-
Notifications
You must be signed in to change notification settings - Fork 615
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 BUG: Custom HTTPS certificate is considered expired if it's older than 30 days #5964
Labels
bug
Something that isn't working
Comments
threepointone
added a commit
that referenced
this issue
Jun 15, 2024
Fixes #5964 For `wrangler dev`, we don't have to check whether certificates have expired when they're provided by the user.
Good catch, thanks for the repro! #6051 |
Merged
renovate bot
added a commit
to Johannes-Andersen/Johannes
that referenced
this issue
Jun 18, 2024
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [wrangler](https://togithub.com/cloudflare/workers-sdk) ([source](https://togithub.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler)) | [`3.60.3` -> `3.61.0`](https://renovatebot.com/diffs/npm/wrangler/3.60.3/3.61.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/wrangler/3.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/wrangler/3.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/wrangler/3.60.3/3.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/wrangler/3.60.3/3.61.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>cloudflare/workers-sdk (wrangler)</summary> ### [`v3.61.0`](https://togithub.com/cloudflare/workers-sdk/blob/HEAD/packages/wrangler/CHANGELOG.md#3610) ##### Minor Changes - [#​5995](https://togithub.com/cloudflare/workers-sdk/pull/5995) [`374bc44`](https://togithub.com/cloudflare/workers-sdk/commit/374bc44cce65e2f83f10452122719d3ab28827b3) Thanks [@​petebacondarwin](https://togithub.com/petebacondarwin)! - feat: allow Durable Object migrations to be overridable in environments By making the `migrations` key inheritable, users can provide different migrations for each wrangler.toml environment. Resolves [#​729](https://togithub.com/cloudflare/workers-sdk/issues/729) ##### Patch Changes - [#​6039](https://togithub.com/cloudflare/workers-sdk/pull/6039) [`dc597a3`](https://togithub.com/cloudflare/workers-sdk/commit/dc597a38218b428141c55c4e65633953c87ed180) Thanks [@​petebacondarwin](https://togithub.com/petebacondarwin)! - fix: hybrid nodejs compat now supports requiring the default export of a CJS module Fixes [#​6028](https://togithub.com/cloudflare/workers-sdk/issues/6028) - [#​6051](https://togithub.com/cloudflare/workers-sdk/pull/6051) [`15aff8f`](https://togithub.com/cloudflare/workers-sdk/commit/15aff8f6e6ce533f25495193e702a6bec76fa81c) Thanks [@​threepointone](https://togithub.com/threepointone)! - fix: Don't check expiry dates on custom certs Fixes [cloudflare/workers-sdk#5964 For `wrangler dev`, we don't have to check whether certificates have expired when they're provided by the user. - [#​6052](https://togithub.com/cloudflare/workers-sdk/pull/6052) [`b4c0233`](https://togithub.com/cloudflare/workers-sdk/commit/b4c02333829c2312f883e897f812f9877dba603a) Thanks [@​threepointone](https://togithub.com/threepointone)! - chore: Add `.wrangler` and `.DS_Store` to `.gitignore` generated by `wrangler init` This commit adds a small QOL improvement to `init` (to be deprecated in the future), for those who still use this wrangler command. - [#​6050](https://togithub.com/cloudflare/workers-sdk/pull/6050) [`a0c3327`](https://togithub.com/cloudflare/workers-sdk/commit/a0c3327dd63059d3e24085a95f48f8a98605c49f) Thanks [@​threepointone](https://togithub.com/threepointone)! - chore: Normalize more deps This is the last of the patches that normalize dependencies across the codebase. In this batch: `ws`, `vitest`, `zod` , `rimraf`, `@types/rimraf`, `ava`, `source-map`, `glob`, `cookie`, `@types/cookie`, `@microsoft/api-extractor`, `@types/mime`, `@types/yargs`, `devtools-protocol`, `@vitest/ui`, `execa`, `strip-ansi` This patch also sorts dependencies in every `package.json` - [#​6029](https://togithub.com/cloudflare/workers-sdk/pull/6029) [`f5ad1d3`](https://togithub.com/cloudflare/workers-sdk/commit/f5ad1d3e562ce63b59f6ab136f1cdd703605bca4) Thanks [@​threepointone](https://togithub.com/threepointone)! - chore: Normalize some dependencies in workers-sdk This is the first of a few expected patches that normalize dependency versions, This normalizes `undici`, `concurrently`, `@types/node`, `react`, `react-dom`, `@types/react`, `@types/react-dom`, `eslint`, `typescript`. There are no functional code changes (but there are a couple of typecheck fixes). - [#​6046](https://togithub.com/cloudflare/workers-sdk/pull/6046) [`c643a81`](https://togithub.com/cloudflare/workers-sdk/commit/c643a8193a3c0739b33d3c0072ae716bc8f1565b) Thanks [@​threepointone](https://togithub.com/threepointone)! - chore: Normalize more dependencies. Follow up to [cloudflare/workers-sdk#6029, this normalizes some more dependencies : `get-port`, `chalk`, `yargs`, `toucan-js`, `@typescript-eslint/parser`, `@typescript-eslint/eslint-plugin`, `esbuild-register`, `hono`, `glob-to-regexp`, `@cloudflare/workers-types` - [#​6058](https://togithub.com/cloudflare/workers-sdk/pull/6058) [`31cd51f`](https://togithub.com/cloudflare/workers-sdk/commit/31cd51f251050b0d6db97857a8d1d5427c855d99) Thanks [@​threepointone](https://togithub.com/threepointone)! - chore: Quieter builds This patch cleans up warnings we were seeing when doing a full build. Specifically: - fixtures/remix-pages-app had a bunch of warnings about impending features that it should be upgraded to, so I did that. (tbh this one needs a full upgrade of packages, but we'll get to that later when we're upgrading across the codebase) - updated `@microsoft/api-extractor` so it didn't complain that it didn't match the `typescript` version (that we'd recently upgraded) - it also silenced a bunch of warnings when exporting types from `wrangler`. We'll need to fix those, but we'll do that when we work on unstable_dev etc. - workers-playground was complaining about the size of the bundle being generated, so I increased the limit on it - [#​6043](https://togithub.com/cloudflare/workers-sdk/pull/6043) [`db66101`](https://togithub.com/cloudflare/workers-sdk/commit/db661015d37ce75c021413e3ca7c4f0488790cbc) Thanks [@​threepointone](https://togithub.com/threepointone)! - fix: avoid esbuild warning when running dev/bundle I've been experimenting with esbuild 0.21.4 with wrangler. It's mostly been fine. But I get this warning every time ▲ [WARNING] Import "__INJECT_FOR_TESTING_WRANGLER_MIDDLEWARE__" will always be undefined because there is no matching export in "src/index.ts" [import-is-undefined] .wrangler/tmp/bundle-Z3YXTd/middleware-insertion-facade.js:8:23: 8 │ .....(OTHER_EXPORTS.__INJECT_FOR_TESTING_WRANGLER_MIDDLEWARE__ ?? []), ╵ This is because esbuild@0.18.5 enabled a warning by default whenever an undefined import is accessed on an imports object. However we abuse imports to inject stuff in `middleware.test.ts`. A simple fix is to only inject that code in tests. - [#​6062](https://togithub.com/cloudflare/workers-sdk/pull/6062) [`267761b`](https://togithub.com/cloudflare/workers-sdk/commit/267761b3f5a60e9ea72067d42302895f9d459460) Thanks [@​WalshyDev](https://togithub.com/WalshyDev)! - fix: typo in `wrangler d1 execute` saying "Databas" instead of "Database" - [#​6064](https://togithub.com/cloudflare/workers-sdk/pull/6064) [`84e6aeb`](https://togithub.com/cloudflare/workers-sdk/commit/84e6aeb189a4f385c49b7c6d451d0613186b29be) Thanks [@​helloimalastair](https://togithub.com/helloimalastair)! - fix: Wrangler is now able to upload files to local R2 buckets above the 300 MiB limit - Updated dependencies \[[`a0c3327`](https://togithub.com/cloudflare/workers-sdk/commit/a0c3327dd63059d3e24085a95f48f8a98605c49f), [`f5ad1d3`](https://togithub.com/cloudflare/workers-sdk/commit/f5ad1d3e562ce63b59f6ab136f1cdd703605bca4), [`31cd51f`](https://togithub.com/cloudflare/workers-sdk/commit/31cd51f251050b0d6db97857a8d1d5427c855d99)]: - miniflare@3.20240610.1 - [@​cloudflare/kv-asset-handler](https://togithub.com/cloudflare/kv-asset-handler)[@​0](https://togithub.com/0).3.3 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/Johannes-Andersen/Johannes). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MTAuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQxMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJ0eXBlL2RlcGVuZGVuY2llcyJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Which Cloudflare product(s) does this pertain to?
Wrangler core
What version(s) of the tool(s) are you using?
3.58.0 [Wrangler]
What version of Node are you using?
22.2.0
What operating system and version are you using?
Arch Linux
Describe the Bug
Observed behavior
When trying to use a custom HTTPS certificate with wrangler dev, it fails with "Custom Certificate is invalid" if the certificate file is modified more than 30 days ago. This is because the hasCertificateExpired function just looks at the file modification time to determine if the certificate is expired. While this way of checking might make sense to determine if the generated certificate should be generated, it doesn't make sense to do a check like this for a certificate provided with the
--https-cert-path
option.Expected behavior
Rather than checking the modification time of the file, it should parse the actual certificate and extract the expiration date. Alternatively just use the certificate without checking the expiry time, because it's up to the client to check that.
Steps to reproduce
Please provide a link to a minimal reproduction
No response
Please provide any relevant error logs
No response
The text was updated successfully, but these errors were encountered: