Allow ca cert and pinned fp/s to be separate, and ignore node_modules in dockerignore, vastly speeds up builds (duh)

1 year ago · 1d6f15326f
parent 0c1adfd08e
commit 1d6f15326f
2 changed files with 6 additions and 3 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1 @@
+node_modules/
--- a/agent.js
+++ b/agent.js
@ -6,10 +6,8 @@ const agentOptions = {
 	rejectUnauthorized: !process.env.ALLOW_SELF_SIGNED_SSL,
 };

-if (process.env.PINNED_FP && process.env.CUSTOM_CA_PATH) {
+if (process.env.PINNED_FP) {
 	// console.log('Pinned fingerprint:', process.env.PINNED_FP);
-	// console.log('Private CA file path:', process.env.CUSTOM_CA_PATH);
-	agentOptions.ca = require('fs').readFileSync(process.env.CUSTOM_CA_PATH);
 	agentOptions.checkServerIdentity = (host, cert) => {
 		//TODO: host verification? e.g. tls.checkServerIdentity(host, cert);
 		// console.log('Checking:', cert.fingerprint256);
@ -18,5 +16,9 @@ if (process.env.PINNED_FP && process.env.CUSTOM_CA_PATH) {
 		}
 	}
 }
+if (process.env.CUSTOM_CA_PATH) {
+	// console.log('Private CA file path:', process.env.CUSTOM_CA_PATH);
+	agentOptions.ca = require('fs').readFileSync(process.env.CUSTOM_CA_PATH);
+}

 module.exports = new https.Agent(agentOptions);