Skip to main content


Sets the validation option for Secure HTTP (HTTPS) communications




Name Type Description
validation Constant A Validation option




This method sets the validation option for an httprequest object created using http.get() to prepare an HTTPS connection. You must use it before sending the request with either httprequest.sendsync() or httprequest.sendasync().

To indicate the level of validation required, pass one of the following constants into httprequest.setvalidation():

Validation Option Constant Description
VALIDATE_NONE No validation of the peer or host
VALIDATE_USING_SYSTEM_CA_CERTS Verifies the authenticity of the peer’s certificates and that they have been provided by the correct server

By default, new httprequest objects’ validation is set to VALIDATE_NONE. In other words, neither the peer nor the host are validated. If the validation is set to VALIDATE_USING_SYSTEM_CA_CERTS before the request is sent, the authenticity of the remote server will be checked.

If the validation fails, the table returned from calling httprequest.sendsync() or passed to the callback function specified by an httprequest.sendasync() call will have a response.statuscode value below 100. Typically this would be 60 (the peer certificate can’t be authenticated with known CA certificates) or 51 (the remote server’s SSL certificate or SSH MD5 fingerprint were not correct).

Note Earlier implementations of httprequest.setvalidation() simply ignored attempts to set validation options for httprequest objects primed for HTTP rather than HTTPS connections. This has now been changed so that this method will throw a Squirrel error if you attempt to set validation options for any httprequest object set for non-HTTPS connections.