Does Node.js support certificate pinning? More specifically, if a server passes a HPKP header on the first connection, will Node.js honor that setting?
Note that this is for library in which a client connects to my server. I don't care if the HTTPS server in Node supports certificate pinning.
I also understand that I can inspect the certificate manually and there are a few third party libraries which will check on every connection or monkey patch the request library. I'm not asking about that functionality, either.
My plan is to check the certificate the first time and reject if it doesn't match. However, that doesn't do me any good if the TLS cert is changed after that first call.
Use
res.socket.getPeerCertificate().fingerprint
property of HTTPS response, compare it with your preshared value.