[Bug]: 'setCertificateVerifyProc()' is ignored when the HTTP request is sent from a 'utility' process using 'net.fetch()' on Windows and MacOS

[thomas-jakemeyn]

Preflight Checklist

• [x] I have read the Contributing Guidelines for this project.
• [x] I agree to follow the Code of Conduct that this project adheres to.
• [x] I have searched the issue tracker for a bug report that matches the one I want to file, without success.

Electron Version

32.1.2

What operating system(s) are you using?

Other (specify below)

Operating System Version

MacOS Sonoma, Windows 11, Debian (Docker)

What arch are you using?

Other (specify below)

Last Known Working Electron version

No response

Expected Behavior

I have developed some tests to validate the behaviour of net.fetch() / fetch() on Windows, MacOS and Linux when sending HTTP(S) requests from the main process, from a renderer process and from a utility process. More specifically, I wanted to check the integration with the OS network settings and trust store when dealing with web proxies and self-signed certificates. See @hackolade/fetch for more details about my approach.

I expected net.fetch() / fetch() to behave consistently whatever the process and the operating system.

Actual Behavior

When using setCertificateVerifyProc() in order for net.fetch() / fetch() to consider valid a certificate authority file provided by the user (but not installed in the trust store of her/his OS), I observed the following:

• On Linux, the certificate verification procedure that I set is invoked for all processes: main, renderer and utility. As a consequence, the application can reach the server that uses a self-signed certificate.
• On MacOS and Windows, the certificate verification procedure that I set is not invoked for the utility process. As a consequence, the application fails to reach the server that uses a self-signed certificate from that process.

So how am I supposed to deal with that case?

Note that I created a separate issue for the problem with the 'login' event: see #44249.

Testcase Gist URL

https://github.com/hackolade/fetch/tree/develop

Additional Information

No response

[codebytere]

@thomas-jakemeyn could you please create a standalone sample for this issue specifically? Linking your full fetch repo still requires we make assumptions and introduces extra margin for error in triage.

[thomas-jakemeyn]

Hello @codebytere, For reproducing this problem, you need more than just a Electron application. You also need to start a server that uses a self-signed certificate.

That's exactly what my repository contains. It provides a containerised environment where you can easily reproduce the problem using those instructions: [APP] Test connection involving a self-signed certificate