Cannot handle incomplete certificate chains

[kring]

Some servers (www.cmar.csiro.au and programs.communications.gov.au are two examples as of this writing) return an incomplete TLS certificate chain. That is, they only include the leaf certificate, not the intermediate certificate between the leaf and the trusted CA. Technically this is a misconfiguration of the servers, but no one cares because pretty much all browsers can deal with it these days by automatically downloading the intermediate certificate. Unfortunately, node/request don't handle this automatically like browsers do. So we need to work around it in terriajs-server.

There's some discussion from the node.js perspective and the start of a workaround in nodejs/node#16336.

[peterhassall]

This often presents itself with an error like:

{ Error: unable to verify the first certificate
    at TLSSocket.<anonymous> (_tls_wrap.js:1116:38)
    at emitNone (events.js:106:13)
    at TLSSocket.emit (events.js:208:7)
    at TLSSocket._finishInit (_tls_wrap.js:643:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:473:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }