Usman Ismail
Reputation: 18679
Nodejs https does not fail on ssl certificate failure
I am using the https library for nodejs to send a https get request using the following code. I get a valid 200 status even though the certificate of the server being tested is expired.
https.get(options, this.onResponseCallback.bind(this));
The value of options is shown below.
{
protocol: 'https: ',
slashes: true,
auth: null,
host: 'XXXXXXXX',
port: '443',
hostname: 'XXXXXXXX',
hash: null,
search: 'XXXXXXXX',
query: 'XXXXXXXX',
pathname: '/XXXXXXXX/XXXXXXXX',
path: '/XXXXXXXX/XXXXXXXX?XXXXXXXX',
href: 'https://XXXXXXXX',
headers: {
'User-Agent': 'NodeUptime/3.0(https://github.com/fzaninotto/uptime)'
},
rejectUnauthorized: true
}
If I hit the same URL in the browser I get the following error.
How do I get nodejs to fail when the cert is expired?
Upvotes: 4
Views: 932
Answers (1)
artur grzesiak
Reputation: 20348
I think browser security policy is a bit stricter than what you can do in node.
You can access info about server's certificate by:
https.request(options, function(response){
var cert = response.client.pair.cleartext.getPeerCertificate();
});
.valid_to is what you are looking for.
More info about TLS.
Upvotes: 3
Related Questions
- Ignore invalid self-signed ssl certificate in node.js with https.request?
- using try-catch for https but don't catch any error
- Try-Catch not handling errors with an https.get request in Node
- Nodejs Https Certification
- Node js TLS uncaught error on connection fail? How to catch?
- Node.js and https certificate error handling
- Node.js HTTPS server ERR_EMPTY_RESPONSE
- Server HTTPS on node.js doesn't work
- Node.JS UnhandledException with a HTTPS request
- My node.js https client always works regardless of certificate validity