Bun: self signed certificate in certificate chain

[Ivan-Baranov]

Describe the bug

Bun 1.1.17: error SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain Node 20.15.0: all ok

Code example

// https://storage.yandexcloud.net/cloud-certs/RootCA.pem
const ca_cert = Buffer.from(`
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
`)

createClient({
    url: 'https://rc1b-fake.mdb.yandexcloud.net:8443/',
    tls: { ca_cert },
})

Configuration

Environment

• Client version: @clickhouse/client 1.2.0
• Language version: Bun.js 1.1.17
• OS: Microsoft Windows NT 10.0.19045.0 x64

ClickHouse server

• ClickHouse Server version: Yandex Cloud ClickHouse (ver. 24.5.3.5)

[slvrtrn]

Node 20.15.0: all ok

We do not officially support Bun.

From the Bun's docs, its Node.js https support is incomplete.

🟢 APIs are implemented, but Agent is not always used yet.

This also looks similar to this issue: https://github.com/oven-sh/bun/issues/10642

You could try using the web version (@clickhouse/client-web) instead; however, there is no explicit TLS configuration yet (the agent option in Fetch exists only in Node.js), but maybe with fetch, it will not be required to provide the root ca.

If you know a workaround for the HTTPS Agent on the Bun platform, you could try providing a custom agent like it is described here: https://clickhouse.com/docs/en/integrations/language-clients/javascript#custom-httphttps-agent-experimental-nodejs-only (see the "Using a custom HTTPS Agent with mutual TLS" part in particular), but if it's simply not used, that won't help either.