node project to compare https and request. task is to consume https apis while ignoring ssl errors

https-client.js

#!/usr/bin/env node --trace-sync-io

// curl command to test:
// curl --insecure -X GET -v https://localhost:3000/
// something similar in node using the https module

// works with:
// strictSSL: false, // allow us to use our self-signed cert for testing
// rejectUnauthorized: false
// no need to add
// process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

const https = require('https');

var body = '';

// only `rejectUnauthorized: false` is needed
// works without `strictSSL: false`
// removing it gives the error:
// Error: self signed certificate
var options = {
  hostname: 'localhost',
  port: '3000',
  path: '/',
  method: 'GET',
  strictSSL: false,
  rejectUnauthorized: false
};
console.warn(options);

var self = this;

var req = https.request(options, (res) => {
  console.log('statusCode: ', res.statusCode);
  console.log('headers: ', res.headers);

  res.on('data', function(d) { console.log(d.toString()); });
  res.on('data', function(d) { body += d; }.bind(self));
  res.on('end', function() { console.log("body.len: " + body.length); }.bind(self));
});
req.end();

req.on('error', (e) => {
  console.error("Error: " + e);
});

package.json

{
  "name": "http-server",
  "version": "1.0.0",
  "description": "",
  "main": "server.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "start": "node server.js"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "express": "^4.13.3",
    "request": "^2.67.0"
  }
}

request-client.js

#!/usr/bin/env node --trace-sync-io

// curl command to test:
// curl --insecure -X GET -v https://localhost:3000/
// something similar in node using the request package

// is needed, even after setting `strictSSL` and `rejectUnauthorized` to false
// otherwise error is:
// { [Error: self signed certificate] code: 'DEPTH_ZERO_SELF_SIGNED_CERT' }
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

const request = require('request');

// do not help. need to set `process.env.NODE_TLS_REJECT_UNAUTHORIZED` as above
// request.defaults({
//   strictSSL: false,
//   rejectUnauthorized: false
// });

request('https://localhost:3000', function(err) {
  console.error(err); // outputs the zero_depth error
});

server.js

const https = require('https'),
      fs = require('fs'),
      express = require('express');

// keys generated with:
// openssl genrsa -out rsaprivkey.pem 1024
// openssl req -x509 -new -key rsaprivkey.pem -days 3650 -out cert.crt
// https://developers.google.com/google-apps/help/articles/sso-keygen?hl=en
// https://github.com/request/request/issues/418#issuecomment-23058601
var app = express();

app.get('/', function(req, res, next) {
  res.setHeader("Content-Type", "text/plain");
  res.send('hello world');
});

var credentials = {
  key: fs.readFileSync(__dirname + '/rsaprivkey.pem', 'utf8'),
  cert: fs.readFileSync(__dirname + '/cert.crt', 'utf8')
};

function onListening() {
  var addr = server.address();
  var env = app.get('env');
  var bind = typeof addr === 'string'
        ? 'pipe ' + addr
        : 'port ' + addr.port;
  console.log('Listening on ' + bind);
  console.log('Environment is ' + env);
};

var server = https.createServer(credentials, app);
server.listen(3000);
server.on('listening', onListening);

verdict.txt

better to use node `https` module, even though it is more verbose
as compared to the `requests` package

can ignore the ssl error without setting the option on process
requests has issues open for this though
eg. https://github.com/request/request/issues/418#issuecomment-23058601

also starting node with the `--trace-sync-io` option was giving Sync API warnings
on using `requests` with `EventEmitter` somewhere in the `uuid` module
not reproducible using this example though