Javascript XMLHttpRequest: Ignore invalid SSL Certificate

后端 未结 3 521
鱼传尺愫
鱼传尺愫 2021-02-07 12:40

so I have been having trouble with grabbing information from a device that is interfaced with via https due to the fact that it has an invalid security certificate. I know the

相关标签:
3条回答
  • 2021-02-07 13:14

    No, there isn't. XMLHTTPRequest doesn't allow you to override that. Being able to override SSL security might make sense in your case, but if you think about it, it would be a bad idea in general. You'd never want to allow arbitrary javascript code on the internet to connect to a supposedly secure service that the js host (the browser) knows has a possible MITM issue.

    0 讨论(0)
  • 2021-02-07 13:16

    I know the device is to be trusted

    Yes but you don't know whether you are really connected to the device.

    That is the purpose of the certificate. That's why it has to be valid.

    0 讨论(0)
  • 2021-02-07 13:18

    Well I had found this solution before but it didn't work, this was because I was still using actual XMLHttpRequest though. When creating it using this statement:

    httpreq = new ActiveXObject("Msxml2.ServerXMLHTTP.3.0");
    

    There is a method called setOption that is opened up for use:

    httpreq.setOption(2, 13056);
    

    With those parameters, the request now ignores the invalid certificate and grabs the information anyway. If I understand correctly this won't work with any non-Microsoft technology trying to run the script, but that's ok for the scope of my project.

    0 讨论(0)
提交回复
热议问题