node-libcurl icon indicating copy to clipboard operation
node-libcurl copied to clipboard
verified publisher icon JCMais

Build prebuilt addon libcurl with ca bundle

Open JCMais opened this issue 5 years ago • 4 comments

This can be done by passing the option --with-ca-bundle. Doing that would make it much easier to use the library with https sites, as the client would not be required to pass CURLOPT_CAINFO anymore.

Node.js version >= v12.3.0 exposes the certificates it was bundled with, we could use them at build time: https://nodejs.org/api/tls.html#tls_tls_rootcertificates

To generate a file from the property, it as simple as doing this:

import fs from 'fs'
import path from 'path'
import tls from 'tls'

const certFilePath = path.join(__dirname, 'cert.pem')

const tlsData = tls.rootCertificates.join('\n')
fs.writeFileSync(certFilePath, tlsData)

JCMais avatar May 28 '20 00:05 JCMais

Using --with-ca-bundle is in fact not possible, as it does not embed the bundle on the libcurl library itself, it's checked at runtime.

JCMais avatar May 29 '20 00:05 JCMais

https://github.com/curl/curl/pull/4679 might be what we need.

JCMais avatar May 29 '20 12:05 JCMais

curl now has this ability to load ca certs from memory of curl 7.77; it landed in https://github.com/curl/curl/pull/6662. However, it requires support for blob options (#253). In order to move this closer to the goal I've opened a PR for supporting blob options (#300) but it doesn't add support for all of the new options, and the curl for windows repo would need to be updated too I assume.

johnwchadwick avatar Jul 23 '21 04:07 johnwchadwick

Hey @johnwchadwick, thanks a lot for these! I will try to get those reviewed (and merged) in the following days.

JCMais avatar Jul 23 '21 21:07 JCMais