-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Retrieve built-in root certificates within node application #25824
Comments
Not currently. I've considered adding it, but couldn't really think of a use-case. What's yours? I assume you ask for a reason! :-) |
We have the requirement to add a lot of intermediate CAs via https.globalAgent.options.ca. As the option https.globalAgent.options.ca is going to overwrite the built-in root CAs, we also need to add those root CAs as well. Due to this, my idea was to read the built-in root CAs as well as our intermediate CAs and pass these to https.globalAgent.options.ca. As there is no option at the moment to get the built-in root CAs, we need to think of getting them somewhere else. Thus it would be great, if there is an interface to read the built-in root CAs. |
Your use-case seems reasonable to me. No promises on if/when someone will get to this feature, though, sorry. Have you considered using |
We have considered using NODE_EXTRA_CA_CERTS, but we can not use it due to the constraints you have mentioned. |
Fixes: #25824 PR-URL: #26415 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Ron Korving <ron@ronkorving.nl> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
@bnoordhuis / @targos - what is the target release for that enhancement, please? |
@khitrenovich Yeah, there's no simple answer... it will probably go into the next v12.x release but if you're asking about LTS releases, I can't give a precise answer. |
@bnoordhuis So, if it makes its way to one of v12.x releases, it will eventually become LTS once v12 will get to LTS phase... unless I'm missing something in how Node release scheduling works, right? |
@khitrenovich That's right. |
Is there any way to retrieve the built-in root certificates, that are shiped with node (https://github.com/nodejs/node/blob/master/src/node_root_certs.h) from a node application?
Via https.globalAgent.options.ca it is possible to define custom certificates, but the already existing ones are not listed here.
The text was updated successfully, but these errors were encountered: