Handle insecure SSL warnings when connecting to JIRA servers

[jefft]

When connecting to a JIRA with a self-signed certificate, SP breaks with errors like these in the console:

angular.js:14362 Possibly unhandled rejection: {"error":{"cause":{"code":"DEPTH_ZERO_SELF_SIGNED_CERT"},"error":{"code":"DEPTH_ZERO_SELF_SIGNED_CERT"},"message":"Error: self signed certificate","name":"RequestError","options":{"auth":{"pass":"REDACTED","user":"jturner"},"body":{"fields":["summary","description","timeestimate","timespent","status","attachment","comment","updated"],"jql":"resolution = Unresolved ORDER BY updatedDate DESC","maxResults":100},"followAllRedirects":true,"json":true,"method":"POST","rejectUnauthorized":true,"resolveWithFullResponse":false,"simple":true,"uri":"https://issues.redradishtech.com/rest/api/latest/search"}},"requestId":"69215dc3-c079-4183-b258-db68b62e9ecc"}

Even though the OS trusts the self-signed cert, NodeJS doesn't.

Ideally, SP would pop up a dialog saying "This certificate is untrusted - continue?". Next-best option would be to figure out new NodeJS's mechanism for allowing extra trusted certs (nodejs/node#9139).

[johannesjo]

Thanks for digging into it! I like your suggestions, but for now I would assume that this is a rare use case (correct me if I'm wrong!) and for that it is too much effort to fix and there are some delicate security implications to consider.

What you can try to do however is to set NODE_TLS_REJECT_UNAUTHORIZED='0' as environment variable when running npm start as discussed here.

[jefft]

Yes certainly, untrusted certs are relatively uncommon and this needn't be a priority.

I restarted using the latest (d5ba4f7) with NODE_TLS_REJECT_UNAUTHORIZED=0 NODE_ENV=DEV electron ./electron/main.js and host 'https://issues.redradishtech.com'. I don't see any "DEPTH_ZERO_SELF_SIGNED_CERT" errors in the console, so presumably the flag worked. I still got the familiar Jira Request failed: searchJira – [object Object] error, but that's something to track in #1.