发表新帖
发表新帖

Where is node's certificate store?

后端 未结
关注
2 730
南旧
南旧 2020-12-10 04:46

I am making an https request (using the request module) to a server with a self-signed cert. It throws an error if I don\'t specify strictSSL: false as an opti

相关标签:
2条回答
  • 醉话见心
    2020-12-10 05:01

    It seems that while there is no store, but there is a default list of CA's built into the source.

    My search ultimately led me to the closest thing to a store, this file of CA's that node.js supports:

    https://github.com/joyent/node/blob/master/src/node_root_certs.h

    Thus, while it is true that it doesn't do a lookup on the system hosted CA's and that there is no "store" per se, there is a default list of CA's that it accepts.

    As mentioned by @Joe and @damphat, you can add your own with the Agent.options.ca property, unfortunately that workaround isn't practical in my case.

    0 讨论(0)
  • 春和景丽
    2020-12-10 05:18

    There is not a store. You can pass a ca option to the https request to tell it what CAs you do trust.

    From the docs:

    The following options from tls.connect() can also be specified. However, a globalAgent silently ignores these.

    • ca: An authority certificate or array of authority certificates to check the remote host against.

    In order to specify these options, use a custom Agent. 

    var options = {
  ...
  ca: CA or [array of CAs]
  ...
};

options.agent = new https.Agent(options);

var req = https.request(options, function(res) {

    Ref: http://nodejs.org/api/https.html#https_https_request_options_callback

    0 讨论(0)
 看不清?
提交回复
热议问题