

Noah just posted a tip on doing this in his blog: https://coderanger.net/chef-tips/#4

Thanks & Regards

Jason


Daniel DeLeo