[console] If using an https agent, set rejectUnauthorized in the agent (

elastic#11700) * [console] If using an https agent, set rejectUnauthorized in the agent * [console] Update tests to expect rejectUnauthorized in agent config * [console] Check for null and undefined when setting rejectUnauthorized
snide · May 30, 2017 · a14437d · a14437d
1 parent a49e6b2
commit a14437d
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 3 deletions.
diff --git a/src/core_plugins/console/server/__tests__/proxy_config.js b/src/core_plugins/console/server/__tests__/proxy_config.js
@@ -50,6 +50,7 @@ describe('ProxyConfig', function () {
         ca: [{ path: 'path/to/ca' }],
         cert: undefined,
         key: undefined,
+        rejectUnauthorized: true
       });
     });
 
@@ -68,6 +69,7 @@ describe('ProxyConfig', function () {
         ca: undefined,
         cert: { path: 'path/to/cert' },
         key: { path: 'path/to/key' },
+        rejectUnauthorized: true
       });
     });
 
@@ -76,7 +78,8 @@ describe('ProxyConfig', function () {
         ssl: {
           ca: ['path/to/ca'],
           cert: 'path/to/cert',
-          key: 'path/to/key'
+          key: 'path/to/key',
+          rejectUnauthorized: true
         }
       });
 
@@ -87,6 +90,7 @@ describe('ProxyConfig', function () {
         ca: [{ path: 'path/to/ca' }],
         cert: { path: 'path/to/cert' },
         key: { path: 'path/to/key' },
+        rejectUnauthorized: true
       });
     });
   });

diff --git a/src/core_plugins/console/server/__tests__/proxy_config_collection.js b/src/core_plugins/console/server/__tests__/proxy_config_collection.js
@@ -143,7 +143,7 @@ describe('ProxyConfigCollection', function () {
 
     it('verifies for config that produces ssl agent', function () {
       const conf = makeCollection().configForUri('https://es.internal.org/_search');
-      expect(conf).to.have.property('rejectUnauthorized', true);
+      expect(conf.agent.options).to.have.property('rejectUnauthorized', true);
       expect(conf.agent).to.be.an(HttpsAgent);
     });
 

diff --git a/src/core_plugins/console/server/proxy_config.js b/src/core_plugins/console/server/proxy_config.js
@@ -45,6 +45,7 @@ export class ProxyConfig {
     };
 
     if (values(sslAgentOpts).filter(Boolean).length) {
+      sslAgentOpts.rejectUnauthorized = this.verifySsl == null ? true : this.verifySsl;
       return new HttpsAgent(sslAgentOpts);
     }
   }
@@ -58,7 +59,7 @@ export class ProxyConfig {
     if (!match) return {};
     return {
       timeout: this.timeout,
-      rejectUnauthorized: this.sslAgent ? true : this.verifySsl,
+      rejectUnauthorized: this.sslAgent ? undefined : this.verifySsl,
       agent: protocol === 'https:' ? this.sslAgent : undefined
     };
   }