https problem? about arangojs HOT 13 CLOSED

Which --ssl.protocol value are you using for the server? The default for this option should be 4 (TLSv1), but it may be adjusted in a local config file.

from arangojs.

There was no ssl-protocol option in my config file. According to the docs the value was on default (4). The option now inserted into my config, but no change after restart.

from arangojs.

After some debugging it seems that the request was sent out in plain old http when connect from node/iojs: there is no distinction between http and https in request.js.
In the baseUrlParts variable i can see the correct protocol and href properties with correct https value.

from arangojs.

Confirmed. The http module's request function doesn't do HTTPS, the https module's request function doesn't do HTTP. Apparently we need to switch between them ourselves. Yay.

EDIT: The agents aren't compatible either. Awesome.

from arangojs.

@legikaloz I've added support for HTTPS. If the URL you pass into the Database constructor uses HTTPS, the requests (and the default agent) will use the https module instead of the http module. Could you try out the version from the repo and see whether that solves your problem?

from arangojs.

I can confirm the fix, works perfectly in my trials.

from arangojs.

I've published the fix as 1.8.1 on NPM. Thanks for checking this.

from arangojs.

Oops, sorry, i tried with wrong settings :(
the driver doesn't work:

Unhandled rejection Error: unable to verify the first certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:926:38)
    at emitNone (events.js:67:13)
    at TLSSocket.emit (events.js:163:7)
    at TLSSocket._finishInit (_tls_wrap.js:511:8)

Tried to readd certificates with ssl-root-cas, and with https.globalAgent.options.ca.concat() without success. There are no problems with handmade API calls:

require('ssl-root-cas').inject().addFile('.ssl/ca.pem').addFile('.ssl/sub.class1.server.ca.pem');
var https=require('https');
  var options = {
    host: 'https.server.com',
    port: 8530,
    path: '/_db/test/_api/version',
    method: 'GET'
  };
   var request = https.request(options, function(res) {
    console.log("statusCode: ", res.statusCode);
    console.log("headers: ", res.headers);

    res.on('data', function(d) {
      process.stdout.write(d);
    });
  });

  request.on('error', function(e) {
    console.error('error');
    console.error(e);
  });

  request.end();

The response:

statusCode:  200
headers:  { server: 'ArangoDB',
  connection: 'Close',
  'content-type': 'application/json; charset=utf-8',
  'content-length': '44' }
{"server":"arango","version":"2.6.0-alpha3"}

from arangojs.

Have you tried adding the certificate before requiring arangojs? In your HTTPS examples you always do so before requiring https.

The error message is now explicitly complaining about the certificate, so it's now using SSL, at least.

If all else fails, try to create the database object with the option {agent: require('https').globalAgent}. That should make sure it behaves more like the vanilla https.request function.

EDIT: You mention you're adding the certificate to the https.globalAgent -- that isn't enough if you use arangojs with the default configuration. arangojs creates its own Agent instance to cap the number of open sockets for efficiency. Take a look at the agent and agentOptions configuration options.

from arangojs.

The driver works the with the suggested options:
{agent: require('https').globalAgent}
OR

agentOptions: {
    ca: [fs.readFileSync('.ssl/sub.class1.server.ca.pem'),fs.readFileSync('.ssl/ca.pem')]
}

Which one do you prefer?
ps: please add this to the docs

from arangojs.

agentOptions is preferrable as the globalAgent behaves differently from the default (performance-wise).

from arangojs.

Thanks for the clarification

from arangojs.

I've added a note about HTTPS to the README. It'll show up on NPM after the next release.

from arangojs.