aacerox / node-rest-client

REST API client from node.js
MIT License
377 stars 132 forks source link

HTTPS: unable to verify the first certificate error #206

Open CajunDust opened 5 years ago

CajunDust commented 5 years ago

When I try to request resources from a https server that has an own certificate (valid, not a self signed), apparrently I get an error : UNABLE_TO_VERIFY_LEAF_SIGNATURE

Details:

ERROR :  { message: 'GENERAL ERROR : unable to verify the first certificate',
  url: 'https://demo.tailorfit.eu/images/backdrop.png',
  cause:
   { Error: unable to verify the first certificate
       at TLSSocket.onConnectSecure (_tls_wrap.js:1181:34)
       at TLSSocket.emit (events.js:197:13)
       at TLSSocket.EventEmitter.emit (domain.js:446:20)
       at TLSSocket._finishInit (_tls_wrap.js:672:8)
     code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE',
    ....

I tried to create a cert file from the intermediate and domain certificate, and add it as specified on the https lib, but this does not work...

Does this client lib not support adding the "ca" to the options ? e.g.

let options = {
   connection: {
      ca: fs.readFileSync(crt_file_fullpath)
   }
}
...
 let req = client.get(url, options, function (data, response) {
    // ....
 }),

Example of our CRT file: tailorfit.txt

This works with the plain https library ! e.g. via code:

var fs = require('fs');
var https = require('https');
var options = {
   hostname: 'demo.tailorfit.eu',
   port: 443,
   path: '/images/backdrop.png',
   method: 'GET',
   ca: fs.readFileSync('tailorfit.txt')
};
var req = https.request(options, function(res) {
   res.on('data', function(data) {
       process.stdout.write(data);
   });
});
req.end();
CajunDust commented 5 years ago

ADDENDUM:

It seems that is DOES work, but ONLY when you specify this as an option on the constructor of the Client:

const Client = require('node-rest-client').Client;
....
var client = new Client({
    connection: {
        ca: fs.readFileSync('tailorfit.txt')
    }
});

...
let options = {
   // other options...
}
...
let req = client.get(url, options, function (data, response) {
    // .... no more errors !!!!
 }),

So specifying it in the options of a specific request (get/post/...) does not take into account the CA that is imported...

Joseph244 commented 5 years ago

可否给个详细的配置说面,关于https的说明一点都没有呢