vercel
Sending fatal alert BadCertificate
Verify canary release
- [X] I verified that the issue exists in the latest Turborepo canary release.
Link to code that reproduces this issue
https://gist.github.com/gerardo-lima-moonfare/b8b75ea2337d8662edaf7d2a8ae5a599
What package manager are you using / does the bug impact?
npm
What operating system are you using?
Mac
Which canary version will you have in your reproduction?
Describe the Bug
The following message is shown in many situations:
WARNING Sending fatal alert BadCertificate
Expected Behavior
No message about BadCertificate.
To Reproduce
npm install turbo@canary -g turbo completion bash > /dev/null
shows: WARNING Sending fatal alert BadCertificate
Additional context
I use self-signed certificates.
This is likely related to:
- https://github.com/vercel/turbo/issues/7364
- https://github.com/vercel/turbo/discussions/7317
Is the issue just that the warning is noisy or is it preventing usage of the remote cache?
hey, @chris-olszewski, I'm not using remote cache, so I'm not sure. Either way, a bad certificate error is enough to make some security folks worried. Is there a way to avoid it?
Thank you, @chris-olszewski, the message is gone 🎉 I believe, though, I'll have the same issues if/when I start using remote cache. I checked some web references and this seems to be related to a Rust library that does not use system certificates. I hope this might be useful to other people. cheers
We should already be including system certificates. I think the issue might be that there's a certificate being used that the HTTP client doesn't approve of. Still haven't found where in the stack this warning is getting thrown.
The message itself comes from a Rust library, as I found it in a plain Rust context, unrelated to turborepo.