I'm trying to analyze my requests against a server using Charles Proxy. The server uses TSL so I have the classic fake certificate to be able to view clear traffic.
NodeJS / Request don't like it, so my script doesn't run and throws that error.
How can I bypass this?
console.log('Response status: ' + response.statusCode);
^
TypeError: Cannot read property 'statusCode' of undefined
at Request._callback (/xxx:88:59)
at self.callback (/xxx:199:22)
at Request.emit (events.js:107:17)
at Request.onRequestError (/xxx:821:8)
at ClientRequest.emit (events.js:107:17)
at TLSSocket.socketErrorListener (_http_client.js:271:9)
at TLSSocket.emit (events.js:107:17)
at TLSSocket.<anonymous> (_tls_wrap.js:942:18)
at TLSSocket.emit (events.js:104:17)
at TLSSocket._finishInit (_tls_wrap.js:460:8)
Error: Error: self signed certificate in certificate chain
in this case response
is undefined.
response doesn't have to be defined.
response will be only defined if an actual response arrived.
if there was some connection error that is not the case.
check for error
to be defined, or response.statusCode
to be greater or equal than 400.
if you want to debug this use
env NODE_DEBUG="*" node asdf.js
Thanks for the explanation. I found out how to avoid problems with fake certificates in case anyone is interested:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
With that I can use fake SSL auth to inspect the communications between my client and a server.
My error was similar but now I"m good thanks @nmaxcom
Error: unable to verify the first certificate
at Error (native)
at TLSSocket.
at TLSSocket.emit (events.js:104:17)
at TLSSocket._finishInit (_tls_wrap.js:460:8)
or you can just use let's encrypt, certificates that are signed by a legit CA.
self signed certificates dont make sense now.
request.get({
uri: 'https://mydocker.com/v2/_catalog',
rejectUnauthorized: false
}
For self-signed CA, we can specify 'rejectUnauthorized = false'.
Check request.js at line 623 & _tls_wrap.js in node.js.
Better alternatives are:
a) Do SSL termination at your load balancer
b) Use a free certificate
In this way you have a single configuration across all your environments.
You will have higher confidence on your deployments and filter errors earlier.
rejectUnauthorized works in options.rejectUnauthorized = false
but not in options.agentOptions.rejectUnauthorized = false
dont know why 😢
https://github.com/request/request/blob/v2.81.1/request.js#L257-L259
Sorry, only see the code. I get that strictSSL
is just an alias to rejectUnauthorized
Have to say that's a bad name, just use rejectUnauthorized
😭
getting this error while runnign code
Parse error: syntax error, unexpected 'var' (T_VAR), expecting end of file in C:xampphtdocsPHPIMAPadminindex.php on line 146
var notifier = require('mail-notifier');
var imap = {
username: "anandlintas2017 ",
password: "xxxxxxxxx",
host: "imap.gmail.com",
port: 993, // imap port
secure: true // use secure connection
};
notifier(imap).on('mail',function(mail){console.log(mail);}).start();
?>
for people who suggest to set rejectUnauthorized=false what if i have internal servers that should have encrypted connections with each other with some self signed certificates , iguess setting rejectUnauthorized to false will stop the error but my connections are 100% prone to MITM atacks , I see that this is a bug in nodejs tls library that it suffers from and i can't find any fix any where (i have google to page 5 of google results that is really deep) i don't know how other people don't talk about it , AM I missing something here! !!!!! please correct me if i am wrong !!
rejectUnauthorized works in options.rejectUnauthorized = false
but not in options.agentOptions.rejectUnauthorized = false
Both do not work for me
request.get({ uri: 'https://s3.amazonaws.com/...',
rejectUnauthorized: false,
// strictSSL: false,
proxy: '127.0.0.1:8080',
agentOptions: {
rejectUnauthorized: false,
// strictSSL: false,
},
}, (...args) => {
console.log(args);
process.exit();
});
P.S. Running the code from within ELECTRON with ssl disable flag on.
For me, disabling Kaspersky antivirus solved the problem.
https://github.com/request/request/issues/2061#issuecomment-182573171 seems to be the answer to the general question
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
Gives no effect.
Most helpful comment
Thanks for the explanation. I found out how to avoid problems with fake certificates in case anyone is interested:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
With that I can use fake SSL auth to inspect the communications between my client and a server.