You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello all and congratulations for this awesome library!.
I've been experiencing some issues passing custom CA certificates to request. I followed the documentation, setting agentOptions.ca successfully in an non-proxy environment, but then I moved the code to a proxied one (proxy configured via $http_proxy), and found that it didn't work any more. Te error that returned the previously working code was that it couldn't verify the CA. After some debugging and code inspection I've summed-up the following:
using options.agentOptions.ca, which is the way stated in the documentation, will work in a non-proxied env, but not in a proxied one.
using https.globalAgent.options.ca, which is not documented, but is stated in many places (stackoverflow, forums...) as a feasible way of setting it, will work on non-proxied but won't in proxied again.
using options.ca, which is not documented (I had to find it inspecting code and later in some issue comments in github) WORKS IN BOTH, non-proxied and proxied environments.
The problem lies in this piece of code (or so I think)
This should take the right order of priority for CAs (request > agentOptions > globalAgent). There's a problem, though: agentOptions is not accessible from constructTunnelOptions. Other alternative could be to use request.agent (agentOptions are used to construct that .agent) but then again, request.agent is constructed way after constructTunnelOptions is called, thus no luck there neither.
One point worth to be discussed, then, is if it's "sane" or semantically correct to set the CA in agentOptionswhile in a proxied environment, as there's going to be no agent involved in the communication (it instead uses a tunneled TLS connection), and that's tat. But I also find that, as request tries (and THANK YOU FOR THAT) to hide the proxy configuration from the developer, it should maintain coherence in the settings among proxied and non-proxied environments.
CONCLUSION: I think the best way to solve this issue is also the simplest: document options.ca as the right way of setting the CAs for request, as agentOptions.ca would leave uncovered proxied environments (as it has to be!). Then, if something breaks, try to fix it. But PLEASE document options.ca now, as not doing so is a defect in itself.
I've found that this lack of documentation is related to a number of other issues (#1490, #1290, #1229, #1236) and even pull-request that didn't make it to master (#1289) but fixed this issue.
The text was updated successfully, but these errors were encountered:
mainakae
added a commit
to mainakae/request
that referenced
this issue
May 17, 2015
Fixing the documentation to recommend using `options.ca`, `options.cer`, `options.key` and `options.passphrase` instead of `options.agentOptions.` homologues, to avoid trouble in proxied environments, as commented in request#1583
Hello all and congratulations for this awesome library!.
I've been experiencing some issues passing custom CA certificates to request. I followed the documentation, setting
agentOptions.ca
successfully in an non-proxy environment, but then I moved the code to a proxied one (proxy configured via$http_proxy
), and found that it didn't work any more. Te error that returned the previously working code was that it couldn't verify the CA. After some debugging and code inspection I've summed-up the following:options.agentOptions.ca
, which is the way stated in the documentation, will work in a non-proxied env, but not in a proxied one.https.globalAgent.options.ca
, which is not documented, but is stated in many places (stackoverflow, forums...) as a feasible way of setting it, will work on non-proxied but won't in proxied again.options.ca
, which is not documented (I had to find it inspecting code and later in some issue comments in github) WORKS IN BOTH, non-proxied and proxied environments.The problem lies in this piece of code (or so I think)
In order to account for other possibles sources of CA information, this code should become something like:
This should take the right order of priority for CAs (request > agentOptions > globalAgent). There's a problem, though:
agentOptions
is not accessible fromconstructTunnelOptions
. Other alternative could be to userequest.agent
(agentOptions
are used to construct that.agent
) but then again,request.agent
is constructed way afterconstructTunnelOptions
is called, thus no luck there neither.One point worth to be discussed, then, is if it's "sane" or semantically correct to set the CA in
agentOptions
while in a proxied environment, as there's going to be no agent involved in the communication (it instead uses a tunneled TLS connection), and that's tat. But I also find that, as request tries (and THANK YOU FOR THAT) to hide the proxy configuration from the developer, it should maintain coherence in the settings among proxied and non-proxied environments.CONCLUSION: I think the best way to solve this issue is also the simplest: document
options.ca
as the right way of setting the CAs for request, asagentOptions.ca
would leave uncovered proxied environments (as it has to be!). Then, if something breaks, try to fix it. But PLEASE documentoptions.ca
now, as not doing so is a defect in itself.I've found that this lack of documentation is related to a number of other issues (#1490, #1290, #1229, #1236) and even pull-request that didn't make it to master (#1289) but fixed this issue.
The text was updated successfully, but these errors were encountered: