Retrieve built-in root certificates within node application

[LuukDeVille]

Is there any way to retrieve the built-in root certificates, that are shiped with node (https://github.com/nodejs/node/blob/master/src/node_root_certs.h) from a node application?

Via https.globalAgent.options.ca it is possible to define custom certificates, but the already existing ones are not listed here.

[sam-github]

Not currently. I've considered adding it, but couldn't really think of a use-case. What's yours? I assume you ask for a reason! :-)

[LuukDeVille]

We have the requirement to add a lot of intermediate CAs via https.globalAgent.options.ca. As the option https.globalAgent.options.ca is going to overwrite the built-in root CAs, we also need to add those root CAs as well. Due to this, my idea was to read the built-in root CAs as well as our intermediate CAs and pass these to https.globalAgent.options.ca.

As there is no option at the moment to get the built-in root CAs, we need to think of getting them somewhere else.

Thus it would be great, if there is an interface to read the built-in root CAs.

[sam-github]

Your use-case seems reasonable to me. No promises on if/when someone will get to this feature, though, sorry.

Have you considered using NODE_EXTRA_CA_CERTS? It does what you want (adds to the CAs without replacing them), but you need them to be in a file, and to set an env variable before node starts, which may or may not work for you.

[LuukDeVille]

We have considered using NODE_EXTRA_CA_CERTS, but we can not use it due to the constraints you have mentioned.