denofn / denopack

The bundling and minification toolset, made for Deno
https://denopack.mod.land
MIT License
99 stars 8 forks source link

[BUG] Installation error in Deno 1.5.x: CertNotValidForName #37

Open quaos opened 4 years ago

quaos commented 4 years ago

Describe the bug When trying to install latest denopack v0.10.0 in Deno 1.5.0 and 1.5.2, the installation failed with error CertNotValidForName

Screenshots

$ deno --version
deno 1.5.2 (71d7482, release, x86_64-apple-darwin)
v8 8.7.220.3
typescript 4.0.5

$ deno run --allow-run --allow-read https://x.nest.land/denopack@0.10.0/install.ts
Check https://x.nest.land/denopack@0.10.0/install.ts
Download https://lr4vbhbl66orzg7pmpep4hflo5kmcvpd4jgwsz6uch5hvv4xproa.arweave.net/XHlQnCv3nRyb72PI_hyrd1TBVePiTWln1BH6eteXfFw/deps.ts
Download https://unpkg.com/rollup@2.26.11/dist/es/rollup.browser.js
Download https://unpkg.com/rollup@2.26.11/dist/rollup.d.ts
...
Download https://lr4vbhbl66orzg7pmpep4hflo5kmcvpd4jgwsz6uch5hvv4xproa.arweave.net/XHlQnCv3nRyb72PI_hyrd1TBVePiTWln1BH6eteXfFw/plugin/deps.ts
Download https://cdn.dreg.dev/package/@rollup/pluginutils@4.0.0
Sending fatal alert BadCertificate
error: error sending request for url (https://cdn.dreg.dev/package/@rollup/pluginutils@4.0.0): error trying to connect: invalid certificate: CertNotValidForName
    at https://lr4vbhbl66orzg7pmpep4hflo5kmcvpd4jgwsz6uch5hvv4xproa.arweave.net/XHlQnCv3nRyb72PI_hyrd1TBVePiTWln1BH6eteXfFw/plugin/deps.ts:1:0
error: Uncaught (in promise) AssertionError: Failed to install plugin dependencies.
    throw new AssertionError(msg);
          ^
    at assert (asserts.ts:156:11)
    at install.ts:63:1

However, when browsing to the URL: https://cdn.dreg.dev/package/@rollup/pluginutils@4.0.0, the browser shows certificate as valid.

Desktop (please complete the following information):

Checklist

lucacasonato commented 4 years ago

cc @mrkurt. I have been seeing the same for x.lcas.dev. Also hosted on fly.io - something up with your provisioned TLS certificates recently?

mrkurt commented 4 years ago

Whoah that's weird. I'll check.

mrkurt commented 4 years ago

@lucacasonato @quaos this is only happening with Deno? I can't get fetch("https://cdn.dreg.dev/package/@rollup/pluginutils@4.0.0") or fetch("https://x.lcas.dev") to do it in 1.5.2, and curl works from all the cities I've tried.

If you get this again, will you run curl -D - -o /dev/null -sS -v https://cdn.dreg.dev and paste the output here? I am curious if curl also fails. Both of these domains have current certificates (issued in October).

quaos commented 4 years ago

@lucacasonato @quaos this is only happening with Deno? I can't get fetch("https://cdn.dreg.dev/package/@rollup/pluginutils@4.0.0") or fetch("https://x.lcas.dev") to do it in 1.5.2, and curl works from all the cities I've tried.

If you get this again, will you run curl -D - -o /dev/null -sS -v https://cdn.dreg.dev and paste the output here? I am curious if curl also fails. Both of these domains have current certificates (issued in October).

Here:

*   Trying 50.31.246.247...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x66b150)
* Connected to cdn.dreg.dev (50.31.246.247) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: D:\Programs\curl-7.64.1-win64-mingw\bin\curl-ca-bundle.crt
  CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2354 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=cdn.dreg.dev
*  start date: Oct 19 12:09:42 2020 GMT
*  expire date: Jan 17 12:09:42 2021 GMT
*  subjectAltName: host "cdn.dreg.dev" matched cert's "cdn.dreg.dev"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x66b150)
} [5 bytes data]
> GET / HTTP/2
> Host: cdn.dreg.dev
> User-Agent: curl/7.64.0
> Accept: */*
>
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [81 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 4294967295)!
} [5 bytes data]
< HTTP/2 404
< content-length: 0
< date: Sat, 14 Nov 2020 16:07:39 GMT
< server: Fly/dd3da43 (2020-11-13)
< via: 2 fly.io
<
{ [0 bytes data]
* Connection #0 to host cdn.dreg.dev left intact