Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow unsafely-ignore-certificate-errors in repl #12542

Closed
kghenderson opened this issue Oct 25, 2021 · 6 comments · Fixed by #13045
Closed

allow unsafely-ignore-certificate-errors in repl #12542

kghenderson opened this issue Oct 25, 2021 · 6 comments · Fixed by #13045
Labels
cli related to cli/ dir feat new feature (which has been agreed to/accepted) good first issue Good for newcomers help wanted community help requested

Comments

@kghenderson
Copy link

Hi all,
I'm using the deno repl to test & build out my application.
The --unsafely-ignore-certificate-errors flag works when using deno run but not for deno repl.
I assume this is expected, but I don't have an easy way to test my get calls to this server that's outside of my control.

Perhaps there could be (or already is) a way to configure this option from inside the repl and/or using a configuration file?
@kghenderson
Copy link
Author

I'll add that I attempted to download the cert in question and use the DENO_CERT environment variable, but while that got me past an 'UnknownIssuer' error, I then get a 'CertNotValidForName' error. Not sure if I'm missing something or if there's another way for it to be recognized - i.e. it's likely that globally registering the cert would result in the same error if the DENO_CERT isn't working.

@kitsonk kitsonk added cli related to cli/ dir feat new feature (which has been agreed to/accepted) labels Oct 25, 2021
@bartlomieju
Copy link
Member

This seems reasonable and I'm surprised this flag is not available to deno repl subcommand. PRs are welcome!

@kitsonk kitsonk added the help wanted community help requested label Oct 26, 2021
@lucacasonato
Copy link
Member

lucacasonato commented Nov 3, 2021
edited

@kghenderson To diagnose the root cause: CertNotValidForName means that the CN (common name) or the SAN (subject alternative name) in the certificate does not match the domain name of the service you are trying to connect to. For example a certificate that is issued for example.com is not valid when you try to connect to localhost.

@bartlomieju bartlomieju added the good first issue Good for newcomers label Dec 1, 2021
@VishnuJin
Copy link
Contributor

hey guys,
I'd like to work on this, would be great if you could provide some hints for implementation !!

@bartlomieju
Copy link
Member

@VishnuJin cool, here's a rough plan of what needs to be done:

Changes to cli/flags.rs:

  • extract definition of unsafely-ignore-certificate-errors into a helper function unsafely_ignore_ceritifcate_errors_arg
  • use this function in permission_args() and repl_subcommand()
  • extract parsing of unsafely-ignore-certificate-errors in permissions_args_parse() to unsafely_ignore_certificate_errors_parse
  • use this function in permissions_args_parse() and repl_parse()
  • add some tests :)

@VishnuJin VishnuJin mentioned this issue Dec 10, 2021
Merged
@VishnuJin
Copy link
Contributor

@kghenderson could you give this PR #13045 a try to see if the issue is resolved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cli related to cli/ dir feat new feature (which has been agreed to/accepted) good first issue Good for newcomers help wanted community help requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(repl): add --unsafe-ignore-certificate-errors flag VishnuJin/deno
5 participants
@kitsonk @kghenderson @lucacasonato @bartlomieju @VishnuJin