Closed chriswatrous closed 5 years ago
mefellows
commented
6 years ago Thanks for the report.
Check out this thread: https://github.com/pact-foundation/pact-node/issues/93
We spawn a Ruby process under the hood which also needs to know about this.
If the trick there works for you, I'll get it added to our docs
bethesque
commented
6 years ago This should be fixed soon, when we move the pact fetching code into the ruby. Or at least, you'll only have to specify one of the cert vars. Maybe the js code can set the appropriate ruby env vars if the node ones are set?
rev42
commented
6 years ago @chriswatrous did you manage to get it work?
I've got the same issue using the latest version of pact
bethesque
commented
6 years ago You'll need to set the appropriate environment variables for publishing https://github.com/pact-foundation/pact-ruby-standalone/releases#pact-broker-client
mefellows
commented
6 years ago @rev42 have you tried any of the approaches in this thread: pact-foundation/pact-node#93 ? What have you tried so far?
rev42
commented
6 years ago Yeah, I read pact-foundation/pact-node#93 and it gave us some hints.
We came to an ugly solution but it works and it's fine with us for now.
First we disabled SSL from node side:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
Then we had to comment 2 lines related to SSL_CERT_FILE from node_modules/@pact-foundation/pact-node/standalone/linux-x64-1.54.3/lib/bin/ruby_environment file in order to bypass the message "certificate verify failed" from http.rb
That's clearly not what the best way to handle it. The easy way would have been to get a valid certificate but our partner didn't want to make the move.
bethesque
commented
6 years ago You should be able to just download the certificate from the server and set it as the trusted cert. https://superuser.com/questions/97201/how-to-save-a-remote-server-ssl-certificate-locally-as-a-file
stale[bot]
commented
5 years ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
mstelz
commented
5 years ago What worked for me:
To publish with pact-node or pact-js do the following:
Download your certificate chain that your broker is using. If pulled right out of chrome you will most likely have .cer files.
For example:
Convert those .cer files to .crt files by doing:
$ openssl x509 -inform DER -in root.cer -out root.crt$ openssl x509 -inform DER -in intermediate.cer -out intermediate.crt$ openssl x509 -inform DER -in ssl_certificate.cer -out ssl_certificate.crtThen for ruby to recognize it properly it must be a bundle, so let's bundle these together similar to the ca-bundle.crt
$ cat root.crt intermediate.crt ssl_certificate.crt > ca-bundle.crtNow within your javascript you must set the SSL_CERT_FILE that the standalone mentions. Make sure the certPath variable resolves to the correct path:
const path = require("path");
const publisher = require("@pact-foundation/pact-node");
const certPath = path.resolve(__dirname, "../ca-bundle.crt");
console.log(certPath);
process.env.SSL_CERT_FILE = certPath;
const opts = {
providerBaseUrl: "/",
pactFilesOrDirs: [path.resolve(process.cwd(), "pacts")],
pactBroker: "<your_https_broker_url>",
consumerVersion: "1.0.0"
};
publisher.publishPacts(opts).then(() => console.log("Pacts successfully published"));Thanks @mstelz. As you've discovered, the hard work is always extracting and prepping the full certificate chain. Appreciate your response here though!
03ayush
commented
4 years ago @mstelz thank you for the solution it worked for me locally in my js project but when i tried publishing the pact files onto the pact broker as a part of the build it is again failing for me
Error making request - OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed
do you have any idea related to this..
Software versions
Expected behaviour
When the pact broker uses a self-signed certificate, I should still be able to call it by setting
or
where pactbroker.crt contains the certificate used by the pact broker.
Actual behaviour
By setting either of those environment variables I can call the pact broker using request-promise but when I call
publishPactsI getSteps to reproduce
publishPactsto use those files.pactBrokeroption ofpublishPactsto any site with a self-signed certificate, such as https://self-signed.badssl.com/.publishPacts.