search

sapcc / juno

Monorepo for the Juno microfrontend framework, microfrontend apps, design system and component library
Apache License 2.0
5 stars 3 forks source link

[Juno CI]: Problems with jspm cert #444

Closed hgw77 closed 2 weeks ago

hgw77 commented 8 months ago

in asset-server build there is a problem with the download step

[generate_importmap]::downloadFile: error with url: https://ga.jspm.io/npm:react-dom@18.2.0/index.js.map
node:internal/process/promises:288
            triggerUncaughtException(err, true /* fromPromise */);
            ^

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: ga.jspm.io. is not in the cert's altnames: DNS:*.rbxcdn.com, DNS:*.cachefly.net, DNS:rbxcdn.com
    at new NodeError (node:internal/errors:405:5)
    at Object.checkServerIdentity (node:tls:337:12)
    at TLSSocket.onConnectSecure (node:_tls_wrap:1610:27)
    at TLSSocket.emit (node:events:517:28)
    at TLSSocket._finishInit (node:_tls_wrap:1017:8)
    at ssl.onhandshakedone (node:_tls_wrap:803:12) {
  reason: "Host: ga.jspm.io. is not in the cert's altnames: DNS:*.rbxcdn.com, DNS:*.cachefly.net, DNS:rbxcdn.com",
  host: 'ga.jspm.io',
hgw77 commented 8 months ago

there was a problem at jspm

https://github.com/jspm/project/issues/311

but something is now broken in our asset-server image

hgw77 commented 8 months ago 
openssl s_client -connect ga.jspm.io:443 | openssl x509 -text -noout
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
verify return:1
depth=0 CN = ga.jspm.io, O = "Cachenetworks, LLC", L = Chicago, ST = Illinois, C = US
verify return:1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:69:35:f9:be:b1:a3:ab:90:81:69:25
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
        Validity
            Not Before: Aug 30 16:11:02 2023 GMT
            Not After : Sep 30 16:11:01 2024 GMT
        Subject: CN = ga.jspm.io, O = "Cachenetworks, LLC", L = Chicago, ST = Illinois, C = US
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
ArtieReus commented 8 months ago

Fixed adding a retry on the DonwloadFile method which fetch the packages from jsmp. See commit:

We should observe if JSPM can or will fix the issue: https://github.com/jspm/project/issues/311