Hello,
We're trying to use Node.js (and Mocha) as a testing framework to test API
calls against an internal server over https.
We're using the following node modules: Mocha, Restify, and Should to perform
these tests.
When we run mocha testFileName.js, the major error we get back is:
[2013-06-19 14:16:28.105] [ERROR] console - FAIL: Received error! [Error:
UNABLE_TO_VERIFY_LEAF_SIGNATURE]
Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
at SecurePair.<anonymous> (tls.js:1283:32)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:896:10)
at CleartextStream.read [as _read] (tls.js:430:15)
at CleartextStream.Readable.read (_stream_readable.js:320:10)
at EncryptedStream.write [as _write] (tls.js:344:25)
at doWrite (_stream_writable.js:219:10)
at writeOrBuffer (_stream_writable.js:209:5)
at EncryptedStream.Writable.write (_stream_writable.js:180:11)
at write (_stream_readable.js:573:24)
at flow (_stream_readable.js:582:7)
at Socket.pipeOnReadable (_stream_readable.js:614:5)
at Socket.EventEmitter.emit (events.js:92:17)
at emitReadable_ (_stream_readable.js:408:10)
at emitReadable (_stream_readable.js:404:5)
at readableAddChunk (_stream_readable.js:165:9)
at Socket.Readable.push (_stream_readable.js:127:10)
at TCP.onread (net.js:511:21)
After searching google and stackexchange it would seem that we have a
certificate problem. From there we installed internal CA 'public' cert, as well
as the instance specific certifications that our app is using (there are
multiple redirects to get through), to /usr/local/etc/openssl/certs, legacy:
/System/Library/Keychains/X509Anchors, /Library/Keychains/System.keychain, as
well as in Keychain through the gui to our login and System keychains. However,
we're still not getting anywhere.
Before installing the certs in these places, we couldn't 'curl' our site
without certificate errors on command-line; however, with them installed now we
get no errors, but node still explodes.
We've tried multiple versions of Node, OpenSSL, as well as varying installation
methods including downloading the package vs. using homebrew.
Computer Information:
Mac OS X 10.8.4 (Also tried with 10.8.3)
Node v0.8.18 (Also tried with: Node v0.10.11, v0.10.12)
OpenSSL v1.0.1e (Also tried with 0.9.8)
Brainstorming Questions:
Does Node.js use its own (bundled) version of OpenSSL instead of what's
installed on the local machine?
If that's the case, where is it looking for certificates?
Could the TLS.js be telling Node to look elsewhere for certs?
Is there a pragmatic approach to overwriting the the certificates used; it
appears there might be options we can use like this:
var options = {
ca: fs.readFileSync("[path to our CA cert file]"),
requestCert: true,
rejectUnauthorized: true
};
var req = https.request(options, function(res) {
...
});
But this generates our same error.
Any help would be greatly appreciated,
Stephen
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
