Disable SSL/TLS certificate validation in Network.HTTP.Conduit

Question

I use the http-conduit library version 2.0+ to fetch the contents from a http:// URL:

import Network.HTTP         


        

Answer 1

simpleHttp itself does not support this feature. You'll need to create a manager with modified ManagerSettings and then use that to fetch the URL.

Note that this code only applies for http-conduits version 2.0+ -- the library version 1 has a similar yet different API for this purpose.

import Network.HTTP.Conduit
import Network.Connection
import qualified Data.ByteString.Lazy.Char8 as LB

myurl = ... -- Your URL goes here

-- | Get a new Manager that doesn't verify SSL certificates
noSSLVerifyManager :: IO Manager
noSSLVerifyManager = let tlsSettings = TLSSettingsSimple {
                            -- This is where we disable certificate verification
                            settingDisableCertificateValidation = True,
                            settingDisableSession=False,
                            settingUseServerName=True}
                     in newManager $ mkManagerSettings tlsSettings Nothing

-- | Download like with simpleHttp, but using an existing manager for the task
simpleHttpWithManager :: Manager -> String -> IO LB.ByteString
simpleHttpWithManager manager url = do url' <- parseUrl url
                                       fmap responseBody $ httpLbs url' manager

main = do manager <- noSSLVerifyManager
          content <- simpleHttpWithManager manager myurl
          print $ content

Note that you should only disable SSL certificate verification if absolutely neccessary, as it makes you vulnerable for man-in-the-middle attacks