Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use system certificates #52

Open
jekor opened this issue Mar 20, 2018 · 4 comments
Open

Use system certificates #52

jekor opened this issue Mar 20, 2018 · 4 comments
Labels
enhancement

Comments

@jekor
Copy link

jekor commented Mar 20, 2018

Related to #3, but on the other end of the connection I receive the following error:

PROXY_TO_SERVER_REQUEST_ERROR: Error: unable to verify the first certificate

The server is using a certificate signed by an internal CA. This seems to be caused by Betwixt (node-http-mitm-proxy?) not using the system certificates (on OS X).

A workaround could be a way to pass trusted certificates to the app. I can't make sense of which environment variables (if any) the code in question will consult.
@kdzwinel
Copy link
Owner

👋It's a bit over my head ATM, I'd have to do some research. But please feel free to take a stab at it.

@jekor
Copy link
Author

jekor commented Mar 21, 2018
edited

The good news is that Node seems to have addressed this with nodejs/node@3aa17e4, although it is a compile-time option and there's no indication if it will work on all operating systems. The discussion happened on nodejs/node#4175. The Node CLI documentation shows another (runtime?) option that appears to be related based on the version it was released in: https://nodejs.org/api/cli.html#cli_use_openssl_ca_use_bundled_ca.

I don't know to get Betwixt working with the latest electron (I encountered runtime errors and didn't go any further) nor how to pass one of those parameters.

@kdzwinel
Copy link
Owner

@jekor Gotcha, thanks for doing research, it's very useful. Not sure when I'll get time to look at this, but maybe someone will take a stab at in the meantime 🤞

@AdamMajer
Copy link

NodeJS doesn't have a constant list of certificates for a long time. It allows overrides both at command line and programmatically . node --help and manpage would help you.

--use-bundled-ca, --use-openssl-ca are command line switches

NODE_EXTRA_CA_CERTS file

         When set, the well-known “root” CAs (like VeriSign) will be extended with the
         extra certificates in file.  The file should consist of one or more trusted
         certificates in PEM format.

         If file is missing or misformatted, a message will be emitted once using
         process.emitWarning(), but any errors are otherwise ignored.

         This environment variable is ignored when `node` runs as setuid root or has
         Linux file capabilities set.

SSL_CERT_DIR dir

         If --use-openssl-ca is enabled, this overrides and sets OpenSSL's directory
         containing trusted certificates.

SSL_CERT_FILE file

         If --use-openssl-ca is enabled, this overrides and sets OpenSSL's file contain-
         ing trusted certificates.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jekor @kdzwinel @AdamMajer