Support CA fingerprint validation (#1499)

Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com> Co-authored-by: Ioannis Kakavas <ioannis@elastic.co>
2021-08-02 11:20:31 +02:00
parent 563b7746cd
commit a48ebc9442
12 changed files with 337 additions and 4 deletions
--- a/docs/basic-config.asciidoc
+++ b/docs/basic-config.asciidoc
@ -255,6 +255,10 @@ const client = new Client({
 |`boolean`, `'proto'`, `'constructor'` - By the default the client will protect you against prototype poisoning attacks. Read https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08[this article] to learn more. If needed you can disable prototype poisoning protection entirely or one of the two checks. Read the `secure-json-parse` https://github.com/fastify/secure-json-parse[documentation] to learn more. +
 _Default:_ `false`

+|`caFingerprint`
+|`string` - If configured, verify that the fingerprint of the CA certificate that has signed the certificate of the server matches the supplied fingerprint. Only accepts SHA256 digest fingerprints. +
+_Default:_ `null`
+
 |===

 [discrete]
@ -276,4 +280,3 @@ const client = new Client({
  disablePrototypePoisoningProtection: true
 })
 ----
-