gitbeaker icon indicating copy to clipboard operation
gitbeaker copied to clipboard
verified publisher icon jdalrymple

Feature Request: Add flexible SSL certificate verification options in configuration

Open sagico opened this issue 1 year ago • 5 comments

Description Currently, gitbeaker only supports handling unverified certificates through environment variables (NODE_TLS_REJECT_UNAUTHORIZED=0), which is limiting and affects the entire Node.js process. This feature request proposes adding more flexible certificate verification options directly in the API client configuration. The main use cases are:

Working with GitLab instances that use self-signed certificates in development/testing environments Environments where corporate proxies or internal CAs are used

The current environment variable approach has several drawbacks:

It affects all HTTPS connections in the Node.js process Cannot be configured per-instance or per-request Requires modifying environment variables which may not be possible in all deployment scenarios

Possible solutions

  1. Support the rejectUnauthorized option to the API client configuration: const api = new Gitlab({ host: 'https://gitlab.example.com', token: 'your-token', rejectUnauthorized: false // Available option that does not work currently });
  2. Add support for passing custom certificates in the configuration: const api = new Gitlab({ host: 'https://gitlab.example.com', token: 'your-token', cert: fs.readFileSync('path/to/cert.pem'), key: fs.readFileSync('path/to/key.pem'), ca: fs.readFileSync('path/to/ca.pem') });

Checklist

  • [X] I have checked that this is not a duplicate issue.
  • [X] I have read the documentation.

sagico avatar Feb 16 '25 09:02 sagico

Related #3540 - I dont recall why I didnt finish looking into the undici support for rejectUnauthorized, but ill can give it another look.

jdalrymple avatar Mar 09 '25 04:03 jdalrymple

@jdalrymple Have you had a chance to review this yet?

sagico avatar Apr 06 '25 11:04 sagico

I threw up a sample PR - It still needs to be tested adequately, but it should give you a chance to play with it in the meantime if youre interested.

jdalrymple avatar Apr 26 '25 21:04 jdalrymple

Hi @jdalrymple joining this feature request - either natively support rejectUnauthorized or allowing https agents configuration would be much appreciated!

gal-terra avatar May 24 '25 12:05 gal-terra

Hi @jdalrymple joining this feature request - either natively support rejectUnauthorized or allowing https agents configuration would be much appreciated!

See sample PR linked above 🙏

jdalrymple avatar May 26 '25 22:05 jdalrymple

@gal-terra , @sagico there is a PR up that is ready to be tested

jdalrymple avatar Aug 07 '25 13:08 jdalrymple

thanks @jdalrymple!! I'll give it a try next week :)

sagic-orca avatar Sep 18 '25 13:09 sagic-orca

LGTM

sagic-orca avatar Sep 21 '25 12:09 sagic-orca

:rocket: Issue was released in 43.6.0 :rocket:

jdalrymple avatar Oct 26 '25 00:10 jdalrymple