Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cannot send client certificate to the endpoint while using the proxy #25

Closed
ballinette opened this issue May 29, 2020 · 4 comments · Fixed by #26
Closed

cannot send client certificate to the endpoint while using the proxy #25

ballinette opened this issue May 29, 2020 · 4 comments · Fixed by #26
Labels
released

Comments

@ballinette
Copy link

ballinette commented May 29, 2020
edited
Loading

Hi.

We have an nodejs application that need to authenticate to an API endpoint with a SSL client certificate.
For that need, we inject tls.connect() options such as key and cert to the request options, as documented here : https://nodejs.org/docs/latest-v12.x/api/https.html#https_https_request_url_options_callback

It works like expected without proxy, but while using a proxy with global-agent lib, these options are not propagated to the final request.

We should add these attributes within createConnection method here to fix that: https://github.com/gajus/global-agent/blob/master/src/classes/HttpsProxyAgent.js#L31
@ballinette ballinette mentioned this issue May 29, 2020
Merged
@ballinette ballinette changed the title cannot send client certificateto the endpoint while using the proxy cannot send client certificate to the endpoint while using the proxy May 29, 2020
@gajus gajus closed this as completed in #26 May 29, 2020
gajus added a commit that referenced this issue May 29, 2020
@gajus
fix: propagate tls.connect options from the origin request to the pro…
aa4b60c 
…xy (#25)
@gajus
Copy link
Owner

gajus commented May 29, 2020

🎉 This issue has been resolved in version 2.1.9 🎉

The release is available on:

Your semantic-release bot 📦🚀

@gajus gajus added the released label May 29, 2020
@gajus
Copy link
Owner

gajus commented Jun 1, 2020

Cannot find where the original comment thread is, but removing {rejectUnauthorized: false} breaks all HTTPS proxy requests if custom ca certificate is not provided. Since this is not what most people would want, I've reverted the previous settings.

gajus added a commit that referenced this issue Jun 1, 2020
@gajus
fix: do not reject unauthorized by default (#25)
3c296d3
gajus added a commit that referenced this issue Jun 1, 2020
@gajus
fix: do not reject unauthorized by default (#25)
6277a40
gajus added a commit that referenced this issue Jun 1, 2020
@gajus
fix: do not reject unauthorized by default (#25)
11e2de5
@ballinette
Copy link
Author

Hi again
Thanks for the merge and the later fixes.

But it seems to be another issue wirh the rejectUnauthorized option : if the env var is unset or is set to true (which both mean we want to reject the request if the server certificate is invalid, self-signed or has expired), the request is not rejected.
I don't know why yet, as according to nodejs doc, the option should be true by default if not provided...
but to make sure that we do have the expected behaviour, we should force the option to true by default, and to false if the env var is set to 0, as you did.

I'm writing another PR to fix that.

@ballinette
Copy link
Author

=> #27

@ballinette ballinette mentioned this issue Jun 12, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix #25: propagate tls.connect options from the origin request to the proxy
2 participants
@gajus @ballinette