How to allow DEPTH_ZERO_SELF_SIGNED_CERT?

[Blankeos]

Description

When I try to introspect using a url that has a self-signed HTTPS SSL. It seems to throw the DEPTH_ZERO_SELF_SIGNED_CERT error code. I have tried it on HTTP, it works. So I can definitely rule out that self-signed HTTPS is the problem.

For context, I need it to be on HTTP mainly because I'm making an application that uses geolocation and those features are not activated when I'm on HTTP on the frontend. I also can't have just HTTPS on the frontend while querying an HTTP API on fetch. Both need to be on HTTPS to communicate.

https://192.168.x.x:4001/docs/json
✨ openapi-typescript 6.7.4
node:internal/deps/undici/undici:11576
    Error.captureStackTrace(err, this);
          ^

TypeError: fetch failed
    at Object.fetch (node:internal/deps/undici/undici:11576:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)       
    at async load (file:///C:/Users/carlo/Downloads/Projects/ruta-svelte/node_modules/.pnpm/openapi-typescript@6.7.4/node_modules/openapi-typescript/dist/load.js:65:25)        
    at async openapiTS (file:///C:/Users/carlo/Downloads/Projects/ruta-svelte/node_modules/.pnpm/openapi-typescript@6.7.4/node_modules/openapi-typescript/dist/index.js:58:5)   
    at async generateSchema (file:///C:/Users/carlo/Downloads/Projects/ruta-svelte/node_modules/.pnpm/openapi-typescript@6.7.4/node_modules/openapi-typescript/bin/cli.js:94:18)
    at async main (file:///C:/Users/carlo/Downloads/Projects/ruta-svelte/node_modules/.pnpm/openapi-typescript@6.7.4/node_modules/openapi-typescript/bin/cli.js:170:5) {        
  cause: Error: self-signed certificate
      at TLSSocket.onConnectSecure (node:_tls_wrap:1600:34)
      at TLSSocket.emit (node:events:517:28)
      at TLSSocket._finishInit (node:_tls_wrap:1017:8)
      at ssl.onhandshakedone (node:_tls_wrap:803:12) {
    code: 'DEPTH_ZERO_SELF_SIGNED_CERT'
  }
}

Node.js v18.18.0

Name	Version
openapi-typescript	^6.7.4
Node.js	18.18.0
OS + version	Windows 11

Reproduction

I don't have a repo. But for my case, the fastest is to simply create an https://elysiajs.com/ project and attach the swagger plugin. Then configure TLS like so:

  .listen({
    port: 4001,
    cert: Bun.file("cert.pem"),
    key: Bun.file("key.pem"),
  });

I'll try to make one really quickly if you do need it.

Expected result

Generate as usual.

Checklist

• My OpenAPI schema passes the Redocly validator (npx @redocly/cli@latest lint)
• I’m willing to open a PR (see CONTRIBUTING.md)

[Blankeos]

✅ Solved

Closing this since it's a duplicate of #907

Someone actually already answered it: #907 (comment). I wasn't able to make it work at first because I was on Windows but running a .sh file. Which means it's actually still using the Linux/Mac bash syntax. That means I could've been using export instead of set when inside a bash file.

I've also updated my shell script like so:

# scripts/openapi-generate.sh

PUBLIC_API_URL=$(dotenv -p PUBLIC_API_URL)

# Arg$1: The public api url.
if [ -z "$PUBLIC_API_URL" ]; then
 echo "Please specify PUBLIC_API_URL in the .env file."
 exit 1
fi

echo "🔑 Disabling NODE_TLS_REJECT_UNAUTHORIZED to allow introspecting HTTPS API."
export NODE_TLS_REJECT_UNAUTHORIZED=0

openapi-typescript $PUBLIC_API_URL -o src/lib/types/openapi.d.ts

// package.json

{
	"name": "my-app",
	"scripts": {
		"generate": "sh scripts/openapi-generate.sh"
	}
	"devDependencies": {
		"dotenv-cli": "^7.3.0"
	}
}

Result: