/** * HTTPS is the HTTP protocol over TLS/SSL. In Node.js this is implemented as a * separate module. * @see [source](https://github.com/nodejs/node/blob/v16.9.0/lib/https.js) */ declare module 'https' { import { Duplex } from 'node:stream'; import * as tls from 'node:tls'; import * as http from 'node:http'; import { URL } from 'node:url'; type ServerOptions = tls.SecureContextOptions & tls.TlsOptions & http.ServerOptions; type RequestOptions = http.RequestOptions & tls.SecureContextOptions & { rejectUnauthorized?: boolean | undefined; // Defaults to true servername?: string | undefined; // SNI TLS Extension }; interface AgentOptions extends http.AgentOptions, tls.ConnectionOptions { rejectUnauthorized?: boolean | undefined; maxCachedSessions?: number | undefined; } /** * An `Agent` object for HTTPS similar to `http.Agent`. See {@link request} for more information. * @since v0.4.5 */ class Agent extends http.Agent { constructor(options?: AgentOptions); options: AgentOptions; } interface Server extends http.Server {} /** * See `http.Server` for more information. * @since v0.3.4 */ class Server extends tls.Server { constructor(requestListener?: http.RequestListener); constructor(options: ServerOptions, requestListener?: http.RequestListener); addListener(event: string, listener: (...args: any[]) => void): this; addListener(event: 'keylog', listener: (line: Buffer, tlsSocket: tls.TLSSocket) => void): this; addListener(event: 'newSession', listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this; addListener(event: 'OCSPRequest', listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this; addListener(event: 'resumeSession', listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this; addListener(event: 'secureConnection', listener: (tlsSocket: tls.TLSSocket) => void): this; addListener(event: 'tlsClientError', listener: (err: Error, tlsSocket: tls.TLSSocket) => void): this; addListener(event: 'close', listener: () => void): this; addListener(event: 'connection', listener: (socket: Duplex) => void): this; addListener(event: 'error', listener: (err: Error) => void): this; addListener(event: 'listening', listener: () => void): this; addListener(event: 'checkContinue', listener: http.RequestListener): this; addListener(event: 'checkExpectation', listener: http.RequestListener): this; addListener(event: 'clientError', listener: (err: Error, socket: Duplex) => void): this; addListener(event: 'connect', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this; addListener(event: 'request', listener: http.RequestListener): this; addListener(event: 'upgrade', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this; emit(event: string, ...args: any[]): boolean; emit(event: 'keylog', line: Buffer, tlsSocket: tls.TLSSocket): boolean; emit(event: 'newSession', sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void): boolean; emit(event: 'OCSPRequest', certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void): boolean; emit(event: 'resumeSession', sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void): boolean; emit(event: 'secureConnection', tlsSocket: tls.TLSSocket): boolean; emit(event: 'tlsClientError', err: Error, tlsSocket: tls.TLSSocket): boolean; emit(event: 'close'): boolean; emit(event: 'connection', socket: Duplex): boolean; emit(event: 'error', err: Error): boolean; emit(event: 'listening'): boolean; emit(event: 'checkContinue', req: http.IncomingMessage, res: http.ServerResponse): boolean; emit(event: 'checkExpectation', req: http.IncomingMessage, res: http.ServerResponse): boolean; emit(event: 'clientError', err: Error, socket: Duplex): boolean; emit(event: 'connect', req: http.IncomingMessage, socket: Duplex, head: Buffer): boolean; emit(event: 'request', req: http.IncomingMessage, res: http.ServerResponse): boolean; emit(event: 'upgrade', req: http.IncomingMessage, socket: Duplex, head: Buffer): boolean; on(event: string, listener: (...args: any[]) => void): this; on(event: 'keylog', listener: (line: Buffer, tlsSocket: tls.TLSSocket) => void): this; on(event: 'newSession', listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this; on(event: 'OCSPRequest', listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this; on(event: 'resumeSession', listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this; on(event: 'secureConnection', listener: (tlsSocket: tls.TLSSocket) => void): this; on(event: 'tlsClientError', listener: (err: Error, tlsSocket: tls.TLSSocket) => void): this; on(event: 'close', listener: () => void): this; on(event: 'connection', listener: (socket: Duplex) => void): this; on(event: 'error', listener: (err: Error) => void): this; on(event: 'listening', listener: () => void): this; on(event: 'checkContinue', listener: http.RequestListener): this; on(event: 'checkExpectation', listener: http.RequestListener): this; on(event: 'clientError', listener: (err: Error, socket: Duplex) => void): this; on(event: 'connect', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this; on(event: 'request', listener: http.RequestListener): this; on(event: 'upgrade', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this; once(event: string, listener: (...args: any[]) => void): this; once(event: 'keylog', listener: (line: Buffer, tlsSocket: tls.TLSSocket) => void): this; once(event: 'newSession', listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this; once(event: 'OCSPRequest', listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this; once(event: 'resumeSession', listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this; once(event: 'secureConnection', listener: (tlsSocket: tls.TLSSocket) => void): this; once(event: 'tlsClientError', listener: (err: Error, tlsSocket: tls.TLSSocket) => void): this; once(event: 'close', listener: () => void): this; once(event: 'connection', listener: (socket: Duplex) => void): this; once(event: 'error', listener: (err: Error) => void): this; once(event: 'listening', listener: () => void): this; once(event: 'checkContinue', listener: http.RequestListener): this; once(event: 'checkExpectation', listener: http.RequestListener): this; once(event: 'clientError', listener: (err: Error, socket: Duplex) => void): this; once(event: 'connect', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this; once(event: 'request', listener: http.RequestListener): this; once(event: 'upgrade', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this; prependListener(event: string, listener: (...args: any[]) => void): this; prependListener(event: 'keylog', listener: (line: Buffer, tlsSocket: tls.TLSSocket) => void): this; prependListener(event: 'newSession', listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this; prependListener(event: 'OCSPRequest', listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this; prependListener(event: 'resumeSession', listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this; prependListener(event: 'secureConnection', listener: (tlsSocket: tls.TLSSocket) => void): this; prependListener(event: 'tlsClientError', listener: (err: Error, tlsSocket: tls.TLSSocket) => void): this; prependListener(event: 'close', listener: () => void): this; prependListener(event: 'connection', listener: (socket: Duplex) => void): this; prependListener(event: 'error', listener: (err: Error) => void): this; prependListener(event: 'listening', listener: () => void): this; prependListener(event: 'checkContinue', listener: http.RequestListener): this; prependListener(event: 'checkExpectation', listener: http.RequestListener): this; prependListener(event: 'clientError', listener: (err: Error, socket: Duplex) => void): this; prependListener(event: 'connect', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this; prependListener(event: 'request', listener: http.RequestListener): this; prependListener(event: 'upgrade', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this; prependOnceListener(event: string, listener: (...args: any[]) => void): this; prependOnceListener(event: 'keylog', listener: (line: Buffer, tlsSocket: tls.TLSSocket) => void): this; prependOnceListener(event: 'newSession', listener: (sessionId: Buffer, sessionData: Buffer, callback: (err: Error, resp: Buffer) => void) => void): this; prependOnceListener(event: 'OCSPRequest', listener: (certificate: Buffer, issuer: Buffer, callback: (err: Error | null, resp: Buffer) => void) => void): this; prependOnceListener(event: 'resumeSession', listener: (sessionId: Buffer, callback: (err: Error, sessionData: Buffer) => void) => void): this; prependOnceListener(event: 'secureConnection', listener: (tlsSocket: tls.TLSSocket) => void): this; prependOnceListener(event: 'tlsClientError', listener: (err: Error, tlsSocket: tls.TLSSocket) => void): this; prependOnceListener(event: 'close', listener: () => void): this; prependOnceListener(event: 'connection', listener: (socket: Duplex) => void): this; prependOnceListener(event: 'error', listener: (err: Error) => void): this; prependOnceListener(event: 'listening', listener: () => void): this; prependOnceListener(event: 'checkContinue', listener: http.RequestListener): this; prependOnceListener(event: 'checkExpectation', listener: http.RequestListener): this; prependOnceListener(event: 'clientError', listener: (err: Error, socket: Duplex) => void): this; prependOnceListener(event: 'connect', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this; prependOnceListener(event: 'request', listener: http.RequestListener): this; prependOnceListener(event: 'upgrade', listener: (req: http.IncomingMessage, socket: Duplex, head: Buffer) => void): this; } /** * ```js * // curl -k https://localhost:8000/ * const https = require('https'); * const fs = require('fs'); * * const options = { * key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'), * cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem') * }; * * https.createServer(options, (req, res) => { * res.writeHead(200); * res.end('hello world\n'); * }).listen(8000); * ``` * * Or * * ```js * const https = require('https'); * const fs = require('fs'); * * const options = { * pfx: fs.readFileSync('test/fixtures/test_cert.pfx'), * passphrase: 'sample' * }; * * https.createServer(options, (req, res) => { * res.writeHead(200); * res.end('hello world\n'); * }).listen(8000); * ``` * @since v0.3.4 * @param options Accepts `options` from `createServer`, `createSecureContext` and `createServer`. * @param requestListener A listener to be added to the `'request'` event. */ function createServer(requestListener?: http.RequestListener): Server; function createServer(options: ServerOptions, requestListener?: http.RequestListener): Server; /** * Makes a request to a secure web server. * * The following additional `options` from `tls.connect()` are also accepted:`ca`, `cert`, `ciphers`, `clientCertEngine`, `crl`, `dhparam`, `ecdhCurve`,`honorCipherOrder`, `key`, `passphrase`, * `pfx`, `rejectUnauthorized`,`secureOptions`, `secureProtocol`, `servername`, `sessionIdContext`,`highWaterMark`. * * `options` can be an object, a string, or a `URL` object. If `options` is a * string, it is automatically parsed with `new URL()`. If it is a `URL` object, it will be automatically converted to an ordinary `options` object. * * `https.request()` returns an instance of the `http.ClientRequest` class. The `ClientRequest` instance is a writable stream. If one needs to * upload a file with a POST request, then write to the `ClientRequest` object. * * ```js * const https = require('https'); * * const options = { * hostname: 'encrypted.google.com', * port: 443, * path: '/', * method: 'GET' * }; * * const req = https.request(options, (res) => { * console.log('statusCode:', res.statusCode); * console.log('headers:', res.headers); * * res.on('data', (d) => { * process.stdout.write(d); * }); * }); * * req.on('error', (e) => { * console.error(e); * }); * req.end(); * ``` * * Example using options from `tls.connect()`: * * ```js * const options = { * hostname: 'encrypted.google.com', * port: 443, * path: '/', * method: 'GET', * key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'), * cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem') * }; * options.agent = new https.Agent(options); * * const req = https.request(options, (res) => { * // ... * }); * ``` * * Alternatively, opt out of connection pooling by not using an `Agent`. * * ```js * const options = { * hostname: 'encrypted.google.com', * port: 443, * path: '/', * method: 'GET', * key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'), * cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem'), * agent: false * }; * * const req = https.request(options, (res) => { * // ... * }); * ``` * * Example using a `URL` as `options`: * * ```js * const options = new URL('https://abc:xyz@example.com'); * * const req = https.request(options, (res) => { * // ... * }); * ``` * * Example pinning on certificate fingerprint, or the public key (similar to`pin-sha256`): * * ```js * const tls = require('tls'); * const https = require('https'); * const crypto = require('crypto'); * * function sha256(s) { * return crypto.createHash('sha256').update(s).digest('base64'); * } * const options = { * hostname: 'github.com', * port: 443, * path: '/', * method: 'GET', * checkServerIdentity: function(host, cert) { * // Make sure the certificate is issued to the host we are connected to * const err = tls.checkServerIdentity(host, cert); * if (err) { * return err; * } * * // Pin the public key, similar to HPKP pin-sha25 pinning * const pubkey256 = 'pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU='; * if (sha256(cert.pubkey) !== pubkey256) { * const msg = 'Certificate verification error: ' + * `The public key of '${cert.subject.CN}' ` + * 'does not match our pinned fingerprint'; * return new Error(msg); * } * * // Pin the exact certificate, rather than the pub key * const cert256 = '25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:' + * 'D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16'; * if (cert.fingerprint256 !== cert256) { * const msg = 'Certificate verification error: ' + * `The certificate of '${cert.subject.CN}' ` + * 'does not match our pinned fingerprint'; * return new Error(msg); * } * * // This loop is informational only. * // Print the certificate and public key fingerprints of all certs in the * // chain. Its common to pin the public key of the issuer on the public * // internet, while pinning the public key of the service in sensitive * // environments. * do { * console.log('Subject Common Name:', cert.subject.CN); * console.log(' Certificate SHA256 fingerprint:', cert.fingerprint256); * * hash = crypto.createHash('sha256'); * console.log(' Public key ping-sha256:', sha256(cert.pubkey)); * * lastprint256 = cert.fingerprint256; * cert = cert.issuerCertificate; * } while (cert.fingerprint256 !== lastprint256); * * }, * }; * * options.agent = new https.Agent(options); * const req = https.request(options, (res) => { * console.log('All OK. Server matched our pinned cert or public key'); * console.log('statusCode:', res.statusCode); * // Print the HPKP values * console.log('headers:', res.headers['public-key-pins']); * * res.on('data', (d) => {}); * }); * * req.on('error', (e) => { * console.error(e.message); * }); * req.end(); * ``` * * Outputs for example: * * ```text * Subject Common Name: github.com * Certificate SHA256 fingerprint: 25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16 * Public key ping-sha256: pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU= * Subject Common Name: DigiCert SHA2 Extended Validation Server CA * Certificate SHA256 fingerprint: 40:3E:06:2A:26:53:05:91:13:28:5B:AF:80:A0:D4:AE:42:2C:84:8C:9F:78:FA:D0:1F:C9:4B:C5:B8:7F:EF:1A * Public key ping-sha256: RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho= * Subject Common Name: DigiCert High Assurance EV Root CA * Certificate SHA256 fingerprint: 74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF * Public key ping-sha256: WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= * All OK. Server matched our pinned cert or public key * statusCode: 200 * headers: max-age=0; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho="; * pin-sha256="k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4="; * pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; pin-sha256="LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A="; includeSubDomains * ``` * @since v0.3.6 * @param options Accepts all `options` from `request`, with some differences in default values: */ function request(options: RequestOptions | string | URL, callback?: (res: http.IncomingMessage) => void): http.ClientRequest; function request(url: string | URL, options: RequestOptions, callback?: (res: http.IncomingMessage) => void): http.ClientRequest; /** * Like `http.get()` but for HTTPS. * * `options` can be an object, a string, or a `URL` object. If `options` is a * string, it is automatically parsed with `new URL()`. If it is a `URL` object, it will be automatically converted to an ordinary `options` object. * * ```js * const https = require('https'); * * https.get('https://encrypted.google.com/', (res) => { * console.log('statusCode:', res.statusCode); * console.log('headers:', res.headers); * * res.on('data', (d) => { * process.stdout.write(d); * }); * * }).on('error', (e) => { * console.error(e); * }); * ``` * @since v0.3.6 * @param options Accepts the same `options` as {@link request}, with the `method` always set to `GET`. */ function get(options: RequestOptions | string | URL, callback?: (res: http.IncomingMessage) => void): http.ClientRequest; function get(url: string | URL, options: RequestOptions, callback?: (res: http.IncomingMessage) => void): http.ClientRequest; let globalAgent: Agent; } declare module 'node:https' { export * from 'https'; }