You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I agree to follow the Code of Conduct that this project adheres to.
I have searched the issue tracker for a bug report that matches the one I want to file, without success.
Electron Version
29.0.0
What operating system are you using?
macOS
Operating System Version
Sonoma 14.4 (23E214)
What arch are you using?
arm64 (including Apple Silicon)
Last Known Working Electron version
No response
Expected Behavior
Electron when running as Node should respect the NODE_EXTRA_CA_CERTS variable and use the additional certificates in the bundle informed for SSL. This is critical when behind a corporate proxy that replaces certificates in the chain by self signed ones that have to be trusted on a case by case basis.
We should be able to achieve the following with Electron:
user@macOSParallels experiment % NODE_EXTRA_CA_CERTS=~/ca/ca-cert-bundle.pem node
Welcome to Node.js v21.7.1.
Type ".help" for more information.
> fetch("https://www.facebook.com").then(data => console.log("**** OK ****")).catch(e => console.error(e));
Promise {
<pending>,
[Symbol(async_id_symbol)]: 53,
[Symbol(trigger_async_id_symbol)]: 52
}
> **** OK ****
user@macOSParallels experiment % ELECTRON_RUN_AS_NODE=1 NODE_EXTRA_CA_CERTS="/Users/user/ca/ca-cert-bundle.pem" electron
Welcome to Node.js v20.9.0.
Type ".help" for more information.
> process.env.NODE_EXTRA_CA_CERTS
'/Users/user/ca/ca-cert-bundle.pem'
> fetch("https://www.facebook.com").then(data => console.log("**** OK ****")).catch(e => console.error(e));
Promise {
<pending>,
[Symbol(async_id_symbol)]: 152,
[Symbol(trigger_async_id_symbol)]: 151
}
> TypeError: fetch failed
at Object.fetch (node:internal/deps/undici/undici:12293:11)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
cause: Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)
at TLSSocket.emit (node:events:514:28)
at TLSSocket.emit (node:domain:551:15)
at TLSSocket._finishInit (node:_tls_wrap:1070:8)
at ssl.onhandshakedone (node:_tls_wrap:856:12)
at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17) {
code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
}
Testcase Gist URL
No response
Additional Information
People at Microsoft had to implement a workaround in VSCode's codebase to make use of NODE_EXTRA_CA_CERTS.
I don't think this should have been needed: devcontainers/cli#559
The text was updated successfully, but these errors were encountered:
jkleinsc
changed the title
[Bug]: Electron does not respect NODE_EXTRA_CA_CERTS
[Feature Request]: Electron does not respect NODE_EXTRA_CA_CERTS
Mar 19, 2024
Preflight Checklist
Electron Version
29.0.0
What operating system are you using?
macOS
Operating System Version
Sonoma 14.4 (23E214)
What arch are you using?
arm64 (including Apple Silicon)
Last Known Working Electron version
No response
Expected Behavior
Electron when running as Node should respect the
NODE_EXTRA_CA_CERTS
variable and use the additional certificates in the bundle informed for SSL. This is critical when behind a corporate proxy that replaces certificates in the chain by self signed ones that have to be trusted on a case by case basis.We should be able to achieve the following with Electron:
(Electron version)
Actual Behavior
NODE_EXTRA_CA_CERTS
is not respected.Testcase Gist URL
No response
Additional Information
People at Microsoft had to implement a workaround in VSCode's codebase to make use of
NODE_EXTRA_CA_CERTS
.I don't think this should have been needed: devcontainers/cli#559
The text was updated successfully, but these errors were encountered: