Skip to content

#265 optional ssl params, wip on rejectUnauthorized #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 17, 2025
Merged

#265 optional ssl params, wip on rejectUnauthorized #266

merged 3 commits into from
Jun 17, 2025

Conversation

apietroni51
Copy link
Contributor

No description provided.

@apietroni51 apietroni51 linked an issue Jun 16, 2025 that may be closed by this pull request
As a user, I want to avoid specifying all the options for enabling TLS #265
Closed
@apietroni51
Copy link
Contributor Author

@tarzacodes @icappello @albertobarrila
we have made the SSL params optional reflecting tls.connect() but we're not sure what to do with rejectUnauthorized, which was currently overridden to false. What should we do with it?

albertobarrila
albertobarrila reviewed Jun 16, 2025
View reviewed changes
@albertobarrila
Copy link
Contributor

@apietroni51 for the rejectUnauthorized that now is sculpted in, the right place imho is inside the SSL configuration

tarzacodes
tarzacodes reviewed Jun 16, 2025
View reviewed changes
tarzacodes
tarzacodes reviewed Jun 16, 2025
View reviewed changes
@tarzacodes
Copy link
Contributor

tarzacodes commented Jun 16, 2025
edited
Loading

@tarzacodes @icappello @albertobarrila we have made the SSL params optional reflecting tls.connect() but we're not sure what to do with rejectUnauthorized, which was currently overridden to false. What should we do with it?

I don't remember ever implementing code that tried to validate the server's identity using the SSL data - if we can't (or simply currently aren't) we need to set rejectUnauthorized as false - you can't ask us (the client) to do that because we don't know how

EDIT: Node does that natively apparently -
https://stackoverflow.com/questions/31861109/tls-what-exactly-does-rejectunauthorized-mean-for-me
We use tls.connect at line 137 in connection.ts so rejecting unrecognized/unauthorized agents is very doable without having to write a ton of code. My bad!

@apietroni51 apietroni51 force-pushed the 265-as-a-user-i-want-to-avoid-specifying-all-the-options-for-enabling-tls branch from b97f30c to 6893bb6 Compare June 17, 2025 10:05
@apietroni51 apietroni51 marked this pull request as ready for review June 17, 2025 10:05
@apietroni51 apietroni51 force-pushed the 265-as-a-user-i-want-to-avoid-specifying-all-the-options-for-enabling-tls branch from 6893bb6 to 97d7a23 Compare June 17, 2025 10:12
@apietroni51 apietroni51 merged commit 2d7185f into main Jun 17, 2025
2 checks passed
@apietroni51 apietroni51 deleted the 265-as-a-user-i-want-to-avoid-specifying-all-the-options-for-enabling-tls branch June 17, 2025 10:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@albertobarrila albertobarrila albertobarrila left review comments

@tarzacodes tarzacodes tarzacodes left review comments

@l4mby l4mby l4mby approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

As a user, I want to avoid specifying all the options for enabling TLS
4 participants
@apietroni51 @albertobarrila @tarzacodes @l4mby