From 26087f8dc7e713d162c0b900d89369fcce124fff Mon Sep 17 00:00:00 2001
From: Ben Hardill <hardillb@gmail.com>
Date: Mon, 26 Jul 2021 10:25:06 +0100
Subject: [PATCH] Fix support for supplied CA certs

---
 .../nodes/core/network/21-httprequest.js      |  4 +++
 .../nodes/core/network/21-httprequest_spec.js | 27 +++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js b/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js
index 692f5de8c..bf193b6af 100644
--- a/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js
+++ b/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js
@@ -449,6 +449,10 @@ in your Node-RED user directory (${RED.settings.userDir}).
             if (tlsNode) {
                 opts.https = {};
                 tlsNode.addTLSOptions(opts.https);
+                if (opts.https.ca) {
+                    opts.https.certificateAuthority = opts.https.ca;
+                    delete opts.https.ca;
+                }
             } else {
                 if (msg.hasOwnProperty('rejectUnauthorized')) {
                     opts.https = { rejectUnauthorized: msg.rejectUnauthorized };
diff --git a/test/nodes/core/network/21-httprequest_spec.js b/test/nodes/core/network/21-httprequest_spec.js
index e6610ecb6..c3ec942f7 100644
--- a/test/nodes/core/network/21-httprequest_spec.js
+++ b/test/nodes/core/network/21-httprequest_spec.js
@@ -1518,6 +1518,33 @@ describe('HTTP Request Node', function() {
             });
         });
 
+        it('should use tls-config and verify serverCert', function(done) {
+            var flow = [
+                {id:"n1",type:"http request",wires:[["n2"]],method:"GET",ret:"txt",url:getSslTestURLWithoutProtocol('/text'),tls:"n3"},
+                {id:"n2", type:"helper"},
+                {id:"n3", type:"tls-config", cert:"test/resources/ssl/server.crt", key:"test/resources/ssl/server.key", ca:"test/resources/ssl/server.crt", verifyservercert:true}];
+            var testNodes = [httpRequestNode, tlsNode];
+            helper.load(testNodes, flow, function() {
+                var n3 = helper.getNode("n3");
+                var n2 = helper.getNode("n2");
+                var n1 = helper.getNode("n1");
+                n2.on("input", function(msg) {
+                    try {
+                        msg.should.have.property('payload','hello');
+                        msg.should.have.property('statusCode',200);
+                        msg.should.have.property('headers');
+                        msg.headers.should.have.property('content-length',''+('hello'.length));
+                        msg.headers.should.have.property('content-type').which.startWith('text/html');
+                        msg.should.have.property('responseUrl').which.startWith('https://');
+                        done();
+                    } catch(err) {
+                        done(err);
+                    }
+                });
+                n1.receive({payload:"foo"});
+            });
+        });
+
         //Removing HTTP Proxy testcases as GOT + Proxy_Agent doesn't work with mock'd proxy
         /* */
         it('should use http_proxy', function(done) {