Hi,
as per the contribution guidelines, I would like to raise this topic here.
I would like to suggest to extend the ouput of the http request node, when doing https requests, with the peer certificate information (which is provided in the socket object of the response).
Personally, I have a use case where I want to monitor the lifetime of a certificate, when sending requests to specific servers.
As a concept it sounds OK.
A couple of things we should probably work out up front would be what exactly would be exposed, where and if it should be optional.
Having said all that a really quick test with the got library we use in the http-request node is not promising
const got = require('got')
got('https://www.hardill.me.uk',{})
.then( res => {
console.log("good")
console.log(res.socket.getPeerCertificate())
})
.catch(err => {
console.log(err)
})
returns null implying that the socket has already been destroyed by the time it's passed to the response handler.
My suggestion would be to make it pure optional (not configurable). As you said, it would need to be introduced to all nodes that handle a TLS connection.
We could simply add the object to msg.peerCertificate
In regards to how to get the information at all. I was having success when turning got to use the stream API. This way we get notified on the secureConnect event and can store the certificate data.
const got = require('got')
const g = got('https://www.hardill.me.uk',{ "isStream": true })
g.on('response', res => {
console.log(res.statusCode)
});
g.on('socket', (socket) => {
socket.on('secureConnect', () => console.log(socket.getPeerCertificate()))
})
g.on('error', err => {
console.log(err)
});
This seems like a fairly specialist need and wouldn't likly be needed by everyone - wouldn't it be better as a separate node?
I did this a while ago. I used the http request node as a starting point and created a separate node (node-red-contrib-https - npm). Since then, the http request node has evolved. I like the extended features and options the http request node has received.
IMHO it would be simpler to extend the existing node. Especially, since it is only about information that is anyhow available already.
I have created a draft of the proposed changes:
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarksā¢ or registeredĀ® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy