From 65f8bfbfa46a2635b3f50092dd7529c98241f041 Mon Sep 17 00:00:00 2001 From: cjihrig Date: Tue, 6 Jun 2017 15:06:45 -0400 Subject: [PATCH] https: support rejectUnauthorized for unix sockets This commit allows self signed certificates to work with unix sockets by forwarding the rejectUnauthorized option. Backport-PR-URL: https://github.com/nodejs/node/pull/14415 Fixes: https://github.com/nodejs/node/issues/13470 PR-URL: https://github.com/nodejs/node/pull/13505 Reviewed-By: Refael Ackermann Reviewed-By: Sam Roberts Reviewed-By: Luigi Pinca Reviewed-By: Daniel Bevenius --- lib/_http_client.js | 3 +- .../test-https-unix-socket-self-signed.js | 28 +++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-https-unix-socket-self-signed.js diff --git a/lib/_http_client.js b/lib/_http_client.js index 22eadfb5584676..4d71ec594743f4 100644 --- a/lib/_http_client.js +++ b/lib/_http_client.js @@ -135,7 +135,8 @@ function ClientRequest(options, cb) { self.shouldKeepAlive = false; const optionsPath = { path: self.socketPath, - timeout: self.timeout + timeout: self.timeout, + rejectUnauthorized: !!options.rejectUnauthorized }; const newSocket = self.agent.createConnection(optionsPath, oncreate); if (newSocket && !called) { diff --git a/test/parallel/test-https-unix-socket-self-signed.js b/test/parallel/test-https-unix-socket-self-signed.js new file mode 100644 index 00000000000000..f503b84591cad7 --- /dev/null +++ b/test/parallel/test-https-unix-socket-self-signed.js @@ -0,0 +1,28 @@ +'use strict'; +const common = require('../common'); + +if (!common.hasCrypto) { + common.skip('missing crypto'); + return; +} + +common.refreshTmpDir(); + +const fs = require('fs'); +const https = require('https'); +const options = { + cert: fs.readFileSync(common.fixturesDir + '/test_cert.pem'), + key: fs.readFileSync(common.fixturesDir + '/test_key.pem') +}; + +const server = https.createServer(options, common.mustCall((req, res) => { + res.end('bye\n'); + server.close(); +})); + +server.listen(common.PIPE, common.mustCall(() => { + https.get({ + socketPath: common.PIPE, + rejectUnauthorized: false + }); +}));