0

TL;DR I have two questions.

  1. Is the SSL verification setting, either global or request level, available to the Postman scripting sandbox?
  2. Where is it and how to I access its value (globals.get, variables.get, etc)?

I'm writing a Go/Gin based API that serves HTTPS requests but uses a self-signed cert locally. I'd like to be able to run tests with Postman locally without having to disable SSL cert verification for each individual request or globally, and then re-enable SSL cert verification after the response is received (considering the security implications of forgetting this step).

The ideal case would be using a (Postman) environment variable to trigger collection pre-request script logic to temporarily disable SSL verification, but I haven't found anything in the documentation that clearly points to a way to do this. I tried console.logging out the different variable scopes with toObject(), but nothing really sticks out to me.

Since there is a per-request setting to disable SSL cert verification, as well as a global setting, it stands to reason that this should be able to be made available at the global and request script variable levels, but I can't say for sure if this is exposed to the scripting sandbox or not.

drognisep
  • 579
  • 1
  • 7
  • 16

2 Answers2

1

http://www.postmanlabs.com/postman-collection/

Try using postman collection sdk

var Certificate = require('postman-collection').Certificate,
   certificate = new Certificate({
    name: 'Certificate for example.com',
    matches: ['example.com'],
    key: { src: '/User/path/to/certificate/key' },
    cert: { src: '/User/path/to/certificate' },
    passphrase: 'iampassphrase'
});
PDHide
  • 18,113
  • 2
  • 31
  • 46
  • So does this add a server cert (and key) to the collection's list of accepted certs when doing verification? – drognisep Jan 19 '21 at 16:59
  • Interesting! I'll try this out and report back. :) – drognisep Jan 19 '21 at 17:05
  • I think it won't work its way of generating through script not from the scriipt itself – PDHide Jan 19 '21 at 17:22
  • 1
    Well, even if it isn't working through the scripting interface, as I understand it it's still a one-time change for the collection. That's close enough until such time as this is configurable from a collection pre-request script. – drognisep Jan 19 '21 at 23:16
0

I checked Postman's Github page and it looks like this is currently not possible, although there's an issue open to address it.

drognisep
  • 579
  • 1
  • 7
  • 16