diff --git a/README.md b/README.md index 4c6315e..4d737d9 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,12 @@ var https = require('https') , cas ; -cas = https.globalAgent.options.ca = https.globalAgent.options.ca || []; +// This will add the well-known CAs +// to `https.globalAgent.options.ca` +require('ssl-root-cas').inject(); + +cas = https.globalAgent.options.ca; -cas = cas.concat(require('ssl-root-cas')); cas.push(fs.readFileSync(path.join(__dirname, 'ssl', '01-cheap-ssl-intermediary-a.pem'))); cas.push(fs.readFileSync(path.join(__dirname, 'ssl', '02-cheap-ssl-intermediary-b.pem'))); cas.push(fs.readFileSync(path.join(__dirname, 'ssl', '03-cheap-ssl-site.pem'))); @@ -39,10 +42,7 @@ If you want the latest certificates (downloaded as part of the postinstall proce you can require those instead like so: ``` - , latest = require('ssl-root-cas/latest') - ; - -cas = cas.concat(latest); +require('ssl-root-cas/latest').inject(); ``` BAD IDEAS diff --git a/ca-store-generator.js b/ca-store-generator.js index ca7d484..cdeeea5 100644 --- a/ca-store-generator.js +++ b/ca-store-generator.js @@ -125,9 +125,13 @@ function dumpCerts(certs) { fs.writeFileSync( OUTFILE , HEADER - + 'module.exports = [\n' + + 'var cas = module.exports = [\n' + certs.map(function (cert) { return cert.quasiPEM(); }).join(',\n\n') + '\n];\n' + + "module.exports.inject = function () {\n" + + " var opts = require('https').globalAgent.options;\n" + + " if (!opts.ca || opts.ca.length < 100) { opts.ca = (opts.ca||[]).concat(cas); }" + + "};\n" ); console.info("Wrote '" + OUTFILE.replace(/'/g, "\\'") + "'."); } diff --git a/ssl-root-cas.js b/ssl-root-cas.js index 61c6e58..7cc9e54 100644 --- a/ssl-root-cas.js +++ b/ssl-root-cas.js @@ -4,7 +4,7 @@ * generated from https://mxr.mozilla.org/nss/source/lib/ckfw/builtins/certdata.txt?raw=1 */ -module.exports = [ +var cas = module.exports = [ // GTE CyberTrust Global Root "-----BEGIN CERTIFICATE-----\n" + "MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUg\n" + @@ -4094,3 +4094,5 @@ module.exports = [ "3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed\n" + "-----END CERTIFICATE-----\n" ]; +var opts = require('https').globalAgent.options; +if (!opts.ca || opts.ca.length < 100) { opts.ca = (opts.ca||[]).concat(cas); } \ No newline at end of file