Update README.md
This commit is contained in:
		
							parent
							
								
									c85c1b734f
								
							
						
					
					
						commit
						fab20e71fb
					
				
							
								
								
									
										37
									
								
								README.md
									
									
									
									
									
								
							
							
						
						
									
										37
									
								
								README.md
									
									
									
									
									
								
							| @ -115,8 +115,6 @@ yourself, well, you can. | |||||||
| Kinda Bad Ideas | Kinda Bad Ideas | ||||||
| ===== | ===== | ||||||
| 
 | 
 | ||||||
| You could turn off ssl checking for a single request like so: |  | ||||||
| 
 |  | ||||||
| ```javascript | ```javascript | ||||||
|     'use strict'; |     'use strict'; | ||||||
|      |      | ||||||
| @ -125,21 +123,12 @@ You could turn off ssl checking for a single request like so: | |||||||
|     var agent; |     var agent; | ||||||
|      |      | ||||||
|     agentOptions = { |     agentOptions = { | ||||||
|       host: "www.example.com" |       host: 'www.example.com' | ||||||
|     , port: "443" |     , port: '443' | ||||||
|     , path: '/' |     , path: '/' | ||||||
|       // This allows the single bad certificate |  | ||||||
|       // instead of making your entire node process completely, utterly  |  | ||||||
|     , rejectUnauthorized: false |     , rejectUnauthorized: false | ||||||
|     }; |     }; | ||||||
| 
 | 
 | ||||||
|     // If you were using a self-signed cert you would add this option: |  | ||||||
|     // agentOptions.ca = [ selfSignedRootCaPemCrtBuffer ]; |  | ||||||
| 
 |  | ||||||
|     // For trusted-peer connections you would also add these 2 options: |  | ||||||
|     // agentOptions.key = serverPemKeyBuffer; |  | ||||||
|     // agentOptions.cert = serverPemCrtSignedBySelfSignedRootCaBuffer; |  | ||||||
|      |  | ||||||
|     agent = new https.Agent(agentOptions); |     agent = new https.Agent(agentOptions); | ||||||
|      |      | ||||||
|     request({ |     request({ | ||||||
| @ -151,6 +140,25 @@ You could turn off ssl checking for a single request like so: | |||||||
|     }); |     }); | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
|  | By using an `agent` with `rejectUnauthorized` you at limit the security vulnerability to the requests that deal with that one site instead of making your entire node process completely, utterly insecure. | ||||||
|  | 
 | ||||||
|  | ### Other Options | ||||||
|  | 
 | ||||||
|  | If you were using a self-signed cert you would add this option: | ||||||
|  | 
 | ||||||
|  | ```javascript | ||||||
|  |     agentOptions.ca = [ selfSignedRootCaPemCrtBuffer ]; | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | For trusted-peer connections you would also add these 2 options: | ||||||
|  | 
 | ||||||
|  | ```javascript | ||||||
|  |     agentOptions.key = clientPemKeyBuffer; | ||||||
|  |     agentOptions.cert = clientPemCrtSignedBySelfSignedRootCaBuffer; | ||||||
|  | ``` | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
| REALLY Bad Ideas | REALLY Bad Ideas | ||||||
| === | === | ||||||
| 
 | 
 | ||||||
| @ -171,6 +179,9 @@ export NODE_TLS_REJECT_UNAUTHORIZED="0" | |||||||
| node my-service.js | node my-service.js | ||||||
| ``` | ``` | ||||||
| 
 | 
 | ||||||
|  | It's unfortunate that `process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';` is even documented. It should only be used for debugging and should never make it into in sort of code that runs in the wild. Almost every library that runs atop `https` has a way of passing agent options through. Those that don't should be fixed. | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
| # Index | # Index | ||||||
| 
 | 
 | ||||||
| Other information you might want to know while you're here. | Other information you might want to know while you're here. | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user