Open jordan-burnett opened 5 years ago
Jordan,
Which version of OpenSSL are you using? You can find out by opening a SSL prompt and type version
The version of OpenSSL on my mac shows as LibreSSL 2.2.7
We have seen the same issue with other people using LibreSSL, but not yet with OpenSSL. Is there any way you can switch to OpenSSL to test whether this is the culprit?
I've given it a go, but unfortunately still seem to be seeing the same error.
I've switched to OpenSSL so that the version is now showing as OpenSSL 1.0.2p 14 Aug 2018
Doing a clean install of the module, and regenerating and pairing keys still results in Error: { error: 'Invalid signature' }
Jordan, thank you for the feedback. Let us do some investigation and we'll get back with you.
I have the same issue on localhost and on AWS.
Any progress on this, please? I have the same issue :/ I’m unable to make it work.
We just pushed a new version of the client that fixes this issue. Please clone the latest version and let us know if you have any issues with it.
Under root directory run the following:
npm run setup
npm install
Thank you.
you didn't publish on npm, so we can't pull the changes.
@pieterpoorthuis what happened? Invalid signatures can often be causes for serious concern — can we get a post-mortem?
The request library (v2.88.0 https://www.npmjs.com/package/request/v/2.88.0) caused the 'invalid signatures'. v2.87.0 works correctly.
There are tons of changes from v2.87 -> v2.88. We are still looking for the exact cause, but for now we decided to stick to the latest functioning request library (v2.87.0)
I have same problem on mac use OpenSSL, I have tried on new version of library, same issue.
Started to experience this same issue. Bitpay's prod endpoint seems to work fine but test.bitpay.com
returns "Invalid signature". Any clue or solution?
cc/ @thejoshualewis @pieterpoorthuis
@gabmontes We were having the same issue. test.bitpay.com always returned "Invalid signature" but production worked fine.
It seems the issue was the port 443 was in the URL which is added to the signature.
Apparently the server is verifying the signature expecting the URL part to not have :443
in it. When it is removed the request is successful.
I came up with a hack to remove :443
from _dataToSign
but it's not ideal.
I'm attempting to follow the installation instructions, I can generate a keypair and pair with the server correctly, however when I attempt to make the first request using:
./node_modules/bitpay-rest/bin/bitpay.js request -T merchant -X post -R invoices -P '{"price": 1, "currency": "USD"}'
I receive:
Error: { error: 'Invalid signature' }
I get the same error when calling from the CLI, or when copying and pasting the code in the 'module' section of the readme.
Doing some debugging I can see that the error response is coming from calling
GET: https://test.bitpay.com:443/tokens
and the string being signed is simply:https://test.bitpay.com:443/tokens
I'm unsure how to debug this further. This is from a clean install, copying and pasting instructions from the readme.