Add Go Daddy Class 2 CA - G2 certificate#6013
Add Go Daddy Class 2 CA - G2 certificate#6013trollixx wants to merge 1 commit intonodejs:masterfrom trollixx:master
Conversation
|
Thank you for contributing this pull request! Here are a few pointers to make sure your submission will be considered for inclusion. Commit trollixx/node@fe8e6ae89f6b836b394f30989875f3640be4de9b has the following error(s):
The following commiters were not found in the CLA:
You can fix all these things without opening another issue. Please see CONTRIBUTING.md for more information |
|
+1 |
|
Hm... this requires a bit of consideration. Are you sure that your problems can't be solved y setting a |
|
In my case, I'm using a third-party module which ends up calling https.request(), and I have no way to pass a certificate into the module to be used by its https.request() calls. The only viable option that we've found so far is to set NODE_TLS_REJECT_UNAUTHORIZED=0 or to get a new certificate that's rooted by one of the default root certificates trusted by node. Ideally, I'd like a method by which I could tell node to trust specific certificates in addition to its defaults. I don't mind doing some maintenance to make sure my application trusts certificates that I control, but I'm hesitant to start maintaining my own list of trusted certificates when node is already maintaining a list of trusted root certificates. Interestingly, the default bundle already include the GoDaddy Class 2 certificate, but its out of date from what Go Daddy currently uses. |
|
I don't really want to merge this PR because ideally we should be generating the certificate list from Mozilla's CA list. It's something that's been on my TODO list for ages now but I never seem to get around to it. |
|
fwiw in our app, we've monkey patched |
|
@bnoordhuis I understand your concern. Is there any way I can help you implement generating the certificate list from Mozilla's CA list? |
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl and update src/node_crypto.cc to make use of the new format. Fixes nodejs#6013.
|
@bnoordhuis Great, then I am closing this PL in favour of a general solution. |
Update the list of root certificates in src/node_root_certs.h with tools/mk-ca-bundle.pl and update src/node_crypto.cc to make use of the new format. Fixes #6013.
6 participants
We received a new certificate from Go Daddy and it is issued by Go Daddy Root Certificate Authority - G2 which root certificate is not presented in Node.js, so https.request couldn't work properly. This pull request fixes the problem.
Certificate taken from https://certs.godaddy.com/anonymous/repository.pki and also presents in bundle received from Go Daddy after certificate generation.