x509 Issues downloading electron - behind corporate proxy

[jeeftor]

I'm using app-builder (via electron-builder) so I'm not sure where to submit a bug request.

I'm behind a corporate firewall using self-signed certificates. Is there a way to pass in a custom certificate via environment so that this error will go away:

⨯ Get https://github-production-release-asset-2e65be.s3.amazonaws.com/9384267/6e845480-b4d5-11e8-9663-1856684e7cf5?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20180911%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20180911T135523Z&X-Amz-Expires=300&X-Amz-Signature=d4a4176b1532a316db82e34058e8c00169423291e49809bae1f1db0a30ffd6d6&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Delectron-v2.0.9-darwin-x64.zip&response-content-type=application%2Foctet-stream: x509: certificate signed by unknown authority

github.com/develar/app-builder/pkg/download.(*Downloader).follow.func1 /Users/develar/go/src/github.com/develar/app-builder/pkg/download/downloader.go:167 github.com/develar/app-builder/pkg/download.(*Downloader).follow /Users/develar/go/src/github.com/develar/app-builder/pkg/download/downloader.go:200 github.com/develar/app-builder/pkg/download.(*Downloader).Download /Users/develar/go/src/github.com/develar/app-builder/pkg/download/downloader.go:75 github.com/develar/app-builder/pkg/electron.(*ElectronDownloader).doDownload /Users/develar/go/src/github.com/develar/app-builder/pkg/electron/electronDownloader.go:191 github.com/develar/app-builder/pkg/electron.(*ElectronDownloader).Download /Users/develar/go/src/github.com/develar/app-builder/pkg/electron/electronDownloader.go:171 github.com/develar/app-builder/pkg/electron.downloadElectron.func1.1 /Users/develar/go/src/github.com/develar/app-builder/pkg/electron/electronDownloader.go:71 github.com/develar/app-builder/pkg/util.MapAsyncConcurrency.func2 /Users/develar/go/src/github.com/develar/app-builder/pkg/util/async.go:67 runtime.goexit /usr/local/Cellar/go/1.10.3/libexec/src/runtime/asm_amd64.s:2361

I currently do have the vars: SL_CERT_DIR and SSL_CERT_FILE set correctly.

(If this is an electron-builder issue and not an app-builder issue i apologize).

[redanium]

Hi, I was facing the same problem. Browsing the source code, it shows that the developer made a function to handle the proxy, func NewDownloader() *Downloader { return NewDownloaderWithTransport(&http.Transport{ Proxy: util.ProxyFromEnvironmentAndNpm, MaxIdleConns: 64, MaxIdleConnsPerHost: 64, IdleConnTimeout: 30 * time.Second, }) }

I've set the environment variables and npm config for the proxy and it's works perfectly. Hope it'll help you.

[slhultgren]

This issue is back on Windows since it seems the x509.SystemCertPool() is broken on Windows (see https://github.com/golang/go/issues/16736). This means that for Windows we end up ignoring all the other CAs known by the system. The issue was introduced in this pull: https://github.com/develar/app-builder/pull/28 If I manually change to return &tls.Config{ RootCAs: nil, } in downloader.go:getTlsConfig() it will start to work for me on Windows again. But of course this ignores the NODE_EXTRA_CA_CERTS variable... I'm not a Go expert so I don't know how to properly get a RootCA that contains all known system CAs on Windows (RootCAs = nil will let TLS use those somehow), but I'll try to look into it. If anyone knows more about this I'd be grateful.

Currently this is a big issue stopping our builds unless we do the "workaround" above.