aframe icon indicating copy to clipboard operation
aframe copied to clipboard

Published 20 hours ago verified publisher icon aframevr

Self Signed SSL error

Open arch1v1st opened this issue 3 years ago • 8 comments

On Windows 10, after installing the latest OpenSSL v3, npm run start:https resulted in this error:

node:events:505
      throw er; // Unhandled 'error' event
      ^

Error: RSA PRIVATE KEY not found from openssl output:
---stdout---
-----BEGIN PRIVATE KEY-----
...

Basically the output text from OpenSSL seems to have changed, hence the self signed cert cannot be parsed. A quick hackish fix for this is a one line change to node_modules/pem/lib/pem.js, line 77:

FROM: openssl.exec(params, 'RSA PRIVATE KEY', function (sslErr, key) {

TO:
openssl.exec(params, 'PRIVATE KEY', function (sslErr, key) {

After that, it starts right up and is useable on my VR Headset now that it has SSL in place for WebXR. Hopefully this saves someone else some time too! :)

  • v1.3
  • Windows 10
  • OpenSSL v3.05 (Lite) installed from https://slproweb.com/products/Win32OpenSSL.html

arch1v1st avatar Jul 28 '22 21:07 arch1v1st

weird. FWIW It's working for me on macOS (11.4). I haven't installed OpenSSL manually. Using whatever comes with the system.

I don't remember having to install anything on Windows. What made you install OpenSSL v3.05 (Lite)?

dmarcos avatar Jul 29 '22 21:07 dmarcos

I don't know if it can be of any help, I had a similar issue in https://github.com/networked-aframe/naf-janus-adapter/pull/27 with the ssh-keygen command not producing the correct "RSA PRIVATE KEY" on Ubuntu 20.04 (openssh-client 1:8.2p1-4ubuntu0.5) compared to Ubuntu 18.04 (openssh-client 1:7.6p1-4ubuntu0.7) where it was working properly. To fix it I had to specify the -m pem param to force producing the "RSA PRIVATE KEY" kind instead of the "OPENSSH PRIVATE KEY" kind generated by default in newer ssh-keygen included in the openssh-client package.

vincentfretin avatar Jul 30 '22 06:07 vincentfretin

pem is a dependency of budo, the live server aframe use with npm run start:https. pem is spawning the openssl command to generate the certificate. You need to see which params it uses to generate the certificate, maybe there is a parameter missing to correctly generate the "RSA PRIVATE KEY" kind.

pem 1.15.0 has a "Support OPENSSL v3.0.0 & more" entry in the changelog https://github.com/Dexus/pem/blob/master/HISTORY.md

If you remove your package-lock.json node_modules and npm install, or run npm upgrade, to get the latest pem version, does it fix your issue?

vincentfretin avatar Jul 30 '22 06:07 vincentfretin

The issue is tracked in https://github.com/Dexus/pem/issues/316 it seems that "openssl genrsa ..." is behaving differently on openssl 3.0 which is the default also on Ubuntu 22.04.

vincentfretin avatar Jul 30 '22 07:07 vincentfretin

@vincentfretin Thanks so much for the info. At what level we should fix this? pem?

dmarcos avatar Aug 01 '22 18:08 dmarcos

Yes pem, or remove pem dependency by removing budo and all browserify dependencies replacing it by newer alternatives like webpack or vite. ;-) I don't have an issue on Ubuntu 22.04 with webpack auto-generated certificate to have a https dev server. I have lots of experience with webpack, FYI I completely updated networked-aframe build, tests stack and dev server to latest webpack and karma/chai/sinon, I removed all trace of browserify. If you are interested, I can work on it and create a PR for aframe.

vincentfretin avatar Aug 02 '22 07:08 vincentfretin

Thanks, no plans to replace build system for now. We can perhaps figure out a more surgical solution

dmarcos avatar Aug 02 '22 10:08 dmarcos

I see there's a fix for pem but has not made it into a release.

An option would be fork pem apply the fix and override the dependency (just learnt about override)

{
  "overrides": {
    "pem": "url/to/github/fork"
  }
}

dmarcos avatar Aug 02 '22 10:08 dmarcos