On Wed, Jun 19, 2013 at 10:07 PM, <[email protected]> wrote:
> Hello,
>
> We're trying to use Node.js (and Mocha) as a testing framework to test API
> calls against an internal server over https.
> We're using the following node modules: Mocha, Restify, and Should to
> perform these tests.
>
> When we run mocha testFileName.js, the major error we get back is:
> [2013-06-19 14:16:28.105] [ERROR] console - FAIL: Received error! [Error:
> UNABLE_TO_VERIFY_LEAF_SIGNATURE]
> Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
> at SecurePair.<anonymous> (tls.js:1283:32)
> at SecurePair.EventEmitter.emit (events.js:92:17)
> at SecurePair.maybeInitFinished (tls.js:896:10)
> at CleartextStream.read [as _read] (tls.js:430:15)
> at CleartextStream.Readable.read (_stream_readable.js:320:10)
> at EncryptedStream.write [as _write] (tls.js:344:25)
> at doWrite (_stream_writable.js:219:10)
> at writeOrBuffer (_stream_writable.js:209:5)
> at EncryptedStream.Writable.write (_stream_writable.js:180:11)
> at write (_stream_readable.js:573:24)
> at flow (_stream_readable.js:582:7)
> at Socket.pipeOnReadable (_stream_readable.js:614:5)
> at Socket.EventEmitter.emit (events.js:92:17)
> at emitReadable_ (_stream_readable.js:408:10)
> at emitReadable (_stream_readable.js:404:5)
> at readableAddChunk (_stream_readable.js:165:9)
> at Socket.Readable.push (_stream_readable.js:127:10)
> at TCP.onread (net.js:511:21)
>
>
> After searching google and stackexchange it would seem that we have a
> certificate problem. From there we installed internal CA 'public' cert, as
> well as the instance specific certifications that our app is using (there
> are multiple redirects to get through), to /usr/local/etc/openssl/certs,
> legacy: /System/Library/Keychains/X509Anchors,
> /Library/Keychains/System.keychain, as well as in Keychain through the gui
> to our login and System keychains. However, we're still not getting
> anywhere.
>
> Before installing the certs in these places, we couldn't 'curl' our site
> without certificate errors on command-line; however, with them installed now
> we get no errors, but node still explodes.
>
> We've tried multiple versions of Node, OpenSSL, as well as varying
> installation methods including downloading the package vs. using homebrew.
>
> Computer Information:
> Mac OS X 10.8.4 (Also tried with 10.8.3)
> Node v0.8.18 (Also tried with: Node v0.10.11, v0.10.12)
> OpenSSL v1.0.1e (Also tried with 0.9.8)
>
> Brainstorming Questions:
> Does Node.js use its own (bundled) version of OpenSSL instead of what's
> installed on the local machine?
Yes, by default. You can build against your system's OpenSSL if you
want. See `./configure --help` for the relevant flags.
> If that's the case, where is it looking for certificates?
They're compiled into the binary. The relevant file is src/node_root_certs.h.
> Could the TLS.js be telling Node to look elsewhere for certs?
It uses the compiled-in root certificates unless you pass in your own CA chain.
> Is there a pragmatic approach to overwriting the the certificates used; it
> appears there might be options we can use like this:
>
> var options = {
> ca: fs.readFileSync("[path to our CA cert file]"),
> requestCert: true,
> rejectUnauthorized: true
> };
>
> var req = https.request(options, function(res) {
> ...
> });
>
> But this generates our same error.
>
> Any help would be greatly appreciated,
> Stephen
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
