Can I skip certificate verification oracle utl_http?

Question

I'm developing some apps in pl/SQL which connect to multiple external services,

Example:

declare
 utl_req         utl_http.req;
 utl_resp        utl_http.resp;
begin
-- This line in production for security, but takes forever to get authorized 
-- by oracle host provider :@
-- utl_http.set_wallet('file:/path/wallet', 'password');

-- In test env i would like something like
-- utl_http.set_option('CURLOPT_SSL_VERIFYHOST', false);
-- utl_http.set_option('CURLOPT_SSL_VERIFYPEER', false);
 utl_req := utl_http.begin_request('https://login.microsoftonline.com/...
/oauth2/token', 'POST', 'HTTP/1.1');-- Die
--...more code
end;

Output:

ORA-29024: Certificate validation failure

Is there a way to order Oracle to ignore certificate validation for testing purposes, no auth waiting to add cert to wallet.

Something like in php

$curl_request = curl_init();
    curl_setopt($curl_request, CURLOPT_URL, 'https://login.microsoftonline.com/...
/oauth2/token');
    curl_setopt($curl_request, CURLOPT_POST, 1);
    // No thankyou i don't care about security in testing :P
    curl_setopt($curl_request, CURLOPT_SSL_VERIFYPEER, 0);
    curl_setopt($curl_request, CURLOPT_SSL_VERIFYHOST, 0);
    ... more code

Answer 1

I have not found a way to do this, what I've done is build a simple PHP middle man app that can be accessed with SSL and pipe my request through that.

Answer 2

No, certificate verification can not be skipped for utl_http.begin_request through command line options. For this aim, creating an Oracle Wallet is needed. Oracle Wallet Manager GUI Tool can be used to create it.

After creating two certificate files ewallet.p12 and cwallet.sso, move them to the wallet folders in your OS, and change the file permissions to 770.

Just before utl_http.begin_request line issue

utl_http.set_wallet('file:/etc/oracle/owm');

to point to the OS wallet path.