Menu
I'm working on a little app that logs into my local wireless router (Linksys) but I'm running into a problem with the router's self-signed ssl certificate.
I ran wget 192.168.1.1 and get:
ERROR: cannot verify 192.168.1.1's certificate, issued by `/C=US/ST=California/L=Irvine/O=Cisco-Linksys, LLC/OU=Division/CN=Linksys/[email protected]': Self-signed certificate encountered. ERROR: certificate common name `Linksys' doesn't match requested host name `192.168.1.1'. To connect to 192.168.1.1 insecurely, use `--no-check-certificate'. In node, the error being caught is:
{ [Error: socket hang up] code: 'ECONNRESET' } My current sample code is:
var req = https.request({ host: '192.168.1.1', port: 443, path: '/', method: 'GET' }, function(res){ var body = []; res.on('data', function(data){ body.push(data); }); res.on('end', function(){ console.log( body.join('') ); }); }); req.end(); req.on('error', function(err){ console.log(err); }); How can I go about getting node.js to do the equivalent of "--no-check-certificate"?
961
The easiest solution to resolve these errors is to use the “rejectUnauthorized” option shown below. However, this method is unsafe because it disables the server certificate verification, making the Node app open to MITM attack.
You can configure axios to use a custom agent and set rejectUnauthorized to false for that agent: // At instance level const instance = axios. create({ httpsAgent: new https. Agent({ rejectUnauthorized: false }) }); instance.
Cheap and insecure answer:
Add
process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0; in code, before calling https.request()
A more secure way (the solution above makes the whole node process insecure) is answered in this question
164
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
