Skip to content

Commit

Permalink
fix: propagate tls.connect options from the origin request to the pro…
Browse files Browse the repository at this point in the history
…xy (#25)
  • Loading branch information
gajus authored May 29, 2020
2 parents 4e8cf7b + eae9f8a commit aa4b60c
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 2 deletions.
29 changes: 29 additions & 0 deletions src/classes/Agent.js
Original file line number Diff line number Diff line change
Expand Up @@ -120,8 +120,37 @@ class Agent {
host: configuration.hostname || configuration.host,
port: configuration.port || 80,
proxy,
tls: {},
};

// add optional tls options for https requests.
// @see https://nodejs.org/docs/latest-v12.x/api/https.html#https_https_request_url_options_callback :
// > The following additional options from tls.connect()
// > - https://nodejs.org/docs/latest-v12.x/api/tls.html#tls_tls_connect_options_callback -
// > are also accepted:
// > ca, cert, ciphers, clientCertEngine, crl, dhparam, ecdhCurve, honorCipherOrder,
// > key, passphrase, pfx, rejectUnauthorized, secureOptions, secureProtocol, servername, sessionIdContext.
if (this.protocol === 'https:') {
connectionConfiguration.tls = {
ca: configuration.ca,
cert: configuration.cert,
ciphers: configuration.ciphers,
clientCertEngine: configuration.clientCertEngine,
crl: configuration.crl,
dhparam: configuration.dhparam,
ecdhCurve: configuration.ecdhCurve,
honorCipherOrder: configuration.honorCipherOrder,
key: configuration.key,
passphrase: configuration.passphrase,
pfx: configuration.pfx,
rejectUnauthorized: configuration.rejectUnauthorized,
secureOptions: configuration.secureOptions,
secureProtocol: configuration.secureProtocol,
servername: configuration.servername || connectionConfiguration.host,
sessionIdContext: configuration.sessionIdContext,
};
}

// $FlowFixMe It appears that Flow is missing the method description.
this.createConnection(connectionConfiguration, (error, socket) => {
log.trace({
Expand Down
3 changes: 1 addition & 2 deletions src/classes/HttpsProxyAgent.js
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,7 @@ class HttpsProxyAgent extends Agent {

socket.once('data', () => {
const secureSocket = tls.connect({
rejectUnauthorized: false,
servername: configuration.host,
... configuration.tls,
socket,
});

Expand Down
20 changes: 20 additions & 0 deletions src/types.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,29 @@ export type ProxyConfigurationType = {|
+port: number,
|};

export type TlsConfigurationType = {|
+ca?: string,
+cert?: string,
+ciphers?: string,
+clientCertEngine?: string,
+crl?: string,
+dhparam?: string,
+ecdhCurve?: string,
+honorCipherOrder?: boolean,
+key?: string,
+passphrase?: string,
+pfx?: string,
+rejectUnauthorized?: boolean,
+secureOptions?: number,
+secureProtocol?: string,
+servername?: string,
+sessionIdContext?: string,
|};

export type ConnectionConfigurationType = {|
+host: string,
+port: number,
+tls?: TlsConfigurationType,
+proxy: ProxyConfigurationType,
|};

Expand Down

0 comments on commit aa4b60c

Please sign in to comment.