feat: detect and report self-signed certificate error in tls connections (#236)

Liam-Tait · Copilot · web-flow · commit b29adb6c6a90 · 2025-10-02T12:59:08.000+02:00
* feat: provide friendly error message for self-signed certificate in TLS connection error

* Update index.js

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
Signed-off-by: Liam Tait &lt;Liam-Tait@users.noreply.github.com&gt;

* Update index.js

Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
Signed-off-by: Liam Tait &lt;Liam-Tait@users.noreply.github.com&gt;

* remove custom error message for self signed cert in chain

* test: add handling for SELF_SIGNED_CERT_IN_CHAIN error in Redis connection

* use single quotes

---------

Signed-off-by: Liam Tait &lt;Liam-Tait@users.noreply.github.com&gt;
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/index.js b/index.js
@@ -93,6 +93,11 @@ function fastifyRedis (fastify, options, next) {
       onEnd(err)
       return
     }
+    if (err.code === 'SELF_SIGNED_CERT_IN_CHAIN') {
+      // This error is not recoverable because ioredis will never be able to connect to the server unless the user changes the TLS options.
+      onEnd(err)
+      return
+    }
 
     // Swallow network errors to allow ioredis
     // to perform reconnection and emit 'end'
diff --git a/test/index.test.js b/test/index.test.js
@@ -405,6 +405,36 @@ test('catch .ping() errors', async (t) => {
   await t.assert.rejects(fastify.ready(), new Redis.ReplyError('ping error'))
 })
 
+test('Should propagate SELF_SIGNED_CERT_IN_CHAIN error', async (t) => {
+  t.plan(1)
+
+  const fastify = Fastify()
+  t.after(() => fastify.close())
+
+  const fastifyRedis = proxyquire('..', {
+    ioredis: function Redis () {
+      this.ping = () => {
+        const error = new Error('self signed certificate in certificate chain')
+        error.code = 'SELF_SIGNED_CERT_IN_CHAIN'
+        return Promise.reject(error)
+      }
+      this.quit = () => {}
+      this.info = cb => cb(null, 'info')
+      this.on = function () {
+        return this
+      }
+      this.off = function () { return this }
+
+      return this
+    }
+  })
+  fastify.register(fastifyRedis)
+
+  const error = new Error('self signed certificate in certificate chain')
+  error.code = 'SELF_SIGNED_CERT_IN_CHAIN'
+  await t.assert.rejects(fastify.ready(), error)
+})
+
 setInterval(() => {
   whyIsNodeRunning()
 }, 5000).unref()
