Proxy Bypass works but doesn't send client certificates along since v1.28

[dwiyatci]

I have checked the following:

• [X] I use the newest version of bruno.
• [X] I've searched existing issues and found nothing related to my issue.

Describe the bug

When I upgraded to v1.28, I thought it would be fixed in v1.29, but it's still broken somehow. 😞 I downgraded back to v1.27 and it worked there. Note that I didn't change anything except upgrading (and downgrading) Bruno version - so something must have changed between these versions that breaks the behavior. See screenshots for v1.29.0 vs. v1.27.0.

Actually, is there a way to check/inspect whether the client cert is really appended in the request?

.bru file to reproduce the bug

No response

Screenshots/Live demo link

❌ v1.29.0

---

✅ v1.27.0

[mjhcorporate]

This is strange. Client certificates still work for me on 1.28 and 1.29 (I am on MacOS).

What kind of certificates are you using? What is your bruno.json? Can you include your .bru file?

For me, I am using X509 certificates in the PEM format. This is how I configured them:

The relevant section in my bruno.json is

  "clientCertificates": {
    "enabled": true,
    "certs": [
      {
        "domain": "localhost",
        "certFilePath": "{{certBasePath}}/.my-awesome-enterprise-service-client.crt",
        "keyFilePath":  "{{certBasePath}}/.my-awesome-enterprise-service-client.key",
        "passphrase": ""
      }
    ]
  }

[dwiyatci]

My certs are also in the PEM format and I'm also on macOS. I've checked my bruno.json - nothing changed there, and I've verified the cert paths are valid - if they weren't, I believe they wouldn't work when I downgraded to v1.27.0 without changing anything 😬

"clientCertificates": {
  "enabled": true,
  "certs": [
    {
      "domain": "apiGatewayUrl1.com",
      "type": "cert",
      "certFilePath": "../../../../../domain1/crt.pem",
      "keyFilePath": "../../../../../domain1/key.pem",
      "passphrase": ""
    },
    {
      "domain": "apiGatewayUrl2.com",
      "type": "cert",
      "certFilePath": "../../../../../domain2/crt.pem",
      "keyFilePath": "../../../../../domain2/key.pem",
      "passphrase": ""
    }
  ]
},

Actually, is there a way to check/inspect whether the client cert is really appended in the request?

Quoting myself above, is there a way to debug it?

[mjhcorporate]

Hmm... That looks like it should work. I don't know of a way to check if the certificates were applied. I also checked the "history" tab of the golden edition, but it does not say anything about the certificates.

[dwiyatci]

Hmm ok. Would be nice if it could be inspected (seems to me like Error 401 signifies that the cert is not sent along with the request somehow). Also, not sure if it's got something to do with absolute vs. relative paths reported in https://github.com/usebruno/bruno/issues/3090 because my collection resides in OneDrive folder and the cert resides outside of the folder - but I don't believe so. Or is it symlink-related stuff? Meh. Thing is, it's working in v1.27.0! 😂

In your bruno.json above, certBasePath is an envVar, right? And what's the value of it? I mean, is it an absolute or a relative path?

[mjhcorporate]

After some digging we found that it was the following issue:

• global proxy configured: request should go through localhost:3128
• bypass configured for the-domain.com
  • this worked successfully, the proxy was not called for the request to the-domain.com
• client-cert configured for the-domain.com
  • bug: the client cert is not sent!

Removing the proxy configuration allowed the user to continue. However, the fact that the client certificate is not picked up correctly is a bug, in my opinion.

[dwiyatci]

Yep, the proxy bypass works but doesn't seem to send the client cert along. And I can confirm my request works after turning off my global proxy settings in v1.29.0.