@Emil It might be kind of insecure, but with some devices the only API supported. I would like to make requests to a WiiM device. Their API only supports HTTPS with a self-signed certificate. https://www.wiimhome.com/pdf/HTTP API for WiiM Mini.pdf
The Flic Hub configured with the Flic App UI is unable to make requests too, even when I turn off the validation. Is there some way to debug the hub's requests? Requests with curl work ok:
curl 'https://redacted.hostname.fi/httpapi.asp?command=setPlayerCmd:mute:0' --insecure -D - -vvv
* Trying 10.0.0.39:443...
* Connected to redacted.hostname.fi (10.0.0.39) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Request CERT (13):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Certificate (11):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: C=CN; ST=Shanghai; L=Shanghai; O=linkplay; OU=linkplay; CN=www.linkplay.com; emailAddress=mail@linkplay.com
* start date: Nov 14 12:24:18 2018 GMT
* expire date: Nov 11 12:24:18 2028 GMT
* issuer: C=CN; ST=Shanghai; L=Shanghai; O=linkplay; OU=linkplay; CN=www.linkplay.com; emailAddress=mail@linkplay.com
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* using HTTP/1.x
> GET /httpapi.asp?command=setPlayerCmd:mute:0 HTTP/1.1
> Host: redacted.hostname.fi
> User-Agent: curl/8.4.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
HTTP/1.0 200 OK
< Date: Mon, 18 Mar 2024 19:29:14 GMT
Date: Mon, 18 Mar 2024 19:29:14 GMT
< Server: Boa/0.94.13
Server: Boa/0.94.13
< Connection: close
Connection: close
< Content-Length: 2
Content-Length: 2
< Last-Modified: Mon, 18 Mar 2024 19:29:14 GMT
Last-Modified: Mon, 18 Mar 2024 19:29:14 GMT
< Content-Type: text/html
Content-Type: text/html
<
* Closing connection
OK
Anyway, here's a use case to use https with no cert validation.