Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Thank you #1

Open
nake89 opened this issue Apr 1, 2022 · 1 comment
Open

Thank you #1

nake89 opened this issue Apr 1, 2022 · 1 comment

Comments

@nake89
Copy link

nake89 commented Apr 1, 2022

I just wanted to thank you for creating this. Saved me a lot of headache!

I hope other people find this.

A lot of stackoverflow answers suggest: https://www.npmjs.com/package/ssl-root-cas

But that no longer works so this project is the only good alternative I have found.
I tried to convert Mozillas raw certdata.txt myself but that was too much for me.

I was slightly concerned first because this project uses the following urls:
https://ccadb-public.secure.force.com/mozilla/PublicAllIntermediateCertsWithPEMCSV
https://ccadb-public.secure.force.com/mozilla/IncludedCACertificateReportPEMCSV

And they looked slightly shady. I have not heard of this force.com before.
But after some research I noticed that these are official from Mozilla: https://wiki.mozilla.org/CA/Intermediate_Certificates
If anyone is skeptical just check the Intermediate CA Certificates (CSV with PEM of raw certificate data) line. It is the same link.

So I want to thank you again for creating what seems the only alternative to ssl-root-cas.
Have a great day! :)
@PeterTrotter PeterTrotter mentioned this issue Feb 17, 2023
Open
@PeterTrotter
Copy link

Perhaps an amendment such as:

This module is designed to make all SSL sites that work with Mozilla Browser compatible with your nodejs script.

It creates a PEM file with resources from https://www.ccadb.org/resources (Common CA Database) which is run by Mozilla

The certificate reports used are hosted by Salesforce

And referenced in the Mozilla wiki:

It generates three different bundles that can be used based on your needs:

  • Intermediate certificates only bundle ca_intermediate_bundle.pem
  • Root only certificates bundle ca_root_bundle.pem
  • Intermediate and Root certificates bundle ca_intermediate_root_bundle.pem

jpolitz added a commit to brownplt/code.pyret.org that referenced this issue Oct 4, 2023
@jpolitz
Use node_extra_ca_certs_mozilla_bundle to make proxying act like a br…
7f207d1 
…owser

@shriram reported that some image urls were not loading through image-url() even though they'd appear fine in a browser (specifically some hosted at `cs.brown.edu`, but this could happen in many cases). The issue was that the intermediate CAs were not embedded in the certificate for that domain. This is a common SSL configuration issue that browsers work around by filling in the gaps. The node https libraries are more strict.

The fix appears to be to use https://www.npmjs.com/package/node_extra_ca_certs_mozilla_bundle, which fills in a bunch of the gaps in the certificate chain from Mozilla's trusted sources.

There are fewer active users/weekly downloads of this than some popular repositories, but looking at the public issues convinces me that this is legit and right for our uses:

arvind-agarwal/node_extra_ca_certs_mozilla_bundle#3
arvind-agarwal/node_extra_ca_certs_mozilla_bundle#1
jpolitz added a commit to brownplt/code.pyret.org that referenced this issue Oct 4, 2023
@jpolitz
Use node_extra_ca_certs_mozilla_bundle to make proxying act like a br…
0d21d41 
…owser

@shriram reported that some image urls were not loading through image-url() even though they'd appear fine in a browser (specifically some hosted at `cs.brown.edu`, but this could happen in many cases). The issue was that the intermediate CAs were not embedded in the certificate for that domain. This is a common SSL configuration issue that browsers work around by filling in the gaps. The node https libraries are more strict.

The fix appears to be to use https://www.npmjs.com/package/node_extra_ca_certs_mozilla_bundle, which fills in a bunch of the gaps in the certificate chain from Mozilla's trusted sources.

There are fewer active users/weekly downloads of this than some popular repositories, but looking at the public issues convinces me that this is legit and right for our uses:

arvind-agarwal/node_extra_ca_certs_mozilla_bundle#3
arvind-agarwal/node_extra_ca_certs_mozilla_bundle#1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PeterTrotter @nake89