systemjs-tools icon indicating copy to clipboard operation
systemjs-tools copied to clipboard

Published 20 hours ago verified publisher icon alexisvincent

custom cert support (fix deep merge)

Open kwesterfeld opened this issue 7 years ago • 7 comments

I want to do something like this in my systemjs-tools.js:

var fs = require('fs');

  module.exports.config.serve.keys = {
    key: fs.readFileSync('localhost.key'),
    cert: fs.readFileSync('localhost.crt'),
    ca: fs.readFileSync('localhost.key'),
  }

This way, I can customize the localhost key which is being served from some project that does not supply a localhost key with Subject Alternative Names set. When I do this, the file is corrupted by the lib/config processing with merge/conform somehow, causing the cert to become stringified instead of being passed to spdy.createServer() as Buffer form.

kwesterfeld avatar May 22 '17 18:05 kwesterfeld

For the next couple of weeks I'm unable to work on the systemjs ecosystem, I'm in the middle of an exam period. I can suggest using the api instead as a workaround. Don't know why you are getting this?

Thanks for the work you have done on this project though! Appreciate the input!

alexisvincent avatar May 22 '17 18:05 alexisvincent

It's no problem on the timing here. It is a nuisance that the localhost certs we all used until a couple weeks ago with Chrome could be trusted, but now Chrome refuses to allow trust for a cert that does not have Subject Alternative Name set.

I am debugging why systemjs-tools is clobbering the cert, as it looks like the config is loaded properly, but when the call goes into config#getConfig, and then eventually merge(), the Buffer is stringified when it should be left alone.

kwesterfeld avatar May 22 '17 18:05 kwesterfeld

The problem is in the deepmerge library. It does not understand that instances of Uint8Array should probably not be touched.

kwesterfeld avatar May 22 '17 18:05 kwesterfeld

Looks like I can make an easy fix on the caller-side, but this took a lot of digging on my part so please fix this eventually. What I did was to specify config of the keys as String, not Uint8Array, which deepmerge handles properly.

  module.exports.config.serve.keys = {
    key: fs.readFileSync('localhost.key', 'utf-8'),
    cert: fs.readFileSync('localhost.crt', 'utf-8'),
    ca: fs.readFileSync('localhost.key', 'utf-8'),
  }

kwesterfeld avatar May 22 '17 18:05 kwesterfeld

sure, definitely needs to be fixed! Thanks for looking into this. I'll replace/(send PR to) deep merge when I get a chance to dive in to this lib again.

alexisvincent avatar May 22 '17 19:05 alexisvincent

Since I migrated from jspm-dev-server, and there was a handy one-liner on that project's README.md, I'm going to create a handy one-liner to fix the Subject Alternative Name thing, and specify this type of config to this project's README.md. Look for a PR on that.

kwesterfeld avatar May 22 '17 19:05 kwesterfeld

@kwesterfeld Awesome 👍 Thanks

alexisvincent avatar May 22 '17 19:05 alexisvincent