undiciOptions.connect = function()

in src/connection/UndiciConnection.ts [76:107]

• 22 lines of code
• 8 McCabe index (conditional complexity)

      undiciOptions.connect = function (opts: buildConnector.Options, cb: buildConnector.Callback) {
        connector(opts, (err, socket) => {
          if (err != null) {
            return cb(err, null)
          }
          if (caFingerprint !== null && isTlsSocket(opts, socket)) {
            const issuerCertificate = getIssuerCertificate(socket)
            /* istanbul ignore next */
            if (issuerCertificate == null) {
              socket.destroy()
              return cb(new Error('Invalid or malformed certificate'), null)
            }

            // Certificate will be empty if a session is reused. In this case, getPeerCertificate
            // will return an empty object, causing a fingeprint check to fail. But, if the session
            // is being reused, it means this socket's peer certificate fingerprint has already been
            // checked, so we can skip it and assume the connection is secure.
            // See https://github.com/nodejs/node/issues/3940#issuecomment-166696776
            if (Object.keys(issuerCertificate).length === 0 && socket.isSessionReused()) {
              return cb(null, socket)
            }

            // Check if fingerprint matches
            /* istanbul ignore else */
            if (!isCaFingerprintMatch(caFingerprint, issuerCertificate.fingerprint256)) {
              socket.destroy()
              return cb(new Error('Server certificate CA fingerprint does not match the value configured in caFingerprint'), null)
            }
          }
          return cb(null, socket)
        })
      }