tcr
commented
9 years ago This patch lgtm, after some minor comments. Can we get a test case for this?
Closed natevw closed 9 years ago
tcr
commented
9 years ago This patch lgtm, after some minor comments. Can we get a test case for this?
natevw
commented
9 years ago Updated the patch based on feedback.
Agree that tests would be great (right now TLS test "suite" connects to google.com:443 once and calls that roses). Do you know of any TLS-related test server hosts? Ideally we'd test many different types of invalid certs (self-signed/untrusted root, mismatched host, expired, etc.) to make sure they fail, and then for the self-signed case provide the ca and make sure it passes.
natevw
commented
9 years ago Just struck me that as soon as we get the proxy server up publicly, assuming we leave it self-signed, it would be an ideal candidate for at least a bit more thorough tests:
tm-rampart
commented
9 years ago Approved by @natevw. Running tests.
tm-rampart
commented
9 years ago tm-rampart
commented
9 years ago Approved by @natevw. Running tests.
This improves the TLS module's node.js compatibility regarding (remote) server certificate handling (i.e. when Tessel is the client).
{rejectUnauthorized:false}option, aka enable cheap MITM attacks [useful for development and careless people]tlsSocket.getPeerCertificate()is now sort of implemented for non-detailed info (even that is probably not 100% compatible with whatever undocumented fields node.js provides, but presumedly better than nuffins)