search

github / gh-migration-analyzer

MIT License
64 stars 21 forks source link

node-fetch - failed, reason: self signed certificate in certificate chain #18

Closed emeraldleaf closed 1 year ago

emeraldleaf commented 1 year ago

When I run: node src/index.js GH-org -o SUSS -s

I get the following error: FetchError: request to failed, reason: self signed certificate in certificate chain at ClientRequest. (C:\gh-migration-analyzer\node_modules\node-fetch\lib\index.js:1491:11)
at ClientRequest.emit (node:events:526:28) at TLSSocket.socketErrorListener (node:_http_client:442:9) at TLSSocket.emit (node:events:526:28) at emitErrorNT (node:internal/streams/destroy:157:8) at emitErrorCloseNT (node:internal/streams/destroy:122:3) at processTicksAndRejections (node:internal/process/task_queues:83:21) {

slenguyen commented 1 year ago

Thanks for the report! Is your GHES instance using a self-signed certificate?

emeraldleaf commented 1 year ago

Our GHES instance is using a certificate that is signed with an internal CA

On Wed, Mar 1, 2023 at 1:13 PM Sarah LeNguyen @.***> wrote:

Thanks for the report! Is your GHES instance using a self-signed certificate?

— Reply to this email directly, view it on GitHub https://github.com/github/gh-migration-analyzer/issues/18#issuecomment-1450787122, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABJHMHRCSIXFRKKMIMHYNFLWZ6UUXANCNFSM6AAAAAAVMLAPEI . You are receiving this because you authored the thread.Message ID: @.***>

slenguyen commented 1 year ago

Understood! This project is being very lightly maintained, and that's not something we're likely to add support for. I think the issue is coming from node-fetch, and some Googling around seems to indicate you might be able to bypass the error by setting an env variable: export NODE_TLS_REJECT_UNAUTHORIZED='0'.

emeraldleaf commented 1 year ago

I did try a number of possible fixes including export NODE_TLS_REJECT_UNAUTHORIZED='0'. I also think the issue is coming from node-fetch. It looks to me like a Custom Agent needs to be used to support a self-signed certificate.

slenguyen commented 1 year ago

We'd be happy to take a look at a patch if you're open to giving it a shot.

emeraldleaf commented 1 year ago

Yes, I'm definitely open to testing a patch.

slenguyen commented 1 year ago

To be clear, we won't prioritize patching this, but if someone else wrote and patch, we'd be happy to take a look and consider merging. I'll leave this issue open in case someone else is open to writing a patch.