Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

10.10.0 introduced issues with self signed certificates in chain for connection with dashboard api. #24298

Closed
Jenson3210 opened this issue Oct 18, 2022 · 8 comments · Fixed by #24370
Assignees

Comments

@Jenson3210
Copy link

Current behavior

We're seeing this on connection to dashboard api.
We have self signed corporate certificates in between.
In 10.10.0 I get

We encountered an unexpected error talking to our servers.
We will retry 3 more times in 30 seconds...
The server's response was:
RequestError: Error: self signed certificate in certificate chain
We encountered an unexpected error talking to our servers.
...(retries logged)

Also https.get('https://api.cypress.io/', res => console.log(res.statusCode)) works (I get same 404 as browser) via regular node terminal (added company certificates through NODE_EXTRA_CA_CERTS env variable)

When our vpn is disabled (hence no man-in-middle self signed corporate certificates) it is working fine.

Desired behavior

In 10.9.0 everything is fine and self signed certificates are validated by own CA.

Test code to reproduce

I could work on an example.
But just doing a https call in startup of tests towards dashboard is failing.
So startup icw dashboard api link on company netwrok with self signed certificates

Cypress Version

10.10.0

Node version

v16.15.0

Operating System

MacOS 12.6

Debug Logs

No response

Other

No response

@mschile
Copy link
Contributor

mschile commented Oct 21, 2022

@Jenson3210, thanks for opening this issue. Starting with Cypress 10.10.0, we are now verifying the dashboard cert for API calls from the app. I believe you'll need to either set NODE_OPTIONS=--use-openssl-ca or add the self-signed certs with the NODE_EXTRA_CA_CERTS env variable.

@Jenson3210
Copy link
Author

Jenson3210 commented Oct 21, 2022

@mschile both options I tried. As mentioned, https.get('https://api.cypress.io/', res => console.log(res.statusCode)) is working fine in node “terminal” because I added self-signed cert’s through NODE_EXTRA_CA_CERTS env variable.

@Jenson3210
Copy link
Author

Sorry for closing (phone issue)

@siglp
Copy link

siglp commented Oct 21, 2022

We have the same problem. Our test ENV is behind transparent proxy :-(.

We encountered an unexpected error talking to our servers.
We will retry 3 more times in 30 seconds...
The server's response was:
RequestError: Error: self signed certificate in certificate chain
We encountered an unexpected error talking to our servers.
We will retry 2 more times in 1 minute...
The server's response was:
RequestError: Error: self signed certificate in certificate chain
We encountered an unexpected error talking to our servers.
We will retry 1 more time in 2 minutes...
The server's response was:
RequestError: Error: self signed certificate in certificate chain
We encountered an unexpected error talking to our servers.
We will retry 0 more times in ...
The server's response was:
RequestError: Error: self signed certificate in certificate chain
We encountered an unexpected error talking to our servers.
The --group flag you passed was: Edge
The server's response was:
RequestError: Error: self signed certificate in certificate chain
Cypress could not execute tests
Could not find Cypress test run results
Cypress test returns exit code: 1

@mschile
Copy link
Contributor

mschile commented Oct 24, 2022

@Jenson3210, thanks for the update. I was also able to recreate the issue locally using a proxy with a self-signed cert. I will discuss with the team on how we want to proceed.

@nagash77 nagash77 assigned mschile and unassigned tgriesser Oct 24, 2022
@cypress-bot cypress-bot bot added the stage: needs review The PR code is done & tested, needs review label Oct 24, 2022
@mschile
Copy link
Contributor

mschile commented Oct 24, 2022

It appears Electron does NOT honor the NODE_EXTRA_CA_CERTS env variable.

I am going to revert the change that introduced verifying the cert until we come up with a solution that also works for self-signed certs.

@cypress-bot cypress-bot bot added stage: pending release and removed stage: needs review The PR code is done & tested, needs review labels Oct 24, 2022
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Oct 24, 2022

The code for this is done in cypress-io/cypress#24370, but has yet to be released.
We'll update this issue and reference the changelog when it's released.

@cypress-bot
Copy link
Contributor

cypress-bot bot commented Oct 25, 2022

Released in 10.11.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v10.11.0, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Oct 25, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants