Strict SSL is not correctly passed

[schlamar]

strict-ssl is disabled in npm config

>npm config get strict-ssl
false

However this is not passed to electron-download as you are reading only the environment variable (process.env.npm_config_strict_ssl).

But even SET npm_config_strict_ssl=0 does not work. Environment variables are always a string (at least on Windows) and electron-download is explicitly checking for a boolean (opts.strictSSL === false).

Update: After reading the commit message from 880efd8, I'm not sure about my analysis. However, I'm getting an SSL error on install:

> electron-prebuilt@0.36.7 postinstall D:\Apps\Node\node_modules\electron-prebuilt
> node install.js

Downloading electron-v0.36.7-win32-ia32.zip
Error: SSL Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE

[mds5000]

I'm having the same issue.

I instrumented electron-download to print process.env and see that process.env.npm_config_strict_ssl is not set.

>npm config get strict-ssl
false

npm_config_sign_git_tag: '',
npm_config_ssl_strict: '',
npm_config_strict_ssl: '',
npm_config_tag: 'latest',

Perhaps this is an issue with npm?

[ungoldman]

I believe this is related to #75

[mds5000]

@ngoldman, yes, and a duplicate of #67.

npm does not appear to set Boolean env flags to false, only to 'true' or ''. I verified this:

> npm config set strict-ssl false
> npm config get strict-ssl
false

produces:

...
npm_config_strict_ssl: '',
...

While,

> npm config set strict-ssl true
> npm config get strict-ssl
true

produces:

...
npm_config_strict_ssl: 'true',
...

[schlamar]

npm does not set the environment value at all on my system (Windows 7, Node 4.2.4, npm 3.5.3).

Please see my comment here: #75 (comment)

[mramato]

I just opened #97 to fix this once and for all. Hopefully someone can review and merge it soon.