-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Not Respecting NODE_TLS_REJECT_UNAUTHORIZED = 0 #61
Comments
We are experiencing the same issue which arose when we bumped out node-lts from 16 to 18 this week. What had worked previously using The only way we can by pass the self signed certificate issue is by adding |
This worked for me:
|
We have encountered the same issue when updating Node v16.13.2 → v18.14.1. The same self-signed certificates have been used and are properly working when using Node v16.13.2 in a local environment. Follow-up : our solution was to overwrite the fetcher of the Apollo Gateway const fetcher = require('make-fetch-happen');
const gateway = new ApolloGateway({
buildService({name, url}) {
return new RemoteGraphQLDataSource({
name,
url,
fetcher: fetcher.defaults({strictSSL: false})
});
}
});
|
Anyone fix this? ====================== After my trace this lib did respect the NODE_TLS_REJECT_UNAUTHORIZED, but was overriden by node-gyp. That is not this libs fault I opened an PR to fix this |
Has anyone tried using the npm config that disables this behavior? https://docs.npmjs.com/cli/v7/using-npm/config#strict-ssl |
Setting strict-ssl to false was not sufficient to overcome the issue for me. The only resolution was to patch the minipass-fetch file with options.rejectUnauthorized = false; This has become a standard step in our development environment setup at this point, and confirmed among several developers as being the only option that works. |
The root cause is node-gyp use this package in plain node.js enviroment, so .npmrc won't work. But |
cc @lukekarrys in case there is something |
Seems like the issue is not in this library (that supports NODE_TLS_REJECT_UNAUTHORIZED), but in make-fetch-happen itself (overriding the strictSSL parameter) |
Thanks @garrettboone answers. When I changed enviroment: |
That is what I added to my local copy. At least works for me:
|
Hey all 👋 I've added a test that shows minipass-fetch currently honors the env var, I believe the issue is specific issue lies elsewhere, it's possible that |
Is there an existing issue for this?
Current Behavior
It fails due to a self-signed certificate error, despite being told not to reject unauthorized certificates (my company can't get me the .pem file):
This prevents node-gyp and several other repos from being installed over npm for people such as me.
The workaround we've implemented is to edit your module and pass the option to not reject unauthorized:
Expected Behavior
To install the modules properly over npm, e.g.
Steps To Reproduce
Have a self-signed certificate in your certificate chain.
export NODE_TLS_REJECT_UNAUTHORIZED=0
npm i node-gyp
or
npm i smartsheet
Environment
The text was updated successfully, but these errors were encountered: