Open
Description
I have a client certificate and private key issued by a REST API provider. Somehow, I found it not being working with ureq (unlike for cURL and others).
Is that because 6D1A it tries to verify my client certificate before performing a request? If I'm doing something wrong, is there any working example how to do that right?
[2025-05-31 14:39:22][DEBUG] Call<Prepare>
[2025-05-31 14:39:22][DEBUG] GET https://myapiprovider.org/******
[2025-05-31 14:39:22][DEBUG] Resolved: ArrayVec { len: 1, arr: [1.2.3.4:443] }
[2025-05-31 14:39:22][DEBUG] Connected TcpStream to 1.2.3.4:443
[2025-05-31 14:39:22][DEBUG] Certificate verification disabled
[2025-05-31 14:39:22][DEBUG] Use client certficiate with key kind Pkcs1
thread 'main' panicked at /root/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/ureq-3.0.11/src/tls/rustls.rs:208:14:
valid client auth certificate: InvalidCertificate(Other(OtherError(UnsupportedCertVersion)))
My source code:
fn do_the_things() -> anyhow::Result<()> {
let key_contents = std::fs::read("client.key").context("read private key")?;
let pk = PrivateKey::from_pem(&key_contents).context("parse private key")?;
let cert_contents = std::fs::read("client.crt").context("read client cert")?;
let cert = Certificate::from_pem(&cert_contents).context("parse client cert")?;
let client_cert = ClientCert::new_with_certs(&[cert], pk);
let tlsconfig = TlsConfig::builder()
.client_cert(Some(client_cert))
.disable_verification(true)
.build();
let url = "https://myapiprovider.org/";
let config = Agent::config_builder()
.tls_config(tlsconfig)
.build();
let agent: Agent = config.into();
info!("Request {url}");
let body: String = agent.get(url)
.header("Example-Header", "header value")
.call().context("Connection failed")?
.body_mut()
.read_to_string().context("Read request failed")?;
Ok(())
}Metadata
Metadata
Assignees
Labels
No labels