问题
so I have been having trouble with grabbing information from a device that is interfaced with via https due to the fact that it has an invalid security certificate. I know the device is to be trusted and I don't have access to the server-side so I can't change it. I was wondering if there was any way to set up an XMLHttpRequest object in Javascript to just ignore an invalid SSL certificate and just grab the information anyway. As it is now it seems to just reject the certificate and stop. Thanks.
回答1:
Well I had found this solution before but it didn't work, this was because I was still using actual XMLHttpRequest though. When creating it using this statement:
httpreq = new ActiveXObject("Msxml2.ServerXMLHTTP.3.0");
There is a method called setOption that is opened up for use:
httpreq.setOption(2, 13056);
With those parameters, the request now ignores the invalid certificate and grabs the information anyway. If I understand correctly this won't work with any non-Microsoft technology trying to run the script, but that's ok for the scope of my project.
回答2:
I know the device is to be trusted
Yes but you don't know whether you are really connected to the device.
That is the purpose of the certificate. That's why it has to be valid.
回答3:
No, there isn't. XMLHTTPRequest doesn't allow you to override that. Being able to override SSL security might make sense in your case, but if you think about it, it would be a bad idea in general. You'd never want to allow arbitrary javascript code on the internet to connect to a supposedly secure service that the js host (the browser) knows has a possible MITM issue.
来源:https://stackoverflow.com/questions/4490723/javascript-xmlhttprequest-ignore-invalid-ssl-certificate