resolve " SSL certificate problem: unable to get local issuer certificate" with httr

Question

I know that there are many similar questions out there, e.g.

• Unable to get local issuer certificate using CURL
• SSL errors using MailChimp's API

but I'm having trouble finding my way through the answers and applying them to my specific case. Here's my MCVE:

library(httr)
url <- "http://www.ece.mcmaster.ca/~shirani/"
res <- try(http_status(GET(url,timeout(30))))

Error in curl::curl_fetch_memory(url, handle = handle) : SSL certificate problem: unable to get local issuer certificate

I'm pretty sure that this means the remote webserver is using a certificate that my system doesn't recognize. I believe there are two solutions, (1) tell httr/RCurl/curl to ignore the problem and operate in insecure mode (command line flag -k/--insecure) or (2) get and store an appropriate certificate somewhere.

setting 'insecure' options/ignoring the problem

An answer to this question suggests (for PHP)

use curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1) and curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false)

?httr:config() suggests

Generally you should only need to use this function to set CURL options directly if there isn't already a helpful wrapper function, like set_cookies, add_headers or authenticate. To use this function effectively requires some knowledge of CURL, and CURL options. Use httr_options to see a complete list of available options. To see the libcurl documentation for a given option, use curl_docs.

How would I go about putting this advice in practice?

httr_options() provides

206             ssl_verifyhost             CURLOPT_SSL_VERIFYHOST  integer
207             ssl_verifypeer             CURLOPT_SSL_VERIFYPEER  integer

but

res <- try(http_status(GET(url,timeout(max_time),
           config=list(ssl_verifyhost=0, ssl_verifypeer=0))))

gives the same error (as does including ssl_verifystatus=0, the only other ssl_* option I see).

obtaining the correct certificates, or hassling the web site maintainer

If I would rather do things correctly and not ignore the problems. How would I go about (1) identifying what certificate I need, (2) installing it on my system/using it within httr (I'm on Linux PopOS 18.04), (3) coherently communicating with the web site maintainer if they should update their certificate?

Answer 1

I was using config wrong. This seems to work:

res <- http_status(GET(url,config(ssl_verifypeer=0)))

I would still be interested in a more principled solution (i.e., figuring out how to install and deploy the correct certificates).