New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strict SSL behavior #71

Closed

isaacs opened this issue Sep 4, 2011 · 1 comment

Contributor

isaacs commented Sep 4, 2011

I'd like to add two options:

strictSSL flag: Validate the server's certificate, and treat it as an error if there are any problems with it. (This includes self-signed certificates.)
ca, key, cert: Just pass-through to the same fields in node's request options.

I'm envisioning something like this:

if (options.strictSSL && !res.connection.pair.cleartext.authorized) {
  var er = new Error(res.connection.pair.cleartext.authorizationError)
  // abort the request, call cb with the error
  // do not upload any bytes.  this is now a security risk.
  // maybe should happen even before headers are sent,
  // since they might include Authorization info?
}

The text was updated successfully, but these errors were encountered:

isaacs added a commit to isaacs/request that referenced this issue


          Fix request#71 Respect the strictSSL flag

a9aa9d6

Member

mikeal commented Sep 5, 2011

i would merge this right now but I there's no merge button cause it's not a pull request and I've gotta head up to summer camp :)

mikeal closed this as completed in

fa526ea

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment