HTTPoison post request Handshake Failure

karang · December 18, 2020, 8:22am

I am getting the following error:

iex(16)> HTTPoison.post("https://myserver.com/api/v1.1.0/login",'{ "username": "myusername","password": "somepassword,"port": "80"}',[hackney: [ssl: [cacertfile: '/usr/local/share/ca-certificates/extra/RootCA.crt']]])   

14:54:26.183 [info]  TLS :client: In state :hello received SERVER ALERT: Fatal - Handshake Failure
 
{:error,
 %HTTPoison.Error{
   id: nil,
   reason: {:tls_alert,
    {:handshake_failure,
     'TLS client: In state hello received SERVER ALERT: Fatal - Handshake Failure\n '}}
 }}

We have a local RootCA.crt file which I have added to the OS and makes it so I can make a request with no problems. I am able to make this request in postman as well as from Python but not in Elixir. Perhaps my syntax is wrong or I don’t understand ssl properly (that’s definitely true!). This server is not accessible to the internet. I can provide more information if necessary. Thanks for any help!

lucaong · December 18, 2020, 8:42am

Not sure this is the actual issue, but the HTTPoison README does not use the atom :hackney in the SSL options:

url = "https://example.org/api/endpoint_that_needs_client_cert"
options = [ssl: [certfile: "certs/client.crt"]]
{:ok, response} = HTTPoison.post(url, [], options)

Even when passing a :cacertfile, it seems to be passed directly under :ssl: https://github.com/edgurgel/httpoison/blob/19f04da7949bf32141b8c3ff354e260542e4dd52/test/httpoison_test.exs#L125

akash-akya · December 18, 2020, 9:05am

Along with what @lucaong suggested, once you specify :ssl you have to specify all SSL options, hackney does not merge ssl options.

from hackney readme:

Note that ssl_options overrides all options passed to the ssl module.

karang · December 22, 2020, 2:12am

Thanks for the tips everybody. Unfortunately I think the problem lies with the IT department of the company I am working with. There appears to be some problems with their ssl setup. I can only access this api by setting a verify=false flag with the request. Which is ok for now but eventually they need to setup their certificates properly.

karang · March 16, 2021, 3:12pm

I solved this problem today like this:

HTTPoison.post("http://myserver.com/api/v1.1.0/login",'{ "username": "myusername","password": "somepassword,"port": "80"}',hackney: [:insecure])

I passed the insecure option to hackney and changed the https to http. I know this is not recommended but I need to login and I don’t have access to the SSL settings on the server.