Upgrading from 4.0.3971 to 4.0.4704 causes SSL certs to not be served when running locally (Mac)

[boylec]

I'm on Mac.

I have 2 machines and I upgraded core tools on one of those machines and SSL certs stopped being served up.

Running my function app using the following used to serve up web requests using SSL just fine.

func start --useHttps --cert ./ssl/localhost/development.pfx --password <redacted> --verbose

Once I upgraded from 4.0.3971 to 4.0.4704 it broke. I confirmed this using a separate Mac as well.

Requesting cert from function app (for me: localhost:7071)

Requesting cert from another local HTTP server terminated by TLS (for me: localhost:3000) - this is just to prove that this process of cert discovery works using Mac's Keychain app with a known good.

See compare of 4.0.3971 to 4.0.4704 - not sure where the regression is: https://github.com/Azure/azure-functions-core-tools/compare/4.0.3971...4.0.4704

From Chrome (just visiting a URL directly)

From Postman:

From cURL:

From openssl:

From wireshark (You'll notice the Fatal error 70 on the TLS request that should've been the server hello of the TLS handshake:

Anyone have any ideas on what has broken SSL termination when running from localhost on Mac? ~~I have not been able to roll back Azure Function Core Tools to a previous version using Homebrew so I'm basically prevented from doing any development right now because we rely on TLS working in our local dev environments.~~ See post below for what I did to temporarily roll back using Homebrew and restore SSL functionality.

[boylec]

FYI for anyone that needs to temporarily revert using homebrew to 4.0.3971 (which fixes the problem for me temporarily) the following is a bash one liner.

DISCLAIMER: I made this and it worked for me but I haven't tested it in depth so use at your own risk.

Basically it just gets the brew repository location, replaces the formula for azure-functions-core-tools@4 temporarily with the old one (from here), installs runs brew install again which should use this rolled back formula, and then puts the original (newer) formula back in place after that install completes.

brew unlink azure-functions-core-tools@4; FULLPATH=$(find $(brew --repository) -name [email protected]); FILENAME=$(basename $FULLPATH); FILEPATH=$(dirname $FULLPATH); mv $FULLPATH "$FILEPATH/[email protected]"; curl -s https://raw.githubusercontent.com/Azure/homebrew-functions/6475c63523c768eae7ffce0597cc7c4ae8cae490/Formula/azure-functions-core-tools%404.rb > "$FILEPATH/[email protected]"; brew install azure-functions-core-tools@4; mv $FULLPATH "$FILEPATH/[email protected]"; mv "$FILEPATH/[email protected]" $FULLPATH

Run func --version after this to ensure you're now on 4.0.3971.

After this running brew info azure-functions-core-tools@4 shows that you now have 2 versions but you should be linked to 4.0.3971.