HttpRequest CGI test in Browser OK, in httpc return null, Why?

crashangelbr · June 17, 2020, 10:15pm

hello, how do i get the result of a cgi … if i put this address in the browse i get the return of a string but in the elixir it doesn’t return anything, why?
any http request from web return html page more in cgi no…

https://visl.sdu.dk/cgi-bin/visl.pt.cgi?parser=roles&visual=cg-dep&symbol=cg&inputlang=pt&text=olhar

def call() do
    :ssl.start
    {:ok, conn} = :httpc.request(:get, {'https://visl.sdu.dk/cgi-bin/visl.pt.cgi', []}, ["application/x-www-form-urlencoded"] ,["parser=roles&visual=cg-dep&symbol=cg&inputlang=pt&text=olhar"])
  end

dimitarvp · June 17, 2020, 10:41pm

Summoning @voltone.

Exadra37 · June 17, 2020, 10:46pm

crashangelbr:

def call() do
    :ssl.start
    {:ok, conn} = :httpc.request(:get, {'https://visl.sdu.dk/cgi-bin/visl.pt.cgi', []}, ["application/x-www-form-urlencoded"] ,["parser=roles&visual=cg-dep&symbol=cg&inputlang=pt&text=olhar"])
  end

Please don’t use :httpc directly because :ssl.start doesn’t do what the names says it does, aka it doesn’t enforce the verification of the TLS certificates unless you explicitly tell it to do so.

Check this video for more details:

voltone · June 19, 2020, 7:19am

The query should be passed as part of the URL. This should work (and keep your TLS connection secure), assuming you have a CA trust store at the given location:

:ssl.start()
:inets.start()
:httpc.request(:get, {'https://visl.sdu.dk/cgi-bin/visl.pt.cgi?parser=roles&visual=cg-dep&symbol=cg&inputlang=pt&text=olhar', []}, [
  ssl: [
    verify: :verify_peer,
    cacertfile: '/etc/ssl/certs/ca-certificates.crt',
    customize_hostname_check: [
      match_fun: :public_key.pkix_verify_hostname_match_fun(:https)
    ],
  ]
], [])

If you prefer to use a Hex package for your CA trust store, have a look at ‘certifi’ or ‘castore’…

Exadra37 · June 19, 2020, 8:51am

When will OTP fix this security vulnerability? It needs a CVE for them to take action?