Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

devcert issue with --http2 #252

Open
dvdzkwsk opened this issue Dec 14, 2020 · 4 comments
Open

devcert issue with --http2 #252

dvdzkwsk opened this issue Dec 14, 2020 · 4 comments
Labels
bug Something isn't working reliability

Comments

@dvdzkwsk
Copy link

dvdzkwsk commented Dec 14, 2020
edited
Loading

Hello again!

I was trying out the --http2 flag and ran into an issue related to missing files. It appears to be caused by devcert attempting to read some static configuration files from its package: devcert/openssl-configurations. Since devcert code is bundled and not included as a dependency, those files don't actually exist after a wmr install:

Unable to create HTTP2 server, falling back to HTTP1:
Error: Command failed: openssl req -new -x509 -config /<redacted>/node_modules/openssl-configurations/certificate-authority-self-signing.conf -key /tmp/tmp-9741tgOR4yN5ckNq.tmp -out /home/davezuko/.config/devcert/certificate-authority/certificate.cert -days 825
Can't open /<redacted>/node_modules/openssl-configurations/certificate-authority-self-signing.conf for reading, No such file or directory
140579634419008:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/<redacted>/node_modules/openssl-configurations/certificate-authority-self-signing.conf','r')
140579634419008:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:

I manually pulled those files into my node_modules to fix the issue. That worked. Then, to try to debug the root cause further, I created a fresh wmr project and surprisingly it didn't reoccur! After some digging, I discovered that this was because the code path that creates the Root CA is skipped if the CA already exists, masking the missing file issue on subsequent runs. I suspect this is why you may not have seen the issue on your end.

See: https://github.com/davewasmer/devcert/blob/0386f338d16e8372c0480195394c5518fa141f9c/src/index.ts#L93-L95

If you force this condition to true (e.g. in the wmr.cjs bundle) you should see the error.
@developit
Copy link
Member

Hi @davezuko - what OS was this on? devcert does different strategies per-OS, and we've mainly tested the mac and windows ones.
@dvdzkwsk
Copy link
Author

I should have included that, my apologies. So far I've reproduced it in:

  • Windows 10 WSL2 w/ Ubuntu (my default environment)
  • Windows 10 (native)

I have a Macbook that I can test as well. I'll report back once I give that a go.

The logs I showed above were from the Ubuntu run. Below are from a clean wmr install on Windows 10 outside of WSL:

C:\Users\David\Desktop\test>yarn start --http2
yarn run v1.22.4
warning package.json: No license field
$ wmr --http2
Removing old certificates from trust stores. You may be prompted to grant permission for this. It's safe to delete old devcert certificates.
Unable to create HTTP2 server, falling back to HTTP1:
Error: Command failed: openssl req -new -x509 -config C:\Users\David\Desktop\test\node_modules\openssl-configurations\certificate-authority-self-signing.conf -key C:\Users\David\AppData\Local\Temp\tmp-1900kuhVUKZL8nE2.tmp -out C:\Users\David\AppData\Local\devcert\certificate-authority\certificate.cert -days 825
Can't open C:\Users\David\Desktop\test\node_modules\openssl-configurations\certificate-authority-self-signing.conf for reading, No such file or directory
5348:error:02001003:system library:fopen:No such process:crypto\bio\bss_file.c:69:fopen('C:\Users\David\Desktop\test\node_modules\openssl-configurations\certificate-authority-self-signing.conf','r')
5348:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:7
@developit developit added bug Something isn't working reliability labels Dec 15, 2020
@rschristian
Copy link
Member

rschristian commented Feb 7, 2021
edited
Loading

It looks like on Linux devcert only provides support of Debian (and maybe the distributions built off it?) too. davewasmer/devcert#51

So for me to get this working on Arch I had to patch in the correct paths as mentioned in that thread, go and make the correct directories (I did not have /usr/local/share/ca-certificates, but experience likely varies there), and then manually install devcert and copy its openssl-configurations/ into the node_modules directory. Like @davezuko mentioned, this is missing due to devcert being bundled rather than installed normally.

devcert having shortcomings on Linux distros other than Debian likely isn't necessarily a problem (when you venture out into others you generally do become responsible for this sort of thing), but WMR probably needs to drag in that openssl-configurations/ directory which has all the .conf files needed.
@cfv1984
Copy link

cfv1984 commented Jun 4, 2021

Can confirm, I got this exact same issue on Powershell and Git Bash.
@rschristian rschristian mentioned this issue Dec 5, 2022
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working reliability
4 participants
@developit @cfv1984 @dvdzkwsk @rschristian