Set accepted CA list and ignore SSL errors with chai-http

核能气质少年 提交于 2021-01-02 08:22:37

问题


I'm trying to write unit tests for my node code with chai/chai-http. Everything was working fine until I switched my server to an HTTPS server, but because my certificate is signed by an internal company root and the common name of the certificate I'm using doesn't match localhost, chai is throwing an error on my request.

I'd like to do the following:

  1. Ignore SSL errors related to domain name verification.

  2. Set the list of CAs to check against. If this cannot be done, I'd be fine with just skipping all client-side certificate checks instead.

My code is as follows:

var chai = require('chai');
var chaiHttp = require('chai-http');
var https = require('https');
var fs = require('fs');
var server = require('../app.js');

chai.should();
chai.use(chaiHttp);

https.globalAgent.options.ca = [
    fs.readFileSync('./ssl/Root.cer'),
];

describe('Attachments', function () {
  it('should succeed when passed valid arguments', function (done) {
      chai.request(server)
        .get('/10881057300D0A4E8E8586542AA3626E41')
        .set('userId', 'user')
        .set('region', 'US')
        .end(function (err, res) {
            chai.assert(res);
            res.should.have.status(200);
            chai.assert(res.body);
            done();
        });
  });

  it('should return error without userId header', function (done) {
      chai.request(server)
        .get('/10881057300D0A4E8E8586542AA3626E41')
        .end(function (err, res) {
            chai.assert(res);
            res.should.have.status(500);
            chai.assert(res.type == 'application/json');
            done();
        });
  });
});

And I get the following stack trace:

 Uncaught AssertionError: Unspecified AssertionError
  at test\test.js:21:18
  at Test.Request.callback (node_modules\superagent\lib\node\index.js:615:12
)
  at ClientRequest.<anonymous> (node_modules\superagent\lib\node\index.js:56
7:10)
  at TLSSocket.socketErrorListener (_http_client.js:267:9)
  at emitErrorNT (net.js:1253:8)

回答1:


I solved it by the suggestion here.

I think it is rejecting as invalid TLS. Even though mine was not using an invalid cert, I assume somewhere in the guts it is changing the valid cert's url to localhost or resolving to an IP address which isn't associated to the FQDN of the cert I am using. Adding the following code before the first "describe()" fixed it for me.

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

Here is the full test code:

var chai = require('chai');
var chaiHttp = require('chai-http');
var server = require('../server');
var should = chai.should();

chai.use(chaiHttp);

// This line allows use with https
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

describe('Auth', function() {
    it('should return 401 with invalid credentials', function(done){
        chai.request(server)
        .post('/api/v1/user/authenticate')
        .send({"email":"badaccount@somedomain.com", "password": "password"})
        .end(function(err, res) {
            res.should.have.status(401);
            done();
        });
    });


});


来源:https://stackoverflow.com/questions/41572681/set-accepted-ca-list-and-ignore-ssl-errors-with-chai-http

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!