Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider Certs In NODE_EXTRA_CA_CERTS #166

Closed
Jacksondr5 opened this issue Sep 27, 2019 · 5 comments
Closed

Consider Certs In NODE_EXTRA_CA_CERTS #166

Jacksondr5 opened this issue Sep 27, 2019 · 5 comments
Assignees
@mjroghelia
Labels
enhancement stale

Comments

@Jacksondr5
Copy link

Feature Request

Consider certificates referenced by NODE_EXTRA_CA_CERTS

Impacted Code

typed-rest-client/lib/HttpClient.ts

Lines 124 to 142 in c99dbbe

this._certConfig = requestOptions.cert;
if (this._certConfig) {
// If using cert, need fs
fs = require('fs');
// cache the cert content into memory, so we don't have to read it from disk every time
if (this._certConfig.caFile && fs.existsSync(this._certConfig.caFile)) {
this._ca = fs.readFileSync(this._certConfig.caFile, 'utf8');
}
if (this._certConfig.certFile && fs.existsSync(this._certConfig.certFile)) {
this._cert = fs.readFileSync(this._certConfig.certFile, 'utf8');
}
if (this._certConfig.keyFile && fs.existsSync(this._certConfig.keyFile)) {
this._key = fs.readFileSync(this._certConfig.keyFile, 'utf8');
}
}

A check for the env variable should probably happen around here. I'm not sure if it would be better to have the ICertConfiguration options merge with anything found in the environment variable or just overwrite the environment variable in favor of the supplied certs.

Use Case

As the node PR explains, self-signed certs are commonly used in closed environments.

My organization has recently encountered this problem with several TFS extensions. Using the environment variable solved the problem when extensions were using node HTTP clients, but there are a few extensions that use this library and do not surface a way for us to provide certs example from NuGetToolGetter

I'm happy to take a stab at it if desired.
@jtpetty
Copy link
Contributor

jtpetty commented Dec 30, 2019

@Jacksondr5 - I think the issue is that by default, the agent uses Node 6 and NODE_EXTRA_CA_CERTS was added in Node 7.3.

Can you try setting the environment variable AGENT_USE_NODE10=true for your job and then try using the NODE_EXTRA_CA_CERTS variable?

@Jacksondr5
Copy link
Author

@jtpetty Thanks for the reply. We'll try that environment variable out and let you know how it works

@Jacksondr5
Copy link
Author

@jtpetty Unfortunately, that didn't seem to have any effect. We're still seeing certificate errors.

@jtpetty jtpetty assigned mjroghelia and unassigned jtpetty Apr 2, 2020
@jtpetty
Copy link
Contributor

jtpetty commented Apr 2, 2020

@mjroghelia - Can you take a look at this one?

@github-actions
Copy link

github-actions bot commented Jul 1, 2020

This issue has had no activity in 90 days. Please comment if it is not actually stale

@github-actions github-actions bot added the stale label Jul 1, 2020
@github-actions github-actions bot closed this as completed Jul 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mjroghelia mjroghelia

Labels
enhancement stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@stephenmichaelf @mjroghelia @jtpetty @Jacksondr5