如何忽略节点请求中的 SSL 证书验证? [英] How to ignore SSL certificate validation in node requests?

问题描述

我需要使用 node.js 为我的一些 https 请求禁用对等 SSL 验证现在我使用 node-fetch 包，据我所知，它没有这个选项.

I need to disable peer SSL validation for some of my https requests using node.js Right now I use node-fetch package which doesn't have that option, as far as I know.

这应该类似于 CURL 的 CURLOPT_SSL_VERIFYPEER =>假，CURLOPT_SSL_VERIFYHOST =>假

That should be something like CURL's CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false

是否有任何网络软件包允许这样做?有没有办法在 axios 中跳过 SSL 验证?

Does any networking package allow to do so? Is there a way to skip SSL validation in axios maybe?

推荐答案

Axios 到目前为止还没有解决这种情况 - 您可以尝试:

Axios doesn't address that situation so far - you can try:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

但这是一个非常糟糕的想法，因为它在整个节点服务器上禁用了 SSL.

BUT THAT'S A VERY BAD IDEA since it disables SSL across the whole node server.

或者，您可以将 axios 配置为使用自定义代理，并将该代理的 rejectUnauthorized 设置为 false，如前所述 此处.

Or, you can configure axios to use a custom agent and set rejectUnauthorized to false for that agent as mentioned here.

示例:

const https = require('https');
const axios = require('axios')
//or
// import https from 'https';
// import axios from 'axios';

// At instance level
const instance = axios.create({
  httpsAgent: new https.Agent({  
    rejectUnauthorized: false
  })
});

instance.get('https://something.com/foo');

// At request level
const agent = new https.Agent({  
  rejectUnauthorized: false
});

axios.get('https://something.com/foo', { httpsAgent: agent });

这篇关于如何忽略节点请求中的 SSL 证书验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！