Strict SSL behavior #71

Closed
isaacs opened this Issue Sep 4, 2011 · 1 comment

Comments

Projects
None yet
2 participants
@isaacs
Contributor

isaacs commented Sep 4, 2011

I'd like to add two options:

  1. strictSSL flag: Validate the server's certificate, and treat it as an error if there are any problems with it. (This includes self-signed certificates.)
  2. ca, key, cert: Just pass-through to the same fields in node's request options.

I'm envisioning something like this:

if (options.strictSSL && !res.connection.pair.cleartext.authorized) {
  var er = new Error(res.connection.pair.cleartext.authorizationError)
  // abort the request, call cb with the error
  // do not upload any bytes.  this is now a security risk.
  // maybe should happen even before headers are sent,
  // since they might include Authorization info?
}

isaacs added a commit to isaacs/request that referenced this issue Sep 5, 2011

@mikeal

This comment has been minimized.

Show comment Hide comment
@mikeal

mikeal Sep 5, 2011

Member

i would merge this right now but I there's no merge button cause it's not a pull request and I've gotta head up to summer camp :)

Member

mikeal commented Sep 5, 2011

i would merge this right now but I there's no merge button cause it's not a pull request and I've gotta head up to summer camp :)

@mikeal mikeal closed this in fa526ea Sep 5, 2011

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment