()
| 115 | * Get fetch options with TLS configuration (mTLS + CA certs) for undici |
| 116 | */ |
| 117 | export function getTLSFetchOptions(): { |
| 118 | tls?: TLSConfig |
| 119 | dispatcher?: undici.Dispatcher |
| 120 | } { |
| 121 | const mtlsConfig = getMTLSConfig() |
| 122 | const caCerts = getCACertificates() |
| 123 | |
| 124 | if (!mtlsConfig && !caCerts) { |
| 125 | return {} |
| 126 | } |
| 127 | |
| 128 | const tlsConfig: TLSConfig = { |
| 129 | ...mtlsConfig, |
| 130 | ...(caCerts && { ca: caCerts }), |
| 131 | } |
| 132 | |
| 133 | if (typeof Bun !== 'undefined') { |
| 134 | return { tls: tlsConfig } |
| 135 | } |
| 136 | logForDebugging('TLS: Created undici agent with custom certificates') |
| 137 | // Create a custom undici Agent with TLS options. Lazy-required so that |
| 138 | // the ~1.5MB undici package is only loaded when mTLS/CA certs are configured. |
| 139 | // eslint-disable-next-line @typescript-eslint/no-require-imports |
| 140 | const undiciMod = require('undici') as typeof undici |
| 141 | const agent = new undiciMod.Agent({ |
| 142 | connect: { |
| 143 | cert: tlsConfig.cert, |
| 144 | key: tlsConfig.key, |
| 145 | passphrase: tlsConfig.passphrase, |
| 146 | ...(tlsConfig.ca && { ca: tlsConfig.ca }), |
| 147 | }, |
| 148 | pipelining: 1, |
| 149 | }) |
| 150 | |
| 151 | return { dispatcher: agent } |
| 152 | } |
| 153 | |
| 154 | /** |
| 155 | * Clear the mTLS configuration cache. |
no test coverage detected