Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

self signed certificate in certificate chain #992

Open
b00tsy opened this issue May 18, 2022 · 3 comments
Open

self signed certificate in certificate chain #992

b00tsy opened this issue May 18, 2022 · 3 comments
Labels
enhancement waiting

Comments

@b00tsy
Copy link

b00tsy commented May 18, 2022

I need to access arcGIS services which use our own enterprise pki, which currently result in self signed certificate in certificate chain errors.

When working with plain node requests (or libraries such as axios etc.) it's possible to define the expected certification authority via the ca option of the http agent.

A similar issue #289 solved that by overriding the files of this library, which rather is a hack to solve the issue instead of a long term solution that solves such problems for everyone. In other issues I've read comments about that you're thinking of adding the option to customize the http agent. Is that still a plan or is it maybe already implemented and I haven't found it?
@patrickarlt
Copy link
Contributor

Long term the goal is to use the native fetch() in both Node and the brwoser which is powered by Undici fetch(). Looking at the Unidci docs I don't see a way to define any certificates in those options in Node. In Unidci it looks like you migth be able to do this https://stackoverflow.com/a/71946886.

A good way to move this forward would be to build an example that works with just fetch() from Node/Undici and a version using fetch() from node-fetch@3.

Long term the goal of this library is to align with the standard fetch() in browsers (which we already do) and Nodes built-in fetch() which is currently node-fetch@3 but will almost certainly be the built in fetch() in the future. When Node exposes a way to do this then we will make it compatible but for now the landscape is still shifting so there isn't a permanent solution. nodejs/node#43187

@BananaGlue
Copy link

Looks like the tls options of the Client class can take more parameters ( nodejs/undici#842 (comment) ) which in this case is for client certificate authentication. But if you can do this I assume you can also pass a custom ca option to get the client talk to enterprise pki...

@patrickarlt
Copy link
Contributor

@BananaGlue it looks like nodejs/undici#842 (comment) implemented custom certs for the Client class, however from reading the doc and tests I cant see a way to get that into the global fetch() method which is what we want to use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement waiting
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BananaGlue @b00tsy @patrickarlt