#265 optional ssl params, wip on rejectUnauthorized (#266)

apietroni51 · web-flow · commit 2d7185f3a803 · 2025-06-17T12:17:06.000+02:00
* #265 optional ssl params, wip on rejectUnauthorized * narrowed function arg type * handling rejectUnauthorized
diff --git a/src/client.ts b/src/client.ts
@@ -743,9 +743,10 @@ export type ClientListenersParams = {
 }
 
 export interface SSLConnectionParams {
-  key: string
-  cert: string
+  key?: string
+  cert?: string
   ca?: string
+  rejectUnauthorized?: boolean
 }
 
 export type AddressResolverParams =
@@ -765,7 +766,7 @@ export interface ClientParams {
   frameMax?: number
   heartbeat?: number
   listeners?: ClientListenersParams
-  ssl?: SSLConnectionParams
+  ssl?: SSLConnectionParams | boolean
   bufferSizeSettings?: BufferSizeSettings
   socketTimeout?: number
   addressResolver?: AddressResolverParams
diff --git a/src/connection.ts b/src/connection.ts
@@ -32,14 +32,22 @@ import { SaslHandshakeResponse } from "./responses/sasl_handshake_response"
 import { TuneResponse } from "./responses/tune_response"
 import {
   DEFAULT_FRAME_MAX,
+  DEFAULT_SSL_CONFIG,
   DEFAULT_UNLIMITED_FRAME_MAX,
   REQUIRED_MANAGEMENT_VERSION,
   isString,
   removeFrom,
 } from "./util"
 import { Version, checkServerDeclaredVersions, getClientSupportedVersions } from "./versions"
 import { WaitingResponse } from "./waiting_response"
-import { ClientListenersParams, ClientParams, ClosingParams, QueryOffsetParams, StoreOffsetParams } from "./client"
+import {
+  ClientListenersParams,
+  ClientParams,
+  ClosingParams,
+  QueryOffsetParams,
+  SSLConnectionParams,
+  StoreOffsetParams,
+} from "./client"
 import { QueryPublisherResponse } from "./responses/query_publisher_response"
 import { QueryPublisherRequest } from "./requests/query_publisher_request"
 import { StoreOffsetRequest } from "./requests/store_offset_request"
@@ -134,10 +142,7 @@ export class Connection {
 
   private createSocket() {
     const socket = this.params.ssl
-      ? tls.connect(this.params.port, this.params.hostname, {
-          ...this.params.ssl,
-          rejectUnauthorized: false,
-        })
+      ? tls.connect(this.params.port, this.params.hostname, buildSSLParams(this.params.ssl))
       : new Socket().connect(this.params.port, this.params.hostname)
     if (this.params.socketTimeout) socket.setTimeout(this.params.socketTimeout)
     return socket
@@ -634,3 +639,9 @@ export function partition<T>(arr: T[], predicate: (t: T) => boolean): [T[], T[]]
 function isSameStream({ metadataInfo }: { metadataInfo: MetadataInfo }): (e: ListenerEntry) => boolean {
   return (e) => e.stream === metadataInfo.stream
 }
+
+function buildSSLParams(ssl: SSLConnectionParams | true) {
+  if (ssl === true) return DEFAULT_SSL_CONFIG
+
+  return ssl
+}
diff --git a/src/util.ts b/src/util.ts
@@ -13,6 +13,8 @@ export function range(count: number): number[] {
   return ret
 }
 
+export const DEFAULT_SSL_CONFIG = { rejectUnauthorized: false }
+
 export const DEFAULT_FRAME_MAX = 1048576
 export const DEFAULT_UNLIMITED_FRAME_MAX = 0
 export const REQUIRED_MANAGEMENT_VERSION = "3.13.0"

Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,8 @@ export function range(count: number): number[] {`
`13`	`13`	`return ret`
`14`	`14`	`}`
`15`	`15`
	`16`	`+export const DEFAULT_SSL_CONFIG = { rejectUnauthorized: false }`
	`17`	`+`
`16`	`18`	`export const DEFAULT_FRAME_MAX = 1048576`
`17`	`19`	`export const DEFAULT_UNLIMITED_FRAME_MAX = 0`
`18`	`20`	`export const REQUIRED_MANAGEMENT_VERSION = "3.13.0"`