express-http-proxy icon indicating copy to clipboard operation
express-http-proxy copied to clipboard
verified publisher icon villadora

Custom cert chain option for underlying request

Open robfromca opened this issue 9 years ago • 4 comments

Add an additional option so you can pass certificates through to the underlying request, for connecting to hosts with non-standard or custom certificate chains.

robfromca avatar Nov 02 '16 22:11 robfromca

Hey, how's it going? This change looks logical to me, but it's breaking some tests. Do you have time to fix tests, and maybe add one for your new case? I will try to take a look soon and merge this in. Thanks!

gstroup avatar Nov 08 '16 22:11 gstroup

Just ran the build again, and no failures. Looks like some other tests are flaky.

gstroup avatar Nov 08 '16 22:11 gstroup

@robfromca @gstroup I don't see this as a big advantage over

app.use('/', proxy('internalhost.example.com', {
  decorateRequest: function(proxyReq, originalReq) {
    proxyReq.ca =  [caCert, intermediaryCert]
    return proxyReq;
  }
})

and I don't see a specific way to test it -- we could verify that options.ca is populated, but I don't know how to write a test to verify that the certificate chain is functional.

For my money, I'd prefer to add documentation that this is a technique for adding certificate chains than take on additional code.

Happy to discuss more/be further educated ...

monkpow avatar Nov 09 '16 16:11 monkpow

I'll give your suggestion a shot, that's all I was trying to do and didn't think of trying that. If it works I'll make a PR for the docs.

robfromca avatar Nov 15 '16 17:11 robfromca