this module doesn't work on Azure/Windows

[Larochelle]

I like what you did here, but having some pains in getting it to work in my scenario. Did you get a Skill approve with this library?

I've been trying to deploy my Skill on Azure as that is our prefered platform.

Getting some issues, as openssl-cert-tools does a spawn('openssl', And we can't start a process in an Azure Web App

So I replaced openssl-cert-tools with https://github.com/Southern/node-x509 to validate the certificate. The validation works locally, but node-x509 uses node-gyp, and that comes with it's own pains: http://stackoverflow.com/questions/19039842/node-js-app-with-node-gyp-fails-to-deploy-on-azure-website

At this point, I'm going to try the Docker on a linux VM deployment option, but I'm getting close to going the Lambda passthrough way like most people seem to do.

[mreinstein]

@Larochelle my Alexa skill is still in review, though the last 3 submission attempts haven't come back with any complaints about lacking validation. Once my skill is released I'll send an official PR to alexa-app

If you can use lambda, you should. It's a lot easier (and cheaper) than having to host the skill on your own web server(s)

[mreinstein]

my skill was approved using this module to handle the request validation. open to a pull request that makes this more windows friendly.

[navzam]

Having similar issues with openssl-cert-tools. Have you considered using pem instead? I got a Skill running and verifying on Azure this way, with minimal changes to alexa-verifier. pem also lets you set the path to openssl, which can be helpful.

[mreinstein]

Have you considered using pem instead?

I have not, but I'm open to a PR as long as it doesnt break things for the linux world. :)

[mreinstein]

there may also be some overlap with https://github.com/mreinstein/alexa-verifier/pull/7 but I'm still awaiting responses from @martijnthe

[martijnthe]

At the surface, the pem module looks more useful than openssl-cert-tools, in particular the methods to check a certificate chain. If you're considering switching over to that, also consider this bug: https://github.com/mreinstein/alexa-verifier/issues/6 At a glance, it looks like the pem module provides the methods needed to fix that bug.

[navzam]

Yeah, I just noticed issue #6. The pem module does include the function

pem.verifySigningChain(certificate, ca, callback)

which is likely what you need.

[navzam]

I have most of this ready, but I'll wait for PR #7 because there are some relevant changes there.

[mreinstein]

@navzam sorry this took so long. I just pushed https://github.com/alexa-js/alexa-verifier/commit/e0716135cbeb0eafdf7180b62f34db0c9cbe0af9 which includes most of the logic from #7.

Let me know if you need anything else to complete the PR

[rayone]

I'm experiencing issues with OpenSSL and Azure; are there any known work arounds? Error: write EPIPE at exports._errnoException (util.js:1026:11) at Socket._writeGeneric (net.js:706:26) at Socket._write (net.js:725:8) at doWrite (_stream_writable.js:307:12) at writeOrBuffer (_stream_writable.js:293:5) at Socket.Writable.write (_stream_writable.js:220:11) at Socket.write (net.js:651:40) at Object.getCertificateInfo (D:\home\site\wwwroot\verifySign\node_modules\openssl-cert-tools\lib\information.js:90:18) at validateCert (D:\home\site\wwwroot\verifySign\node_modules\alexa-verifier\index.js:38:16) at D:\home\site\wwwroot\verifySign\node_modules\alexa-verifier\index.js:26:5.

[mreinstein]

@rayone this is the error that opened this issue (also see #3). @navzam you mentioned possibly having a PR that would fix this. the fixes from #7 are now integrated, ready for a solution.

[rayone]

I'm using the release from "a day ago" and still experiencing the issue.

[mreinstein]

@rayone this issue is still open. That means the problem you've encountered hasn't been fixed yet. Waiting for a PR from Nafis to fix this.

[navzam]

@mreinstein Great. I'll have to do some testing, will keep you updated

[mreinstein]

@navzam @rayone @martijnthe

https://github.com/alexa-js/alexa-verifier/pull/12 was just merged, which should solve the problem of this not working on Azure/Windows. Closing this, but please let me know if this doesn't solve the problem.

Great work @cnadeau picking this up and seeing it through!

[navzam]

@mreinstein Seems okay on Azure/Windows now, but I'll let you know if I run into issues after more testing.

So is node-forge not using OpenSSL at all?

[mreinstein]

@navzam I believe node-forge is a pure javascript implementation of many of these certificate algorithms, yes.