Closed kraenhansen closed 6 years ago
I think we need a mechanism to add certificates prior to open a Realm. The current API is primarily design with batch processing in mind, and Realm Studio is an interactive app.
This probably also hits React Native users of Realm JS, that might want to test their app over HTTPs with a ROS running on their developer machine.
Yes, and they will have it even hard since it is not easy to copy the certificate to the file system. Maybe a cookbook recipe is what we need.
I think Electrons API (and the API offered by Realm JS when using OpenSSL) is valuable: A handler that I can pass along to the session, which will get called when certificate validation fails. The handler gets called with a description of the certificate (issuer, subject, fingerprint, etc.) and callback that I can call to tell if the certificate should be trusted or not.
Closing this, since an improvement to the API could still be valuable, but strictly not needed as certificate errors can be catched and controlled using https://github.com/electron/electron/blob/master/docs/api/app.md#event-certificate-error
Goals
I would like to allow users of Studio to connect to ROS served via an SSL connection that uses an untrusted self-signed certificate (but show a warning when they do that).
This is currently supported by the sync client (via the
validate_ssl
,ssl_trust_certificate_path
andopen_ssl_verify_callback
options) but the requests issued while authenticatingRealm.Sync.User.login(
uses the native fetch API with a fallback to thenode-fetch
package.Expected Results
I expect that
open_ssl_verify_callback
.node-fetch
module) I would expect an error thrown if I attempt to use the API in the above way, with a link to an explanation on why Realm JS cannot support this on the environment that I am at. I don't know of any such environments - Electron, RN and Node could all use thenode-fetch
module.Bonus: It would be awesome if the native fetch API could be used whenever possible, because this integrates nicely with the developer tools on the platform, specifically the Chrome developer console when developing for Electron.
Actual Results
When authenticating against ROS using a self-signed certificate I get:
POST https://localhost:9443/auth net::ERR_INSECURE_RESPONSE
in the Chrome console and theTypeError: Failed to fetch
error thrown.Steps to Reproduce
Realm.Sync.User.login(
on a platform that has thefetch
api available (React Native or Electron).Version of Realm and Tooling