Is there an equivalent to `c err = client New cerbosAddr cli Cerbos Community #help

Is there an equivalent to `c, err := client.New(*c...

david

07/25/2022, 10:12 AM

Is there an equivalent to

c, err := client.New(*cerbosAddr, client.WithTLSInsecure())

for the Javascript GRPC client? i.e. use TLS, but allow insecure.

Alex Olivier (Cerbos)

07/25/2022, 10:18 AM

Hey David Did you see the

tls

option in the SDK? https://github.com/cerbos/cerbos-sdk-javascript/blob/main/docs/grpc.options.tls.md

david

07/25/2022, 10:20 AM

Hi! Yes I was reading that but (if I understand correctly) its either false = no TLS, or true = TLS with valid/well-known cert. Im looking for the awkward middle ground 🙂 - TLS with self-signed cert

Alex Olivier (Cerbos)

07/25/2022, 10:23 AM

Ah I see - not sure of the top of my head, but you can pass in a

SecureContext

created via https://nodejs.org/api/tls.html#tlscreatesecurecontextoptions What that needs to look like for a self-signed cert I’m not 100% sure

Alex Olivier (Cerbos)

07/25/2022, 10:24 AM

I suspect you may need to tell node to ignore them https://nodejs.org/api/cli.html#node_tls_reject_unauthorizedvalue

Alex Olivier (Cerbos)

07/25/2022, 10:24 AM

so maybe set the tls option to

true

then run your app with an env var of `*`NODE_TLS_REJECT_UNAUTHORIZED=0``*

👍 1

oguzhan

07/25/2022, 10:29 AM

I think something like this could work too;

Copy code

const secureContext = tls.createSecureContext();
secureContext.context.addCACert("-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----");

👍 2

david

07/25/2022, 11:49 AM

Many thanks, both solutions will work I think. But NODE_TLS_REJECT_UNAUTHORIZED is fine for testing. 👍

6 Views

Open in Slack

Previous Next