NetWebClient : sending "HTTPS" to an insecure server

[AtoB]

I've been strugling to get a locally installed wordpress/woocommerce api working. The site is local and I've not been able to get a certificate on the site working (tried several plugins at no avail).

I found out (using Postman) that the woocommerce api needs "https" in the GET in order to work, although the wordpress site is actually insecure. In Postman the GET with https will by default activate ssl, but you can optionally ignore the invalid certificate and so effictively work insecurely.

In Nettalk (NetWebClient, see "netwww.clw") I found out that commenting out the following line (no. 660) in the .fetch method

  if lower(self._CommandURLSt.UrlProtocolOnly()) = 'https' then self.SSL = true.

will do the "trick" for me. Now I the api (at least for GET works).

So can I (via Nettalk) send the text "https" without actually making traffic secure in a clean manner somehow?

Or is there another way to tell netwebclient to ignore the ssl stuff (so effectively disabling SSL certificate verification)?

B.t.w.

If someone knows how to get the local site secure easily, that suggestion is welcome too

TIA

[Bruce]

Hi Ton,

your post leads me to so many questions...


>> I've been struggling to get a locally installed wordpress/woocommerce api working. The site is local and I've not been able to get a certificate on the site working

I think you need to explain what you are doing here in more detail. I am inferring that you are running a server locally - but not a NetTalk server? And that server is then accessing WooCommerce remotely - as in the "server" is acting as a client to WooCommerce?

So far you've failed to get a certificate working on this server - and so now you're trying to figure out an alternative?

Your actual clarion program is talking to this server - presumably transferring sensitive information? - and you want this connection to be _insecure_?

I think you are on he wrong track here. I think what you should really be doing is telling us more about the server itself, what URL you use to speak to it from the clarion program, and what certificate approaches you have tried (and what outcomes came of that.)

Given your implication that this server will ave sensitive information you should absolutely be focused on making it secure, not somehow working around that.

Cheers
Bruce

[bshields]

Hi,

You cannot get an SSL certificate to work for a local IP like 192.168.X.X or 10.X.X.X or 127.0.0.1.

But, if you edit your hosts file (c:\windows\system32\drivers\etc\hosts) You can make a domain name point to a local address.

For example I have a domain inhabit.com.au, I can edit the hosts file on my local machine and add

192.168.0.100 inhabit.com.au

If I do this, if I try to go to inhabit.com.au it will go to the IP 192.168.0.100 (which could be my local machine) and in doing so, the SSL will work.

Not sure if this is what you need to know, but its how i do local ssl stuff.

Regards
Bill

[AtoB]

Hi Bruce,

(story of my life: me asking questions leading to even more questions :-) still learning to ask better questions )

This indeed is a locally installed wordpress/woocommerce site ONLY for development/testing purposes. There is a production site (secure!), but that one is filled with production data and I can access that environment nicely and without problems, but I tend to make lots of errors during development so I'd rather stay away from the production environment :-).

For some reason the woocommerce api requires the word "https" in the requests and I think it serves a (self created?) certificate now, but that gives me problems in all environments (clarion/nettalk : netsimple errorTrap : -69) because of "wrong" certificate.

PostMan gives me the option to send "https" and ignore the (validation of the) certificate/SSL part. I was looking for such a thing in Nettalk (NetWebClient) ...

I've tried installing a valid certificate with several wordpress plugins ("Really Simple SSL", "WP Encryption"), but they (for some reason) all fail ...

And I just want to program in Clarion/Nettalk :-)

regards,
Ton

[Bruce]

Hi Ton,

>> PostMan gives me the option to send "https" and ignore the (validation of the) certificate/SSL part. I was looking for such a thing in Nettalk (NetWebClient) ...

A good place to discover functionality is the NetDemo app (examples\netTalk\demo\netdemo)
That has a web client window, along with a SSL tab, where you can play with options.
There is indeed a setting to ignore the validation of the certificate.

Cheers
Bruce

[AtoB]

Hi Bruce & Bill,

the woocommerce site is "secure", but the certificate is probably "rubbish".

Now I found out (with the demo), that I simply need to activate "DontVerifyRemoteCertificateWithCARoot" and I'm good to go

Thanks for pointing me to this option

regards,
Ton