Ben, Thanks for your solution! That fixed it.
Thanks again for the help, Stephen On Thursday, June 20, 2013 4:15:07 AM UTC-5, Ben Noordhuis wrote: > > On Wed, Jun 19, 2013 at 10:07 PM, <[email protected] <javascript:>> > wrote: > > Hello, > > > > We're trying to use Node.js (and Mocha) as a testing framework to test > API > > calls against an internal server over https. > > We're using the following node modules: Mocha, Restify, and Should to > > perform these tests. > > > > When we run mocha testFileName.js, the major error we get back is: > > [2013-06-19 14:16:28.105] [ERROR] console - FAIL: Received error! > [Error: > > UNABLE_TO_VERIFY_LEAF_SIGNATURE] > > Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE > > at SecurePair.<anonymous> (tls.js:1283:32) > > at SecurePair.EventEmitter.emit (events.js:92:17) > > at SecurePair.maybeInitFinished (tls.js:896:10) > > at CleartextStream.read [as _read] (tls.js:430:15) > > at CleartextStream.Readable.read (_stream_readable.js:320:10) > > at EncryptedStream.write [as _write] (tls.js:344:25) > > at doWrite (_stream_writable.js:219:10) > > at writeOrBuffer (_stream_writable.js:209:5) > > at EncryptedStream.Writable.write (_stream_writable.js:180:11) > > at write (_stream_readable.js:573:24) > > at flow (_stream_readable.js:582:7) > > at Socket.pipeOnReadable (_stream_readable.js:614:5) > > at Socket.EventEmitter.emit (events.js:92:17) > > at emitReadable_ (_stream_readable.js:408:10) > > at emitReadable (_stream_readable.js:404:5) > > at readableAddChunk (_stream_readable.js:165:9) > > at Socket.Readable.push (_stream_readable.js:127:10) > > at TCP.onread (net.js:511:21) > > > > > > After searching google and stackexchange it would seem that we have a > > certificate problem. From there we installed internal CA 'public' cert, > as > > well as the instance specific certifications that our app is using > (there > > are multiple redirects to get through), to /usr/local/etc/openssl/certs, > > legacy: /System/Library/Keychains/X509Anchors, > > /Library/Keychains/System.keychain, as well as in Keychain through the > gui > > to our login and System keychains. However, we're still not getting > > anywhere. > > > > Before installing the certs in these places, we couldn't 'curl' our site > > without certificate errors on command-line; however, with them installed > now > > we get no errors, but node still explodes. > > > > We've tried multiple versions of Node, OpenSSL, as well as varying > > installation methods including downloading the package vs. using > homebrew. > > > > Computer Information: > > Mac OS X 10.8.4 (Also tried with 10.8.3) > > Node v0.8.18 (Also tried with: Node v0.10.11, v0.10.12) > > OpenSSL v1.0.1e (Also tried with 0.9.8) > > > > Brainstorming Questions: > > Does Node.js use its own (bundled) version of OpenSSL instead of what's > > installed on the local machine? > > Yes, by default. You can build against your system's OpenSSL if you > want. See `./configure --help` for the relevant flags. > > > If that's the case, where is it looking for certificates? > > They're compiled into the binary. The relevant file is > src/node_root_certs.h. > > > Could the TLS.js be telling Node to look elsewhere for certs? > > It uses the compiled-in root certificates unless you pass in your own CA > chain. > > > Is there a pragmatic approach to overwriting the the certificates used; > it > > appears there might be options we can use like this: > > > > var options = { > > ca: fs.readFileSync("[path to our CA cert file]"), > > requestCert: true, > > rejectUnauthorized: true > > }; > > > > var req = https.request(options, function(res) { > > ... > > }); > > > > But this generates our same error. > > > > Any help would be greatly appreciated, > > Stephen > -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
