Allow ca cert and pinned fp/s to be separate, and ignore node_modules in dockerignore, vastly speeds up builds (duh)

develop
Thomas Lynch 12 months ago
parent 0c1adfd08e
commit 1d6f15326f
  1. 1
      .dockerignore
  2. 8
      agent.js

@ -0,0 +1 @@
node_modules/

@ -6,10 +6,8 @@ const agentOptions = {
rejectUnauthorized: !process.env.ALLOW_SELF_SIGNED_SSL,
};
if (process.env.PINNED_FP && process.env.CUSTOM_CA_PATH) {
if (process.env.PINNED_FP) {
// console.log('Pinned fingerprint:', process.env.PINNED_FP);
// console.log('Private CA file path:', process.env.CUSTOM_CA_PATH);
agentOptions.ca = require('fs').readFileSync(process.env.CUSTOM_CA_PATH);
agentOptions.checkServerIdentity = (host, cert) => {
//TODO: host verification? e.g. tls.checkServerIdentity(host, cert);
// console.log('Checking:', cert.fingerprint256);
@ -18,5 +16,9 @@ if (process.env.PINNED_FP && process.env.CUSTOM_CA_PATH) {
}
}
}
if (process.env.CUSTOM_CA_PATH) {
// console.log('Private CA file path:', process.env.CUSTOM_CA_PATH);
agentOptions.ca = require('fs').readFileSync(process.env.CUSTOM_CA_PATH);
}
module.exports = new https.Agent(agentOptions);

Loading…
Cancel
Save