Skip to content

[BUG] Not able to set custom ca or cafile or even disable strict ssl #1700

Closed
@lumaxis

Description

@lumaxis

Current Behavior:

There is no way to intercept npm CLI traffic without causing an error:

✖ npm whoami                                                                                                                                                                                                        130 ↵
npm WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning UNABLE_TO_VERIFY_LEAF_SIGNATURE: request to https://registry.npmjs.org/-/whoami failed, reason: unable to verify the first certificate
npm WARN registry Using stale data from https://registry.npmjs.org/ due to a request error during revalidation.

Expected Behavior:

When using an HTTPS proxy with npm, I can correctly intercept SSL traffic by using the correct config options, like setting the NODE_TLS_REJECT_UNAUTHORIZED=0 env var, setting strict-ssl=false in ~/.npmrc or defining my self-signed cert via the ca or cafile config options.

Steps To Reproduce:

  1. Export your HTTPS proxy as an env var, e.g. export HTTPS_PROXY=http://127.0.0.1:9090
  2. Configure your local HTTPS proxy's self-signed certificate via ca or cafile
  3. Run an npm command like npm whoami

Environment:

  • OS: macOS 10.15.6
  • Node: 14.7.0
  • npm: 7.0.0-beta.6

Metadata

Metadata

Assignees

Labels

Bugthing that needs fixingRelease 7.xwork is associated with a specific npm 7 release

Type

No type

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions