The ca option is not passed to node-socket instances

[captainmuppet]

CA certificates are not passed to the net.tls.connect() function and the socket can not be upgraded if the server uses a certificate that is not in the mozilla CA Certificate Store.

Use-case: IMAP connection using emailjs-imap-client to internal servers.

[captainmuppet]

Fixed by #67

The webpack version installed by running npm install can not be used to build the project, but [email protected] works fine.
Please consider adding a package-lock or npm-shrinkwrap file.

[felixhammerl]

The node socket does not consume this option... Add the missing cert to your cert store intead.
https://nodejs.org/dist/latest-v11.x/docs/api/net.html#net_socket_connect_options_connectlistener

[captainmuppet]

True, but tls.connect does. That's why I used it twice (constructor / upgradeToSecure).

Last entry for tls.connect options.
All properties used by tls.createSecureContext() can be passed directly to the connect method.

[felixhammerl]

Firefox CA store does not have any influence on your systen cert store because Firefox brings its own store. Use the keychain (on macOS) or whatever your respective system uses.

[captainmuppet]

node.js uses its own certificate store (with certificates copied from the Mozilla CA Certificate Store) by default, as mentioned on the tls page:
ca: Optionally override the trusted CA certificates. Default is to trust the well-known CAs curated by Mozilla.

While installing the certificate on the OS level could* solve the problem, it's also a security risk to accept all certificates from a CA you otherwise wouldn't trust. With the ca option, you only have trust the issuer where it's needed.

* I'm not sure if node.js uses both the internal cert store and the OS provided certificates