Getting an error with ZAP proxy #737
marcdonovan
started this conversation in
General
Replies: 1 comment
-
|
Note that we generally don't support disabling certificate verification. That said, proxied requests should respect the SSL context object. We have enterprise users which make use of that functionality who need it to configure internal certificates for S2S communication. It's possible there's an issue with it though. If you discover the context object isn't being honored, a PR to fix that would be accepted. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am trying to proxy my app through Zed Attack Proxy and I have installed the ZAP certificate on my Windows machine. I can see the certificate in MMC under Trusted Root Certificates/Certificates. I have ZAP running on localhost port 8080 and this line of code throws an error:
response = HTTP.via("localhost", 8080).get('https://google.com')
Uncaught exception: SSL_connect returned=1 errno=0 peeraddr=127.0.0.1:8080 state=error: certificate verify failed (self signed certificate in certificate chain)
C:/Users/548156/wk/Ruby31-x64/lib/ruby/gems/3.1.0/gems/http-5.1.1/lib/http/timeout/null.rb:27:in
connect' C:/Users/548156/wk/Ruby31-x64/lib/ruby/gems/3.1.0/gems/http-5.1.1/lib/http/timeout/null.rb:27:inconnect_ssl'C:/Users/548156/wk/Ruby31-x64/lib/ruby/gems/3.1.0/gems/http-5.1.1/lib/http/timeout/null.rb:36:in
start_tls' C:/Users/548156/wk/Ruby31-x64/lib/ruby/gems/3.1.0/gems/http-5.1.1/lib/http/connection.rb:162:instart_tls'C:/Users/548156/wk/Ruby31-x64/lib/ruby/gems/3.1.0/gems/http-5.1.1/lib/http/connection.rb:45:in
initialize' C:/Users/548156/wk/Ruby31-x64/lib/ruby/gems/3.1.0/gems/http-5.1.1/lib/http/client.rb:70:innew'C:/Users/548156/wk/Ruby31-x64/lib/ruby/gems/3.1.0/gems/http-5.1.1/lib/http/client.rb:70:in
perform' C:/Users/548156/wk/Ruby31-x64/lib/ruby/gems/3.1.0/gems/http-5.1.1/lib/http/client.rb:31:inrequest'C:/Users/548156/wk/Ruby31-x64/lib/ruby/gems/3.1.0/gems/http-5.1.1/lib/http/chainable.rb:20:in
get' C:/Users/548156/wk/auto/main.rb:33:inrun_scan'Is this a version problem with openssl
$ openssl version
OpenSSL 1.1.1q 5 Jul 2022
I tried running this
ctx = OpenSSL::SSL::SSLContext.new
ctx.verify_mode = OpenSSL::SSL::VERIFY_NONE
but apparently that does not work for proxies. Is there a way to ignore proxy certificates?
Beta Was this translation helpful? Give feedback.
All reactions