Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Node.js 0.6 fails to verify https://registry.npmjs.org SSL certificate #4379

Closed
BanzaiMan opened this Issue · 10 comments

6 participants

@BanzaiMan
$ nvm use 0.6       
Now using node v0.6.21
$ npm install jslint
npm http GET https://registry.npmjs.org/jslint
npm http GET https://registry.npmjs.org/jslint
npm http GET https://registry.npmjs.org/jslint
npm ERR! Error: SSL Error: CERT_UNTRUSTED
⋮
npm ERR! System Darwin 13.0.0
npm ERR! command "node" "/Users/asari/personal/opt/nvm/v0.6.21/bin/npm" "install" "jslint"
npm ERR! cwd /Users/asari/
npm ERR! node -v v0.6.21-pre
npm ERR! npm -v 1.1.37
npm ERR! message SSL Error: CERT_UNTRUSTED
npm ERR! 
npm ERR! Additional logging details can be found in:
npm ERR!     /Users/asari/npm-debug.log
npm ERR! not ok code undefined
npm ERR! not ok code 1

Newer versions of Node.js appear to work.

@rlidwka

any thoughts about updating?

@BanzaiMan

@rlidwka We (Travis CI) at the moment support multiple Node.js versions, including 0.6, on our VMs. Users are still testing their software against 0.6.

If the 0.6 support is dropped, then we would like to know, so that we can inform our users.

Thanks.

@domenic
Collaborator

I don't believe that the npm client included with Node 0.6 contains the necessary certificates to connect to the npm registry over SSL. SSL certificates expire, as you know, and so this is simply a natural consequence of using old software to connect to SSL servers, from what I understand.

@rlidwka

0.6.21 came out on 3 Aug 2012, new certificate was generated on 24 Aug 2012, so I guess yeah you're right

@riggerthegeek

This now seems to have fixed itself

@BanzaiMan

Did anything change on the npmjs.org side?

@isaacs
Owner

Node v0.6 (and the associated npm) has not been officially supported for some time now. Node v0.6 has serious flaws that have been fixed in 0.8 and 0.10, and v0.12 will be out in a matter of weeks.

In this case, the issue is that npm 1.1 doesn't contain the CA certificates for GlobalSign, so it only trusts the npmCA certificate (which is not trusted by web browsers, and leads to many spurious "bad cert" bug reports.)

@isaacs isaacs closed this
@BanzaiMan BanzaiMan referenced this issue in travis-ci/travis-ci
Closed

Consider dropping Node.js 0.6 support #1785

@newaeonweb

I have the same issue:
npm ERR! node -v v0.6.21-pre
npm ERR! npm -v 1.1.37
npm ERR! message SSL Error: CERT_UNTRUSTED
any news on how to fixed?

@riggerthegeek

The fix was tweeted on NPM the other day

new registry uses a cert that browsers trust, but it didn't used to. if you're on
node v0.6, upgrade, or do:

npm conf set strict-ssl false

Can be seen on Twitter

If you want to put this in a Travis build, put that in the "before_install" script

@kwhinnery kwhinnery referenced this issue from a commit in twilio/twilio-node
@kwhinnery kwhinnery In v.next, we'll support only node 0.8+. 0.6 is unsupported and is ex…
…periencing problems with new npm. See also: npm/npm#4379. twilio-node still works on 0.6 but there's no reason to officially support it or include it in CI
30d201d
@kirbysayshi kirbysayshi referenced this issue from a commit in kirbysayshi/vash
@kirbysayshi kirbysayshi travisci: remove 0.6 tests per npm/npm#4379 8f74ec6
@mislav mislav referenced this issue from a commit in madrobby/zepto
@mislav mislav Use node 0.10 on Travis to avoid SSL error
Using npm with node 0.6 results in "SSL Error: CERT_UNTRUSTED":
https://travis-ci.org/madrobby/zepto/builds/16195932

See npm/npm#4379
4c456f6
@dtao dtao referenced this issue from a commit in dtao/lazy.js
@dtao dtao screw node 0.6!
In all seriousness, I've had no intention from the beginning of
supporting older browsers; so why would I bother supporting an
unsupported Node version?

Of course, the *main* reason I'm doing this is that it's failing in
Travis because of this: npm/npm#4379

Maybe that's a bad reason. In which case let me re-emphasize the first
paragraph.
d15cf2f
@isaacs
Owner

Update to a more recent release, or do npm config set ca ""

@BanzaiMan BanzaiMan referenced this issue in travis-ci/travis-build
Merged

Set strict SSL to false for node 0.6. #188

@springmeyer springmeyer referenced this issue from a commit in mapbox/node-zipfile
@springmeyer springmeyer travis: stop testing on node v0.6.x as per npm/npm#4379 82e4e17
@springmeyer springmeyer referenced this issue from a commit in mapbox/node-mbtiles
@springmeyer springmeyer travis: stop testing on node v0.6.x as per npm/npm#4379 f87835a
@ynachiket ynachiket referenced this issue in racker/node-rackspace-shared-utils
Merged

setting strict ssl to false to allow compatibilty for node 0.6 #14

@lovell lovell referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@thatmarvin thatmarvin referenced this issue from a commit in thatmarvin/express-dryroutes
@thatmarvin thatmarvin Drop 0.6 builds in Travis 935841a
@bencevans bencevans referenced this issue from a commit in bencevans/node-compact2string
@bencevans bencevans Travis Fix: npm strict-ssl=false for node v0.6 5459f96
@Mithgol Mithgol referenced this issue from a commit in Mithgol/node-fidonet-fidohtml
@Mithgol Mithgol drop support of Node.js version 0.6, see npm/npm#4379 for details 23f33ff
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.