ability to set rejectUnauthorized to false

[andrewrk]

as of node v0.10, if you try to access an SSL endpoint which is not in node's default CA list, an error will be thrown. There should be a way to set an option so that rejectUnauthorized is set to false.

See http://nodejs.org/docs/latest/api/https.html#https_https_request_options_callback

[RGBboy]

This might be a better option:

#197

[andrewrk]

I think both options should be exposed..

[dpolivy]

Agree with @superjoe30; the ability to set the rejectUnauthorized option would be preferred in some circumstances (such as mine). My use of superagent is against a local developer's machine with self-signed certificates, and the self-signed cert would be different per-host. It's far easier to just set rejectUnauthorized to false, than to have to get the proper cert for the machine and add it to the trusted CA list.

[andrewrk]

@dpolivy as a workaround, you can do this:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

[dpolivy]

@superjoe30 That works great, thanks for the tip!

[thaihau]

Yes, Thanks for the tips!

[defunctzombie]

Closing issue since there is an ENV var workaround. I don't think we have specific node options.

[bryanlarsen]

An example of where this would be useful and the environment variable workaround is with webhooks.

I'm setting up webhooks in my app, and I'm copying the github API. They have a configuration flag called 'insecure_ssl'.

[yuyudhan]

@defunctzombie

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"
This sets SSL off for all http requests in the process. Shutting off all together would be drastic in production use.

Do you know how to set it off for one particular request. Anyone??

[kornelski]

I don't recommend disabling HTTPS security. If you can't get a trusted certificate, then try creating your own CA and set it as trusted in superagent using .ca().

http://stackoverflow.com/a/24749608/27009