Rocket.chat.electron: 3.0 Client cannot connect to Internal server with Self-signed certificate

Created on 1 Oct 2020  Â·  10Comments  Â·  Source: RocketChat/Rocket.Chat.Electron

My Setup

  • Operating System: Mac Os X 10.15
  • App Version: 3.0.0
  • Installation type: Brew, Manual install
  • [x] I have tested with the latest version
  • [x] I can simulate the issue easily

Description


When trying to connect to an internal server, that is using certificate issued from Internal PKI (and trusted by endpoint), the login to service cannot succeed.

Current Behavior


Client tells "No valud server found at the URL"

Trying to start application from terminal shows following error:
[bugsnag] Loaded! SyntaxError: Unexpected token o in JSON at position 1 at JSON.parse (<anonymous>) at /Applications/Rocket.Chat.app/Contents/Resources/app.asar/app/main.js:1344:42 at Generator.next (<anonymous>) at /Applications/Rocket.Chat.app/Contents/Resources/app.asar/node_modules/tslib/tslib.js:114:75 at new Promise (<anonymous>) at Object.__awaiter (/Applications/Rocket.Chat.app/Contents/Resources/app.asar/node_modules/tslib/tslib.js:110:16) at setupServers (/Applications/Rocket.Chat.app/Contents/Resources/app.asar/app/main.js:1280:46) at /Applications/Rocket.Chat.app/Contents/Resources/app.asar/app/main.js:3225:11 at Generator.next (<anonymous>) at fulfilled (/Applications/Rocket.Chat.app/Contents/Resources/app.asar/node_modules/tslib/tslib.js:111:62) Checking for update Update for version 3.0.0 is not available (latest version: 3.0.0, downgrade is disallowed). [bugsnag] Event failed to send… Error: self signed certificate in certificate chain at TLSSocket.onConnectSecure (_tls_wrap.js:1484:34) at TLSSocket.emit (events.js:310:20) at TLSSocket.EventEmitter.emit (domain.js:482:12) at TLSSocket._finishInit (_tls_wrap.js:927:8) at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:697:12) Error: self signed certificate in certificate chain at TLSSocket.onConnectSecure (_tls_wrap.js:1484:34) at TLSSocket.emit (events.js:310:20) at TLSSocket.EventEmitter.emit (domain.js:482:12) at TLSSocket._finishInit (_tls_wrap.js:927:8) at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:697:12) { code: 'SELF_SIGNED_CERT_IN_CHAIN' } [bugsnag] Failed to send event to Bugsnag [bugsnag] Unhandled rejection… TypeError: Error processing argument at index 0, conversion failure from at BrowserWindow.setBounds (electron/js2c/browser_init.js:29:405) at applyRootWindowState (/Applications/Rocket.Chat.app/Contents/Resources/app.asar/app/main.js:760:20) at /Applications/Rocket.Chat.app/Contents/Resources/app.asar/app/main.js:3241:5 at Generator.next (<anonymous>) at fulfilled (/Applications/Rocket.Chat.app/Contents/Resources/app.asar/node_modules/tslib/tslib.js:111:62) at processTicksAndRejections (internal/process/task_queues.js:97:5)

Expected Behavior


Would be greate to get logged in :)

bug urgent
Source
picture TaLoN1x
👍4

Most helpful comment

Can confirm simmilar behaivor on Windows

picture TaLoN1x on 1 Oct 2020
👍4

All 10 comments

P.S. if I offload certificate locally via the proxy and connect with HTTP, it works. Seems like issue with ignoring endpoint trust certificate setting and not having an option to feed custom certificate chain.

TaLoN1x picture TaLoN1x on 1 Oct 2020

Can confirm simmilar behaivor on Windows

TaLoN1x picture TaLoN1x on 1 Oct 2020
👍4

same for me

berndlackinger picture berndlackinger on 1 Oct 2020

I can confirm same for Ubuntu (snap)

trickvi picture trickvi on 1 Oct 2020
👍1

Can confirm this. Had to downgrade to login

Vkat14 picture Vkat14 on 2 Oct 2020

Can confirm this, too. Manually entering the server using 3.0.0 & 3.0.1 does not work. Preconfiguring with servers.json works fine.

TheWrongGuy picture TheWrongGuy on 2 Oct 2020

Figured out a temp work around here https://github.com/RocketChat/Rocket.Chat.Electron/issues/1764#issuecomment-702993532

TheDigitalEagle picture TheDigitalEagle on 3 Oct 2020

I've found the cause: node-fetch was used to connect to the server instead of Electron's net API, therefore certificate-error and select-client-certificate events are not emitted. I'm working on it now, please wait.

tassoevan picture tassoevan on 3 Oct 2020
👍2

~Electron is a joke.~ net.request does not raise any certificate-error event at all. To perform a request, I have to run it in a renderer process, so the fix is taking a little longer.

tassoevan picture tassoevan on 6 Oct 2020
😄2

When I've worked with CEF, it took good effort to wrap and implement SSL event handling. It's possible Electron hasn't gone far into handle that part of Chromium.

TheDigitalEagle picture TheDigitalEagle on 6 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bbrendon picture bbrendon  Â·  4Comments
Sugaroverdose picture Sugaroverdose  Â·  3Comments
jswolf19 picture jswolf19  Â·  4Comments
rgembalik picture rgembalik  Â·  4Comments
SQUIDwarrior picture SQUIDwarrior  Â·  3Comments