Pass servername to tunneling secure socket creation #318

Merged
merged 1 commit into from Sep 4, 2012

Projects

None yet

2 participants

@isaacs
Contributor
isaacs commented Sep 4, 2012

This makes the https-over-http proxy work when strictSSL is turned on.

In v0.8.4, we fixed a bug where an otherwise valid cert would be
accepted for a host that was not listed in the CN or subjectaltnames
sections of the certificate.

However, this breaks proxying, because you want to accept the cert if
it comes from the origin server, not tested against the proxy's
hostname.

This fixes npm/npm#2719

@isaacs isaacs Pass servername to tunneling secure socket creation
This makes the https-over-http proxy work when strictSSL is turned on.

In v0.8.4, we fixed a bug where an otherwise valid cert would be
accepted for a host that was not listed in the CN or subjectaltnames
sections of the certificate.

However, this breaks proxying, because you want to accept the cert if
it comes from the origin server, not tested against the proxy's
hostname.

This fixes npm/npm#2719
3e11937
@mikeal mikeal merged commit bc0d07e into request:master Sep 4, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment