hackjutsu / Lepton

💻 Democratizing Snippet Management (macOS/Win/Linux)
https://hackjutsu.com/Lepton
MIT License
10.14k stars 475 forks source link

"SELF_SIGNED_CERT_IN_CHAIN" error behind self-signed SSL network #250

Open vaderj opened 6 years ago

vaderj commented 6 years ago

The more we know about your system and use case, the more easily and likely we can help.

Environment info

Description of the problem / feature request / question:

No version of Lepton has never logged in to GitHub for me. I have deleted the C:\Users\\AppData\Roaming\Lepton\ folder multiple times - it has zero effect

If possible, provide a sample gist or screenshot:

image

If possible, provide the log files

2017-12-12T22.45.02.250Z.log

SilverBut commented 6 years ago

The last line of this log shows the reason:

{"code":"SELF_SIGNED_CERT_IN_CHAIN"}

Which means while the application is trying to access github.com, it found a improper cert chain.

You need to check if your network is running normally. Or, in a easy way, curl -nvL https://github.com and check if cert is okay.

hackjutsu commented 6 years ago

Thanks for reporting. I'll follow up in the coming week.

hackjutsu commented 6 years ago

It looks like you are running Lepton behind a corporate network that interjects a self-signed SSL certificate. The GitHub auth server refuses to exchange the auth code with the access token when it sees "unknown" certificate is used.

This is an interesting issue, I'll do some research on this topic. Stay tuned.

vaderj commented 6 years ago

I have tried troubleshooting the following:

npm install npm -g --ca=null npm config set ca=""

Neither command had any effect on Leptop logging in.

As far as certificates go, I have about 150 self signed certificates, all for specific domains, none of which are for github. I guess I am not familiar with the authentication process - why is Lepton not using the cert issued by Github and instead digging up one of my locally installed certs?

hackjutsu commented 6 years ago

@vaderj

To be honest, I don't know. I don't have the environment to reproduce the issue so that I can learn more about it. Lepton simply forwards the auth code to GitHub servers and exchange for the access token. It doesn't have specific logic to decide which cert to use. The {"code":"SELF_SIGNED_CERT_IN_CHAIN"} error is reported by the GitHub server side.

https://github.com/hackjutsu/Lepton/blob/master/app/utilities/githubApi/index.js#L23

I would like to learn more about it if someone knows about this topic.

marvinbelfort commented 4 years ago

Not working yet. Someone managed to bypass this?

mgrebenets commented 4 years ago

@marvinbelfort The best I could do so far is this shell alias:

alias lepton='NODE_TLS_REJECT_UNAUTHORIZED=0 /Applications/Lepton.app/Contents/MacOS/Lepton'

Then I can just run it in terminal as lepton& or just lepton and keep the terminal tab open, or there are other ways.

Ideally though, Lepton should allow turning of SSL verification or specifying self-signed certs in ~/.leptonrc or accept the Chromium's --ignore-certificate-errors. Or I don't know, trust the certs if they are marked "always trust" in OS X keychain 🤷‍♂️

SilberMa commented 4 years ago

Any solution for windows?

What about the recommendation from @mgrebenets?

I really want to use the tool behind a company proxy.

mgrebenets commented 4 years ago

Windows comes with PowerShell built-in these days If I'm not mistaken. So should be very similar if not identical way to launch Lepton from PowerShell console, only the application path would be different.

ditori1976 commented 4 years ago

Had the same issue. Spent ages trying to find the error and solution for a windows machine in a company network. Thanks for pointing this direction. For windows my solution was:

>doskey lepton=c:\path_to_dir\Lepton.exe
> set NODE_TLS_REJECT_UNAUTHORIZED=0

Starting from cmd by simply typing "lepton" made it work like a charm :-)

CliffJumper commented 3 years ago

The method from @mgrebenets of setting the NODE_TLS_REJECT_UNAUTHORIZED worked for a similar problem I was having doing npm install on an electron project.

Doesn't this compromise security, however? You're basically allowing ANY Man-In-The-Middle with a self-signed, invalid cert to work.

mikecharles commented 3 years ago

Any interest in adding an option in ~/.leptonrc to accept self-signed certificates?

xieshuaix commented 3 years ago

Launching the app with NODE_TLS_REJECT_UNAUTHORIZED=0 raises error: Failed: undefined, any chance of fixing this issue?

ciprianbalan commented 2 years ago

Had the same issue. Spent ages trying to find the error and solution for a windows machine in a company network. Thanks for pointing this direction. For windows my solution was:

>doskey lepton=c:\path_to_dir\Lepton.exe
> set NODE_TLS_REJECT_UNAUTHORIZED=0

Starting from cmd by simply typing "lepton" made it work like a charm :-)

It works also for me. Many thanks ditori1976