Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Proxy with self-signed cert not accepted (rejectUnauthorized=false not being passed to tunnel-agent)
See original GitHub issueSummary
When using request to CONNECT to an explicit proxy that had a self-signed cert, the request produced this error:
{ Error: tunneling socket could not be established, cause=self signed certificate
at ClientRequest.onError (/nodeApp/node_modules/tunnel-agent/index.js:178:17)
at ClientRequest.g (events.js:292:16)
at emitOne (events.js:96:13)
at ClientRequest.emit (events.js:188:7)
at TLSSocket.socketErrorListener (_http_client.js:310:9)
at emitOne (events.js:96:13)
at TLSSocket.emit (events.js:188:7)
at emitErrorNT (net.js:1277:8)
at _combinedTickCallback (internal/process/next_tick.js:80:11)
at process._tickCallback (internal/process/next_tick.js:104:9) code: 'ECONNRESET' }
I traced the problem to the code below at line 134 in tunnel-agent/index.js
debug('making CONNECT request')
var connectReq = self.request(connectOptions)
connectReq.useChunkedEncodingByDefault = false // for v0.6
connectReq.once('response', onResponse) // for v0.6
connectReq.once('upgrade', onUpgrade) // for v0.6
connectReq.once('connect', onConnect) // for v0.7 or later
connectReq.once('error', onError)
connectReq.end()
The connectOptions at that point in the code did not contain the properties rejectUnauthorized or requestCert which were set to false in the request options object (even though headers set at the request object like Proxy-Authorization were passed all the way through);
Modifying the tunnel-agent module to hardcode the rejectUnauthorized and requestCert properties at this point in the code resolved the error.
version of request used was latest (2.81.1 )
So, it appears that somewhere the rejectUnauthorized and requestCert properties are being removed (or not copied over) such that they do not make there way down to the tunnel-agent module
Issue Analytics
- State:
- Created 6 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I believe this is an API miss. When you want to ignore self-signed certificates while using an HTTPS proxy you have two types of certificates:
As for 1. the option used is request({rejectUnauthorized}), as for 2. today there’s no way to specify that you want to ignore the self signed certificate. For this it would mean being able to pass options to the CONNECT call here: https://github.com/request/tunnel-agent/blob/eb2b1b19e09ee0e6a2b54eb2612755731b7301dc/index.js#L122)
I propose to add a
proxyConnectOptionsattribute to request({}) and forward it to tunnel-agent (YAY! new option) to solve this.What do you think?
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.