Geuis Geuis - 3 months ago 44
Node.js Question

Ignore invalid self-signed ssl certificate in node.js with https.request?

I'm working on a little app that logs into my local wireless router (Linksys) but I'm running into a problem with the router's self-signed ssl certificate.

I ran wget 192.168.1.1 and get:

ERROR: cannot verify 192.168.1.1's certificate, issued by `/C=US/ST=California/L=Irvine/O=Cisco-Linksys, LLC/OU=Division/CN=Linksys/emailAddress=support@linksys.com':
Self-signed certificate encountered.
ERROR: certificate common name `Linksys' doesn't match requested host name `192.168.1.1'.
To connect to 192.168.1.1 insecurely, use `--no-check-certificate'.


In node, the error being caught is:

{ [Error: socket hang up] code: 'ECONNRESET' }


My current sample code is:

var req = https.request({
host: '192.168.1.1',
port: 443,
path: '/',
method: 'GET'

}, function(res){

var body = [];
res.on('data', function(data){
body.push(data);
});

res.on('end', function(){
console.log( body.join('') );
});

});
req.end();

req.on('error', function(err){
console.log(err);
});


How can I go about getting node.js to do the equivalent of "--no-check-certificate"?

Answer

Cheap and insecure answer:

Add

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

in code, before calling https.request()

A more secure way (the solution above makes the whole node process insecure) is answered in this question