Use extra/self-signed https certificates #286
Conversation
|
ianldgs
changed the title
|
@znck think you could review this PR pls? |
|
I am not sure what's happening here. /cc @wachunga |
|
@znck sorry about that, I should've written a good description. Please take a look again? |
ianldgs
force-pushed
the
self-signed-extrta-certs
branch
from
286ac18
to
68f5603
Compare
|
@znck friendly ping... I see github bot closed the issue as stale. |
|
I'll get this merged this week. |
|
Is there an easy way to test this? |
|
Well, it's easy for me to test because I'm behind the company's firewall/vpn. And then what I did was: test-certs.mjs: import "./extra-certs.mjs";
import fetch from "node-fetch";
fetch("https://js.grammarly.com/grammarly-sdk");extra-certs.mjs: import https from "node:https";
import tls from "node:tls";
import fs from "node:fs";
if (typeof process.env.NODE_EXTRA_CA_CERTS === "string") {
const extraCerts = process.env.NODE_EXTRA_CA_CERTS.split(",").map((certPath) =>
fs.readFileSync(certPath, "utf8")
);
https.globalAgent.options.ca = [...tls.rootCertificates, ...extraCerts];
}And run:
|
|
Just pinging this space to see what the latest update is |
|
Hello, is there any way I can help to get this merged? :) |
Users behind corporate firewall typically have custom certificates used by the company to decrypt HTTPS traffic.
NodeJS will by default complain about those "self-signed" certificates and not perform the requests.
One workaround is to disable TLS completely for NodeJS, which is obviously dangerours or to export an environment variable on the bashrc/zshrc pointing to the custom certificates that you know to be safe:
https://nodejs.org/api/cli.html#node_extra_ca_certsfile
The latter doesn't work with this extension, likely for one of those reasons given in the NodeJS docs:
So, to use this extension in such corporate environments without disabling TLS completely, have to manually read those files and inject them into the global HTTPS agent. That will mimic NodeJS's default behaviour.
Closes #243