TruBudget
TruBudget copied to clipboard
openkfw
Fix bug in alpha connection with certificate
- [x] I have searched the issues of this repository and believe that this is not a duplicate.
Description 😯
The askAlphaForPermissions function in the blockchain has a bug. The rejectUnauthorized option should be set to 'true' in production.
the rejectUnAuthorized option is for disabling client verification (mutual ssl). So if mutual ssl should be used this is true but not necessarily in production.
The code of the https Agent is mixing up tls.connect options as you can see here, the key and cert options are relevant for client cert auth and the ca option is relevant for self-signed certificates.
The https agent of the blockchain is looking like this: https://github.com/openkfw/TruBudget/blob/ad3c99a7f2f63f09e98428de8c08f50489ca8ed4/blockchain/src/connectToChain.js#L139-L151
TruBudget blockchain should support following options for the initial register node request:
- En/Disable https
- En/Disable verification of server certificate (rejectUnauthorized)
- En/Disable mTLS (provide options
cert&key) - En/Disable self signed server certificates (provide optiond
ca)
I would suggest to provide a possibility to pass all https agent options via one env var or file to be as flexible as possible.
This issue has been automatically marked as stale because it has not had activity for 30 days. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been automatically closed because of inactivity. You can re-open it if needed.