RequestError: unable to verify the first certificate

[dlucazeau]

Just installed httpBook. VSCode settings adapted:

"httpyac.requestGotOptions": {
    "request": {
        "https": {
            "rejectUnauthorized": false
        }
    }
} 

With a GET request

GET http://localhost:5000/api/v2/users

I got this error: RequestError: unable to verify the first certificate.

What's wrong? It's a good idea to make a notebook around HTTP ;-)

[AnWeber]

It is strange that when calling to http an https error occurs. Is the call automatically redirected towards https due to lack of authorization? I had an error in the direction before (Anweber/httpyac#39), however I thought I had fixed it. Maybe you disable http.proxySupport once and test it again (change from override to off).

[dlucazeau]

I already have this setting : "http.proxySupport": "off", There is no authoriozation in the api backend, this is a quick and dirty POC on another subject. I've read the discussion about #39, and the entry "request' is not accepted in my .httpyac.json

[AnWeber]

Can you explain the redirection towards https. I will try to recreate the behavior once on my local machine. Your Output Channel log of httpyac could be helpful (please activate log level 'trace')

you can ignore .httpyac.json in your case, since this corresponds in principle to the setting of vscode. I it is only needed if you use httpyac as cli tool.

[dlucazeau]

DEBUG: {
  ... some variables not used from settings.json...
}
TRACE: action request executing
TRACE: action envDefaultHeaders executing
TRACE: action requestBodyImport executing
TRACE: action variableReplacer executing
TRACE: variableReplacer replace url
TRACE: replacer showQuickPick executing
TRACE: replacer showInputBox executing
TRACE: replacer restClientDynamic executing
TRACE: replacer intellijDynamic executing
TRACE: replacer javascript executing
TRACE: replacer host executing
TRACE: replacer oauth2 executing
TRACE: replacer aws executing
TRACE: replacer clientCertificate executing
TRACE: replacer basicAuth executing
TRACE: replacer digestAuth executing
TRACE: variableReplacer replace header User-Agent
TRACE: replacer showQuickPick executing
TRACE: replacer showInputBox executing
TRACE: replacer restClientDynamic executing
TRACE: replacer intellijDynamic executing
TRACE: replacer javascript executing
TRACE: replacer host executing
TRACE: replacer oauth2 executing
TRACE: replacer aws executing
TRACE: replacer clientCertificate executing
TRACE: replacer basicAuth executing
TRACE: replacer digestAuth executing
TRACE: action cookieJar executing
TRACE: action httpClient executing
TRACE: request
{
  "decompress": true,
  "retry": 0,
  "throwHttpErrors": false,
  "http2": true,
  "headers": {
    "accept": "*/*",
    "user-agent": "httpyac",
    "User-Agent": "httpyac"
  },
  "proxy": "",
  "method": "GET",
  "cookieJar": {
    "version": "tough-cookie@4.0.0",
    "storeType": "MemoryCookieStore",
    "rejectPublicSuffixes": true,
    "cookies": []
  }
}
ERROR: http://localhost:5000/api/v2/users
{
  "url": "http://localhost:5000/api/v2/users",
  "method": "GET",
  "headers": {
    "User-Agent": "httpyac"
  },
  "cookieJar": {
    "version": "tough-cookie@4.0.0",
    "storeType": "MemoryCookieStore",
    "rejectPublicSuffixes": true,
    "cookies": []
  }
}
ERROR: RequestError - unable to verify the first certificate
RequestError: unable to verify the first certificate
    at Request._makeRequest (c:\Users\dlucazeau\.vscode\extensions\anweber.vscode-httpyac-2.16.2\dist\extension.js:14049:19)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
    at async Request._onResponseBase (c:\Users\dlucazeau\.vscode\extensions\anweber.vscode-httpyac-2.16.2\dist\extension.js:13762:17)
    at async Request._onResponse (c:\Users\dlucazeau\.vscode\extensions\anweber.vscode-httpyac-2.16.2\dist\extension.js:13806:13)
    at TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)
    at TLSSocket.emit (events.js:315:20)
    at TLSSocket.EventEmitter.emit (domain.js:467:12)
    at TLSSocket._finishInit (_tls_wrap.js:932:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)

[AnWeber]

I have just not been able to reproduce the error with a simple example. Let's see if I can find a hint for the error at got, alternatively I will now disable http2 by default, since this was already problematic many times.

[AnWeber]

I looked at your trace again, the rejectUnauthorized is not currently set. Did you deactivate it for this test? The error descriptions at got (1399, 1039) always go in the direction of the proxy, which you have not actually configured. I will now disable http2 (which uses https) to exclude this known error source according to got.

[AnWeber]

I have provided a new version without http2. But only the extension vscode-httpyac is updated, this is used internally by httpbook. Could you test the error again with the version. If it still occurs, you would need to give me more information so I can recreate the error. Maybe just adapt my example.

[dlucazeau]

I did not understand that this simple request did not work while using httpBook did not cause problems on a few endpoints of our real application. I remembered that by default the code generated by dotnet for a webapi redirects flows to https:

app.UseHttpsRedirection();

When I comment this line, httpbook works like a charm. Thank you for your investigations.

[AnWeber]

This explains the redirection towards https. However, I still lack the explanation why the rejectUnauthorized specification ignored the certificate that could not be validated. I will extend my test for this again and document the solution for it.

[AnWeber]

I have now added some simplifications for setting rejectUnauthorized and also improved the error message. I have provided the changes in the new version. I would be interested to know if using the meta tag # @noRejectUnauthorized would have fixed your error. Could you please test this again?

[dlucazeau]

Yes it does:

[AnWeber]

Thx:-)