Berry: Proxy certificates support

Created on 3 Jun 2020  路  3Comments  路  Source: yarnpkg/berry

I get the error

RequestError: self signed certificate in certificate chain

when running this command for example:
yarn set version latest
I'm using the proxy and httpsProxy config options.

Earlier using Yarn V1 it was possible to specify a cafile. But I can't find any configuration like this for berry.

enhancement good first issue
Source
picture danreg

Most helpful comment

Hey @arcanis, can I implement a PR for this?

Here is what I've found.

berry uses a tunnel for proxy, the proxy object in httpUtils.ts#L22 uses only host and port (and empty headers object).

The tunnel package accepts following options to construct a proxy,

{
    host: proxyHost, // Defaults to 'localhost'
    port: proxyPort, // Defaults to 443
    localAddress: localAddress, // Local interface if necessary

    // Basic authorization for proxy server if necessary
    proxyAuth: 'user:password',

    // Header fields for proxy server if necessary
    headers: {
      'User-Agent': 'Node'
    },

    // CA for proxy server if necessary
    ca: [ fs.readFileSync('origin-server-ca.pem')],

    // Server name for verification if necessary
    servername: 'example.com',

    // Client certification for proxy server if necessary
    key: fs.readFileSync('origin-server-key.pem'),
    cert: fs.readFileSync('origin-server-cert.pem'),
  }

What should be implemented for this (ca, key, cert as well as proxyAuth, servername, and localAddress) and what should be the options names,

  • proxyCA for ca
  • proxyClientKey for key
  • proxyClientCert for cert
  • proxyHeaders for headers maybe?

And what about other options such as proxyAuth, localAddress, and servername?

picture skyme5 on 11 Jul 2020
👍3

All 3 comments

It isn't implemented at the moment. PR welcome 馃憪

arcanis picture arcanis on 3 Jun 2020

Hey @arcanis, can I implement a PR for this?

Here is what I've found.

berry uses a tunnel for proxy, the proxy object in httpUtils.ts#L22 uses only host and port (and empty headers object).

The tunnel package accepts following options to construct a proxy,

{
    host: proxyHost, // Defaults to 'localhost'
    port: proxyPort, // Defaults to 443
    localAddress: localAddress, // Local interface if necessary

    // Basic authorization for proxy server if necessary
    proxyAuth: 'user:password',

    // Header fields for proxy server if necessary
    headers: {
      'User-Agent': 'Node'
    },

    // CA for proxy server if necessary
    ca: [ fs.readFileSync('origin-server-ca.pem')],

    // Server name for verification if necessary
    servername: 'example.com',

    // Client certification for proxy server if necessary
    key: fs.readFileSync('origin-server-key.pem'),
    cert: fs.readFileSync('origin-server-cert.pem'),
  }

What should be implemented for this (ca, key, cert as well as proxyAuth, servername, and localAddress) and what should be the options names,

  • proxyCA for ca
  • proxyClientKey for key
  • proxyClientCert for cert
  • proxyHeaders for headers maybe?

And what about other options such as proxyAuth, localAddress, and servername?

skyme5 picture skyme5 on 11 Jul 2020
👍3

Support for caFilePath was added in https://github.com/yarnpkg/berry/pull/1934

merceyz picture merceyz on 2 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

wojtekmaj picture wojtekmaj  路  3Comments
tiansijie picture tiansijie  路  4Comments
mormahr picture mormahr  路  3Comments
thealjey picture thealjey  路  4Comments
juanpicado picture juanpicado  路  4Comments