If I disable NODE_TLS_REJECT_UNAUTHORIZED, my request is still denied

Question

I am disabling Node from rejecting self signed certificates and making a request.

const { USER, PW } = process.env;

const b64 = new Buffer(`${VP_API_USER}:${VP_API_PW}`).toString("base64");

const Authorization = `Basic ${b64}`;

const doFind = async url => {
  process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;
  const results = await fetch(url, { headers: { Authorization } })
    .then(r => (r.ok ? r.json() : Promise.reject(r)))
    .catch(err => {
      return Promise.reject(err);
    });
  process.env.NODE_TLS_REJECT_UNAUTHORIZED = 1;

  return results;
};

I am still being rejected.

{ FetchError: request to https://<url>:55544/contracts failed, reason: connect ECONNREFUSED <url>:55544
    at ClientRequest.<anonymous> (/Users/mjhamm75/Developer/sedd-monorepo/node_modules/node-fetch/index.js:133:11)
    at emitOne (events.js:116:13)
    at ClientRequest.emit (events.js:211:7)
    at TLSSocket.socketErrorListener (_http_client.js:387:9)
    at emitOne (events.js:116:13)
    at TLSSocket.emit (events.js:211:7)
    at emitErrorNT (internal/streams/destroy.js:64:8)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickCallback (internal/process/next_tick.js:180:9)
  name: 'FetchError',
  message: 'request to https://<url>:55544/contracts failed, reason: connect ECONNREFUSED <url>:55544',
  type: 'system',
  errno: 'ECONNREFUSED',
  code: 'ECONNREFUSED' }

What am I doing wrong?

Answer 1

process.env.NODE_TLS_REJECT_UNAUTHORIZED = 1;

line should go inside the callback (your then or catch before the return. because a promise gets resolved in the callback, but your line

process.env.NODE_TLS_REJECT_UNAUTHORIZED = 1;

is written outside of it, even though it appears after the statement, it runs immediately without waiting for the callback. so, your tls is effectively never disabled.

I hope this helps:)

Answer 2

Previous answer looks incorrect - await postpones execution of next line until promise will be resolved. According to the documentation the NODE_TLS_REJECT_UNAUTHORIZED value should be string '0' to disable TLS validation.