Node.js 0.6 fails to verify https://registry.npmjs.org SSL certificate #4379

Closed
BanzaiMan opened this Issue Dec 24, 2013 · 10 comments

Projects

None yet

6 participants

@BanzaiMan
$ nvm use 0.6       
Now using node v0.6.21
$ npm install jslint
npm http GET https://registry.npmjs.org/jslint
npm http GET https://registry.npmjs.org/jslint
npm http GET https://registry.npmjs.org/jslint
npm ERR! Error: SSL Error: CERT_UNTRUSTED
⋮
npm ERR! System Darwin 13.0.0
npm ERR! command "node" "/Users/asari/personal/opt/nvm/v0.6.21/bin/npm" "install" "jslint"
npm ERR! cwd /Users/asari/
npm ERR! node -v v0.6.21-pre
npm ERR! npm -v 1.1.37
npm ERR! message SSL Error: CERT_UNTRUSTED
npm ERR! 
npm ERR! Additional logging details can be found in:
npm ERR!     /Users/asari/npm-debug.log
npm ERR! not ok code undefined
npm ERR! not ok code 1

Newer versions of Node.js appear to work.

@rlidwka
Contributor
rlidwka commented Dec 24, 2013

any thoughts about updating?

@BanzaiMan

@rlidwka We (Travis CI) at the moment support multiple Node.js versions, including 0.6, on our VMs. Users are still testing their software against 0.6.

If the 0.6 support is dropped, then we would like to know, so that we can inform our users.

Thanks.

@domenic
Member
domenic commented Dec 24, 2013

I don't believe that the npm client included with Node 0.6 contains the necessary certificates to connect to the npm registry over SSL. SSL certificates expire, as you know, and so this is simply a natural consequence of using old software to connect to SSL servers, from what I understand.

@rlidwka
Contributor
rlidwka commented Dec 24, 2013

0.6.21 came out on 3 Aug 2012, new certificate was generated on 24 Aug 2012, so I guess yeah you're right

@riggerthegeek

This now seems to have fixed itself

@BanzaiMan

Did anything change on the npmjs.org side?

@isaacs
Member
isaacs commented Dec 24, 2013

Node v0.6 (and the associated npm) has not been officially supported for some time now. Node v0.6 has serious flaws that have been fixed in 0.8 and 0.10, and v0.12 will be out in a matter of weeks.

In this case, the issue is that npm 1.1 doesn't contain the CA certificates for GlobalSign, so it only trusts the npmCA certificate (which is not trusted by web browsers, and leads to many spurious "bad cert" bug reports.)

@isaacs isaacs closed this Dec 24, 2013
@BanzaiMan BanzaiMan referenced this issue in travis-ci/travis-ci Dec 24, 2013
Closed

Consider dropping Node.js 0.6 support #1785

@newaeonweb

I have the same issue:
npm ERR! node -v v0.6.21-pre
npm ERR! npm -v 1.1.37
npm ERR! message SSL Error: CERT_UNTRUSTED
any news on how to fixed?

@riggerthegeek

The fix was tweeted on NPM the other day

new registry uses a cert that browsers trust, but it didn't used to. if you're on
node v0.6, upgrade, or do:

npm conf set strict-ssl false

Can be seen on Twitter

If you want to put this in a Travis build, put that in the "before_install" script

@kwhinnery kwhinnery added a commit to twilio/twilio-node that referenced this issue Dec 27, 2013
@kwhinnery kwhinnery In v.next, we'll support only node 0.8+. 0.6 is unsupported and is ex…
…periencing problems with new npm. See also: npm/npm#4379. twilio-node still works on 0.6 but there's no reason to officially support it or include it in CI
30d201d
@kirbysayshi kirbysayshi added a commit to kirbysayshi/vash that referenced this issue Dec 31, 2013
@kirbysayshi kirbysayshi travisci: remove 0.6 tests per npm/npm#4379 8f74ec6
@mislav mislav added a commit to madrobby/zepto that referenced this issue Jan 1, 2014
@mislav mislav Use node 0.10 on Travis to avoid SSL error
Using npm with node 0.6 results in "SSL Error: CERT_UNTRUSTED":
https://travis-ci.org/madrobby/zepto/builds/16195932

See npm/npm#4379
4c456f6
@dtao dtao added a commit to dtao/lazy.js that referenced this issue Jan 2, 2014
@dtao dtao screw node 0.6!
In all seriousness, I've had no intention from the beginning of
supporting older browsers; so why would I bother supporting an
unsupported Node version?

Of course, the *main* reason I'm doing this is that it's failing in
Travis because of this: npm/npm#4379

Maybe that's a bad reason. In which case let me re-emphasize the first
paragraph.
d15cf2f
@isaacs
Member
isaacs commented Jan 4, 2014

Update to a more recent release, or do npm config set ca ""

@BanzaiMan BanzaiMan referenced this issue in travis-ci/travis-build Jan 5, 2014
Merged

Set strict SSL to false for node 0.6. #188

@springmeyer springmeyer pushed a commit to mapnik/node-mapnik that referenced this issue Jan 7, 2014
Dane Springmeyer travis: stop testing on node v0.6.x as per npm/npm#4379 c2a437f
@springmeyer springmeyer pushed a commit to mapbox/node-zipfile that referenced this issue Jan 7, 2014
Dane Springmeyer travis: stop testing on node v0.6.x as per npm/npm#4379 82e4e17
@springmeyer springmeyer pushed a commit to mapbox/node-srs that referenced this issue Jan 7, 2014
Dane Springmeyer travis: stop testing on node v0.6.x as per npm/npm#4379 028f457
@springmeyer springmeyer pushed a commit to mapbox/node-eio that referenced this issue Jan 7, 2014
Dane Springmeyer travis: stop testing on node v0.6.x as per npm/npm#4379 fe4367a
@springmeyer springmeyer pushed a commit to mapbox/node-mbtiles that referenced this issue Jan 8, 2014
Dane Springmeyer travis: stop testing on node v0.6.x as per npm/npm#4379 f87835a
@springmeyer springmeyer pushed a commit to mapbox/node-get that referenced this issue Jan 8, 2014
Dane Springmeyer travis: stop testing on node v0.6.x as per npm/npm#4379 804ba80
@springmeyer springmeyer pushed a commit to mapbox/carto that referenced this issue Jan 8, 2014
Dane Springmeyer travis: stop testing on node v0.6.x as per npm/npm#4379 84618be
@springmeyer springmeyer pushed a commit to tilemill-project/millstone that referenced this issue Jan 8, 2014
Dane Springmeyer travis: stop testing on node v0.6.x as per npm/npm#4379 c06835d
@thatmarvin thatmarvin added a commit to thatmarvin/express-dryroutes that referenced this issue Jan 16, 2014
@thatmarvin thatmarvin Drop 0.6 builds in Travis 935841a
@mudge mudge added a commit to mudge/pacta that referenced this issue Jan 23, 2014
@mudge mudge Remove Node 0.6 due to SSL issues on Travis. 7ce6acd
@Mithgol Mithgol added a commit to Mithgol/node-fidonet-fidohtml that referenced this issue Jan 27, 2014
@Mithgol Mithgol drop support of Node.js version 0.6, see npm/npm#4379 for details 23f33ff
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment