https ignoring option rejectUnauthorized=false

[jelhub]

What version of Bun is running?

1.1.3+2615dc742

What platform is your computer?

Microsoft Windows NT 10.0.22631.0 x64

What steps can reproduce the bug?

Using latest version of bun for windows (v1.1.3)

https and rejectUnauthorized=false does not work as expected.

This setting is needed when there is no existing CA, similar to using self-signed certificate, ref: #9615

One example is using ldapjs package with Active Directory, and AD root-CA have not been included. Using nodejs and rejectUnauthorized=false works fine, but fails using bun with error message unable to verify the first certificate

In this case, setting environment NODE_TLS_REJECT_UNAUTHORIZED=0 gives a result after waiting 20 seconds...

There seems to be some differences on how bun and nodjs handle CA store Below code having disabled internal CA store fails on nodejs as it probably should do, but bun seems to be using internal store anyhow and runs OK.

const https = require('https')

let url = 'https://bun.sh'

https.get(url, {
  agent: new https.Agent({
  }),
  ca: Buffer.from([]) // disable internal trusted root CA's
  // rejectUnauthorized: false
}, (res) => {
  console.log(url, process.version, process.versions.bun, res.statusCode)
}).on('error', (err) => {
  console.log(url, process.version, process.versions.bun, err)
})

What is the expected behavior?

No response

What do you see instead?

No response

Additional information

No response

[jelhub]

Solution seems to be using the key tls:

  tls: { 
    rejectUnauthorized: false
  }

const https = require('https')

let url = 'https://xxx.yyy'

https.get(url, {
  agent: new https.Agent({
  }),
  tls: { 
    rejectUnauthorized: false
  }
}, (res) => {
  console.log(url, process.version, process.versions.bun, res.statusCode)
}).on('error', (err) => {
  console.log(url, process.version, process.versions.bun, err)
})