Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

custom cert support (fix deep merge) #10

Open
kwesterfeld opened this issue May 22, 2017 · 7 comments
Open

custom cert support (fix deep merge) #10

kwesterfeld opened this issue May 22, 2017 · 7 comments
Labels
bug

Comments

@kwesterfeld
Copy link

kwesterfeld commented May 22, 2017
edited
Loading

I want to do something like this in my systemjs-tools.js:

var fs = require('fs');

  module.exports.config.serve.keys = {
    key: fs.readFileSync('localhost.key'),
    cert: fs.readFileSync('localhost.crt'),
    ca: fs.readFileSync('localhost.key'),
  }

This way, I can customize the localhost key which is being served from some project that does not supply a localhost key with Subject Alternative Names set. When I do this, the file is corrupted by the lib/config processing with merge/conform somehow, causing the cert to become stringified instead of being passed to spdy.createServer() as Buffer form.
@alexisvincent
Copy link
Owner

alexisvincent commented May 22, 2017 via email

@kwesterfeld
Copy link
Author

It's no problem on the timing here. It is a nuisance that the localhost certs we all used until a couple weeks ago with Chrome could be trusted, but now Chrome refuses to allow trust for a cert that does not have Subject Alternative Name set.

I am debugging why systemjs-tools is clobbering the cert, as it looks like the config is loaded properly, but when the call goes into config#getConfig, and then eventually merge(), the Buffer is stringified when it should be left alone.

@kwesterfeld
Copy link
Author

The problem is in the deepmerge library. It does not understand that instances of Uint8Array should probably not be touched.

@kwesterfeld
Copy link
Author

Looks like I can make an easy fix on the caller-side, but this took a lot of digging on my part so please fix this eventually. What I did was to specify config of the keys as String, not Uint8Array, which deepmerge handles properly.

  module.exports.config.serve.keys = {
    key: fs.readFileSync('localhost.key', 'utf-8'),
    cert: fs.readFileSync('localhost.crt', 'utf-8'),
    ca: fs.readFileSync('localhost.key', 'utf-8'),
  }

@alexisvincent
Copy link
Owner

sure, definitely needs to be fixed! Thanks for looking into this. I'll replace/(send PR to) deep merge when I get a chance to dive in to this lib again.

@alexisvincent alexisvincent changed the title ability to load certs for localhost spdy configuration custom cert support (fix deep merge) May 22, 2017
@kwesterfeld
Copy link
Author

Since I migrated from jspm-dev-server, and there was a handy one-liner on that project's README.md, I'm going to create a handy one-liner to fix the Subject Alternative Name thing, and specify this type of config to this project's README.md. Look for a PR on that.

@alexisvincent
Copy link
Owner

@kwesterfeld Awesome 👍 Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kwesterfeld @alexisvincent