New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error: DEPTH_ZERO_SELF_SIGNED_CERT #418
Comments
Same problem here. Using node v0.10.1 and latest request version. |
same issue here using v0.10.2 |
The code you need is:
Edit: I removed the lame comment that I made, cause, that's just lame of me.... |
|
|
I can verify that NODE_TLS_REJECT_UNAUTHORIZED=0 works for me, but rejectUnauthorized: false does not. |
@case NODE_TLS_REJECT_UNAUTHORIZED is only an escape hatch to revert to old behaviours (allowing invalid and self-signed certs) according to nodejs/node-v0.x-archive#4023 , so it's just a workaround for me to get self-signed cert working. |
We know that, in many cases, I need a fully reproducible test in order to answer that question. |
Unfortunately I don't have a test case, but this might be helpful:
|
Hey guys, Thanks to everyone who works on the library. I was trying to use self-signed cert for some testing and get the same error. I've included details below. Let me know if you need anything else. I've tried all combinations of using strictSSL and rejectUnauthorized but it doesn't seem to work. Node version: 0.10.10 Code for creating server var https = require('https');
var express = require('express');
var app = express();
var credentials = {
key: fs.readFileSync(__dirname + '/priv.pem', 'utf8'),
cert: fs.readFileSync(__dirname + '/cert.crt', 'utf8')
};
var server = https.createServer(credentials, app);
server.listen(3000); Using request like so: var request = require('request');
request.defaults({
strictSSL: false, // allow us to use our self-signed cert for testing
rejectUnauthorized: false
});
request('https://localhost:3000', function(err) {
console.error(err); // outputs the zero_depth error
}); |
@dankohn worked for me |
With
Which is ugly, because I would like to check validity and accept self signed certificates. |
Found the problem while writing a test but was unable to replicate. |
Had an interesting occurrence of this problem. Set strictSSL: false, which worked on one box but not on another (rejectUnauthorized=false failed as well). @dankohn's suggestion worked. |
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; Works for restler as well. |
I was able to get it to work using |
i know is closed and merged |
I'll be closing this issue |
still a issue here v10.0.32 |
@webduvet can you give us a code sample? |
@seanstrom sure, it was very simple sample from nodejs doc. process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"; var tls = require('tls'); var fs = require('fs'); var options = { cert: fs.readFileSync('test-cert.pem'), strictSSL: false }; var cleartextStream = tls.connect(8000, options, function() { console.log('client connected', cleartextStream.authorized ? 'authorized' : 'unauthorized'); process.stdin.pipe(cleartextStream); process.stdin.resume(); }); |
@seanstrom I'm still getting this error when trying to use self-signed certs. Thing is, rejectUnauthorized: false turns off all verification, right? Because it works even if I don't provide a PEM or key or list of accepable certs. I need to provide a cert (or key) and have the request engine support actually check the cert list. |
Yes, |
Thanks, Nylen. That test helped clear up what we were doing wrong. We were using self-signed certs, rather than first creating a self-signed CA and then using that CA to sign the server cert. That's what I thought we were doing, but we weren't. |
For those who wish to understand a principle. https://nodejs.org/dist/v0.12.9/docs/api/tls.html#tls_tls_connect_options_callback process.env.NODE_TLS_REJECT_UNAUTHORIZED = "1";
var tls = require('tls');
var fs = require('fs');
var constants = require('constants');
var util = require('util');
var options = {
host: 'localhost',
strictSSL: true,
ca: [fs.readFileSync('trusted1.pem'), fs.readFileSync('trusted2.pem') ],
rejectUnauthorized: true, // Trust to listed certificates only. Don't trust even google's certificates.
secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1,
secureProtocol: 'SSLv23_method',
ciphers: 'ECDHE-RSA-AES128-SHA256'
};
var socket = tls.connect(3001, options, function() {
console.log('client connected',
socket.authorized ? 'authorized' : 'unauthorized',
socket.encrypted ? 'encrypted' : 'unencrypted',
'\nCipher: ' + util.inspect(socket.getCipher()),
'\nCert Info: \n' + util.inspect(socket.getPeerCertificate(true)));
//process.stdin.pipe(socket);
//process.stdin.resume();
}); |
really it sound all your problems is your client system has no SSL certificate configuration |
Hi there, I'm facing the similar issue but only in "POST" method while "GET" is working fine. Here are the detailed information: Test Code: ` var CONF = process.env['CONF']; frisby.globalSetup({ frisby.create('Test#1: Sunny Day scenario') Execution Error: Error-2
What should be updated here to fix these issues? Thanks |
add this and it should solve it: https.globalAgent.options.rejectUnauthorized = false; |
I'm using self-signed test certificates in my apache2 server and when I call request I get the following error:
I'm using the following code below to test it. Notice that I'm also using needle and it works with the rejectUnauthorized=true option. I could not find an equivalent on request (I've tried strictSSL=false but I guess that's the default). I couldn't find any other samples related do the problem either.
The text was updated successfully, but these errors were encountered: