API rest calls and certificate errors

edwappler · August 27, 2020, 9:10pm

Our developers are working on “an api call from with a server action” with a third party.
When attempting to connect to the third party, we are receiving Certificate verification errors, as the third party is utilizing self signed certificates.
We were unable to locate any options to at least during development; turn off the cert validation.

As a workaround we hard-coded the options into dmxConnectLib/…/api.php and all is well, at least until the next wappler release or full code push to the web server which would overwrite the workaround.
Secondly, the third party provider will be using their their self-signed certs and they will not be changing their methods any time soon.

What options can be set in Wappler GUII (and where); that would allow us to override the certificate validation options versus manually hardcoding the changes?

Ed

patrick · August 28, 2020, 7:03am

Seems that the options is indeed missing on the UI. The options is verifySSL and should default be set to false. So it should ignore the certificate verification.

What is the change that you made in api.php to make it work?

edwappler · August 28, 2020, 2:15pm

Hello Patrick, we added the following to api.php the code was placed after all other options were set and before the curl execute: (around lines 212-229 depending on the version of api.php deployed)

curl_setopt($handle, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($handle, CURLOPT_SSL_VERIFYSTATUS, FALSE);
curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, 0);

After discovering the default behaviour forced a certificate verify we tried to pass the verifySSL parameter in the options section (where the “url” is defined) of the JSON/php file (dmxConnectLib/dmxConnect.php) by manually editing the deployed on-disk version; the option did not appear to make any difference. Hence the changes to api.php which did work.

In retrospect the the last two php statements above may be omitted, but I need to retest.

patrick · August 31, 2020, 12:10pm

We already have CURLOPT_SSL_VERIFYPEER in the code and the default value should be FALSE. The option is being set on line 205. If that is missing then you perhaps have an old api.php file. If the last 2 options are also required then I can add them to our code, but I believe that only the verifypeer was needed.

edwappler · September 1, 2020, 12:56am

Hello Patrick, I have retested and I found that verifySSL is in fact present and now defaults to FALSE. Testing also reveals that

curl_setopt($handle, CURLOPT_SSL_VERIFYHOST, 0);

is still required.

Thinking forward, will it be possible to set these value within the UI?

patrick · September 1, 2020, 9:34am

The verifySSL option will be added to the UI