Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: self signed certificate in certificate chain #2061

Closed
nmaxcom opened this issue Feb 5, 2016 · 14 comments
Closed

Error: self signed certificate in certificate chain #2061

nmaxcom opened this issue Feb 5, 2016 · 14 comments
Labels
Help (please use Stackoverflow)

Comments

@nmaxcom
Copy link

nmaxcom commented Feb 5, 2016

I'm trying to analyze my requests against a server using Charles Proxy. The server uses TSL so I have the classic fake certificate to be able to view clear traffic.

NodeJS / Request don't like it, so my script doesn't run and throws that error.

How can I bypass this?

                console.log('Response status: ' + response.statusCode);
                                                          ^
TypeError: Cannot read property 'statusCode' of undefined
    at Request._callback (/xxx:88:59)
    at self.callback (/xxx:199:22)
    at Request.emit (events.js:107:17)
    at Request.onRequestError (/xxx:821:8)
    at ClientRequest.emit (events.js:107:17)
    at TLSSocket.socketErrorListener (_http_client.js:271:9)
    at TLSSocket.emit (events.js:107:17)
    at TLSSocket.<anonymous> (_tls_wrap.js:942:18)
    at TLSSocket.emit (events.js:104:17)
    at TLSSocket._finishInit (_tls_wrap.js:460:8)
Error: Error: self signed certificate in certificate chain
@ghost
Copy link

ghost commented Feb 10, 2016

in this case response is undefined.
response doesn't have to be defined.
response will be only defined if an actual response arrived.
if there was some connection error that is not the case.

check for error to be defined, or response.statusCode to be greater or equal than 400.

if you want to debug this use

env NODE_DEBUG="*" node asdf.js

@nmaxcom
Copy link
Author

nmaxcom commented Feb 10, 2016

Thanks for the explanation. I found out how to avoid problems with fake certificates in case anyone is interested:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

With that I can use fake SSL auth to inspect the communications between my client and a server.

@squivo
Copy link

squivo commented Jun 24, 2016

My error was similar but now I"m good thanks @nmaxcom

Error: unable to verify the first certificate
at Error (native)
at TLSSocket. (_tls_wrap.js:929:36)
at TLSSocket.emit (events.js:104:17)
at TLSSocket._finishInit (_tls_wrap.js:460:8)

@ghost
Copy link

ghost commented Jun 25, 2016

or you can just use let's encrypt, certificates that are signed by a legit CA.
self signed certificates dont make sense now.

@langxiong
Copy link

request.get({ uri: 'https://mydocker.com/v2/_catalog', rejectUnauthorized: false }

For self-signed CA, we can specify 'rejectUnauthorized = false'.
Check request.js at line 623 & _tls_wrap.js in node.js.

@ghost
Copy link

ghost commented Jul 7, 2016
edited by ghost

Better alternatives are:
a) Do SSL termination at your load balancer
b) Use a free certificate

In this way you have a single configuration across all your environments.
You will have higher confidence on your deployments and filter errors earlier.

@utkarshcmu utkarshcmu mentioned this issue Jan 18, 2017
Closed
@royling royling mentioned this issue Apr 25, 2017
Closed
@magicdawn
Copy link

magicdawn commented Jul 3, 2017
edited

rejectUnauthorized works in options.rejectUnauthorized = false
but not in options.agentOptions.rejectUnauthorized = false

dont know why 😢

@magicdawn
Copy link

https://github.com/request/request/blob/v2.81.1/request.js#L257-L259

Sorry, only see the code. I get that strictSSL is just an alias to rejectUnauthorized
Have to say that's a bad name, just use rejectUnauthorized 😭

@anandlinast
Copy link

getting this error while runnign code
Parse error: syntax error, unexpected 'var' (T_VAR), expecting end of file in C:\xampp\htdocs\PHPIMAP\admin\index.php on line 146

@achabahe
Copy link

achabahe commented Feb 2, 2018
edited

for people who suggest to set rejectUnauthorized=false what if i have internal servers that should have encrypted connections with each other with some self signed certificates , iguess setting rejectUnauthorized to false will stop the error but my connections are 100% prone to MITM atacks , I see that this is a bug in nodejs tls library that it suffers from and i can't find any fix any where (i have google to page 5 of google results that is really deep) i don't know how other people don't talk about it , AM I missing something here! !!!!! please correct me if i am wrong !!

@rahul-dutt-sharma
Copy link

rahul-dutt-sharma commented Feb 13, 2018
edited 

rejectUnauthorized works in options.rejectUnauthorized = false
but not in options.agentOptions.rejectUnauthorized = false

Both do not work for me

request.get({ uri: 'https://s3.amazonaws.com/...',
    rejectUnauthorized: false,
    // strictSSL: false,
    proxy: '127.0.0.1:8080',
    agentOptions: {
        rejectUnauthorized: false,
        // strictSSL: false,
    },
}, (...args) => {
    console.log(args);
    process.exit();
});

P.S. Running the code from within ELECTRON with ssl disable flag on.

@alassadi
Copy link

For me, disabling Kaspersky antivirus solved the problem.

@reconbot
Copy link
Contributor

reconbot commented Apr 1, 2019

#2061 (comment) seems to be the answer to the general question

@reconbot reconbot closed this as completed Apr 1, 2019
@KalleV KalleV mentioned this issue Oct 2, 2019
Open
@akopchinskiy
Copy link

akopchinskiy commented May 14, 2020
edited

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

Gives no effect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Help (please use Stackoverflow)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests