So as far as I understood the nodejs ssl/tls request implementation checks by default if the hostname or IP is part of the cert's alt names.
One of the workarounds is that in the options object you can override the checkServerIdentity
function so it could look like this
var options = { url: 'https://localhost:8000/', ca: fs.readFileSync(caFile), checkServerIdentity: function (host, cert) { return undefined; }};
Now in my case I don't really care for the server's host name as long as it has a certificate that is signed by a CA I trust (set with the option.ca
property).
My question is does the overriding of this function in that way also remove the signature check? And if it does how should I implement it so I can only check if the cert is signed by the CA?