Dredd: Support SSL certificates

Created on 11 Nov 2017  路  4Comments  路  Source: apiaryio/dredd

The request library used to query the server allows to specify several client options. Some of them are related to the client certificate, the self-signed certificate validation and others.

It is possible to make this option configurable from the hook script or from the command line?

Possible dirty solution

In order to use your applicaiton with a http server with self signed certificate I added this line in the file lib/transaction-runner.js:

88:      return function() {
89:        if (_this.hookHandlerError) {
90:          return callback(_this.hookHandlerError);
91:        }
->         if(hooks.configuration) _this.configuration.http = hooks.configuration.http;
92:        return async.timesSeries(transactions.length, function(transactionIndex, iterationCallback) {
93:          transaction = transactions[transactionIndex];
94:          logger.verbose("Processing transaction #" + (transactionIndex + 1) + ":", transaction.name);
95:          logger.verbose('Running \'beforeEach\' hooks');

With this change I can now configure the request library options from my hook file:

...
hooks.beforeAll(function (transactions, done) {
  // Allow server self-signed certificates
  hooks.configuration.http.rejectUnauthorized = false;
  // Set client certificate
  hooks.configuration.http.cert = fs.readFileSync(certFile);
  hooks.configuration.http.key = fs.readFileSync(keyFile);
  done();
});
...

Most helpful comment

You don鈥檛 need change code, just set env variable as dirty hack.

process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0;

All 4 comments

I would be quite cautious exposing the whole options, but from the description I understand you need it primarily for testing an API with complex SSL setup - certs, keys, etc. This would be related to https://github.com/apiaryio/dredd/issues/323. Let me rename your issue to "Support SSL certificates".

Yes, you are right about the exposing of the whole options object.
I have done this only to have access to the SSL setup using one line of code.

I just added this.configuration.http.rejectUnauthorized = false, in the following code block, to dredd.js and that unblocked me. Figured I'd drop this in here for others running into this challenge.

  // This is here only because there there is no way how to spy a constructor in CoffeScript
  init(config) {
    this.configuration = applyConfiguration(config);
    this.configuration.http = {};
    this.configuration.http.rejectUnauthorized = false
    this.tests = [];
    this.stats = {

You don鈥檛 need change code, just set env variable as dirty hack.

process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0;
Was this page helpful?
0 / 5 - 0 ratings

Related issues

alejandropg picture alejandropg  路  6Comments

axelssonHakan picture axelssonHakan  路  3Comments

honzajavorek picture honzajavorek  路  4Comments

rkchilaka picture rkchilaka  路  3Comments

honzajavorek picture honzajavorek  路  3Comments