2

I noticed that while having SSL verification enabled in Postman, endpoints served under certificates issued by R3 fail with the error "SSL verification failed", whereas in a React Native environment if the same call was made using axios the call went through successfully.

Some more digging and landed at the http.Agent and https.Agent options in axios:

https.Agent options image

The default options do not seem to be disabling anything related to SSL verification. But this issue (along with many others) suggest having a problem with SSL verification and having to set rejectUnauthorized param as false while creating a custom https.Agent so that their API calls go through.

From the https.request docs for nodejs, under the examples we can see most of them are pinning certs and there is no option or param to enable a generic SSL verification (like in Postman for example).

In summary,

  1. Is SSL verification disabled by default in axios even when using an HTTPS endpoint? Or is this only applicable in browser environments and driven by the browser's inherent CA verification process?
  2. Do we need to perform certificate pinning to get any kind of SSL verification in a React Native environment?
NitheeshPrabu
  • 21
  • 1

1 Answers1

0

As far as I know, Axios does SSL verification by default, but Agent overwrites this. However, in most environments I would not disable it. R3 should not be rejected by postman, sounds like maybe you're using a certificate store that for some reason doesn't include R3.

Yunnosch
  • 26,130
  • 9
  • 42
  • 54
Jannik
  • 13
  • 2