SSL Certificate Verification Fails For Remote RPC

[stonemelody]

Using version v3.0.0, SSL certificate verification fails with a base error of ERR_TLS_CERT_ALTNAME_INVALID. This is caused by the default TLS checking code in node trying to verify the hostname on the cert. The chia code itself ignores these checks. From some searching around, adding checkServerIdentity: () => undefined as one of the options for the https rpc agent disables hostname checking

[ChiaMineJP]

Thanks for reporting.

adding checkServerIdentity: () => undefined as one of the options for the https rpc agent disables hostname checking

Did you actually confirm this? Skipping server hostname check seems to be insecure, and sounds like the cert/key you used were wrong. Are you sure that cert/key you used valid?

[stonemelody]

yes, I have confirmed this in the v1.2.11 chia code for both servers and clients that they use. Yes, the certificates that I used were valid :)

[1Megu]

I've submitted a PR for this as its standard with the core Chia clients to skip hostname checking. #22

[ChiaMineJP]

The PR has been merged. Thank you!

[ChiaMineJP]

I'll release v3.0.1-beta in several days. Please test that version whether it resolves your problem. Thank you for patience!

[ChiaMineJP]

I've just release chia-agent@3.0.1-beta.0 Could you install it by npm i chia-agent@3.0.1-beta.0 or yarn add chia-agent@3.0.1-beta.0 and check whether it works?

Please note that I added the option to control whether to skip hostname check or not.

const agent = new RPCAgent({service: "full_node", skip_hostname_verification: true});

Read more here: https://github.com/Chia-Mine/chia-agent/blob/v3.0.1/src/rpc/README.md

Thank you.