undici icon indicating copy to clipboard operation
undici copied to clipboard

Published 20 hours ago verified publisher icon nodejs

fetch() ignores the "custom CA search paths" of node

Open bewue opened this issue 1 year ago • 6 comments

Bug Description

If you need to add a custom CA, you seem to have 3 possible solutions, but only the 3rd (not recommended) worked for me. For solution 1 and 2 i have placed my custom CA certificate at the according locations.

  1. --use-openssl-ca
  2. NODE_EXTRA_CA_CERTS
  3. NODE_TLS_REJECT_UNAUTHORIZED

Reproducible By

Place your custom CA certificate at the according locations. Try solution 1 or 2 and fetch() to an endpoint with an certificate which was signed by an unknown CA. The following "unprecise" error message will be thrown: TypeError: fetch failed

Expected Behavior

fetch() should use the same "custom CA search paths" like node itself

Environment

node v18.17.0 Ubuntu 22.04

bewue avatar Jul 28 '23 12:07 bewue

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.

mcollina avatar Jul 28 '23 13:07 mcollina

The following "unprecise" error message will be thrown: TypeError: fetch failed

More info should be in error.cause, but keep note many error parsers do not process that property.

silverwind avatar Aug 13 '23 09:08 silverwind

That "unprecise" error is mandated by the spec.

mcollina avatar Aug 13 '23 10:08 mcollina

Can you support NODE_EXTRA_CA_CERTS?

sigorilla avatar May 20 '24 11:05 sigorilla

PRs are welcomed. I don't see why they are not working as it is.

mcollina avatar May 20 '24 11:05 mcollina