Verifying secure connection without rejectUnauthorized option
daeyeon opened this issue · comments
Daeyeon Jeong commented
There is no test case where rejectUnauthorized
, the option for https.request or tls.connect, is true
.
It's set true
by default. So, by default, the server certificate needs to be verified using built-in CAs (if they exist). Its verification with a custom CA (given as an option) is also needed.
Zoltan Herczeg commented
Currently no method for finding system CAs is implemented in the tls module.