node-gyp icon indicating copy to clipboard operation
node-gyp copied to clipboard
verified publisher icon nodejs

Does not respect NODE_TLS_REJECT_UNAUTHORIZED

Open julien-f opened this issue 3 years ago • 10 comments

  • Node Version: Node 16.14.2 and npm 8.4.0
  • Platform: Linux xoa 5.10.0-13-amd64 #1 SMP Debian 5.10.106-1 (2022-03-17) x86_64 GNU/Linux
  • Compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
  • Module: cpu-features
Verbose output (from npm or node-gyp): 
$ NODE_TLS_REJECT_UNAUTHORIZED=0 ./node_modules/.bin/node-gyp configure
gyp info it worked if it ends with ok
gyp info using [email protected]
gyp info using [email protected] | linux | x64
gyp info find Python using Python version 3.9.2 found at "/usr/bin/python3"
gyp http GET https://nodejs.org/download/release/v16.14.2/node-v16.14.2-headers.tar.gz
(node:751064) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(Use `node --trace-warnings ...` to show where the warning was created)
gyp WARN install got an error, rolling back install
gyp ERR! configure error 
gyp ERR! stack FetchError: request to https://nodejs.org/download/release/v16.14.2/node-v16.14.2-headers.tar.gz failed, reason: unable to get local issuer certificate
gyp ERR! stack     at ClientRequest.<anonymous> (/root/node-gyp/node_modules/minipass-fetch/lib/index.js:130:14)
gyp ERR! stack     at ClientRequest.emit (node:events:526:28)
gyp ERR! stack     at TLSSocket.socketErrorListener (node:_http_client:442:9)
gyp ERR! stack     at TLSSocket.emit (node:events:538:35)
gyp ERR! stack     at emitErrorNT (node:internal/streams/destroy:157:8)
gyp ERR! stack     at emitErrorCloseNT (node:internal/streams/destroy:122:3)
gyp ERR! stack     at processTicksAndRejections (node:internal/process/task_queues:83:21)
gyp ERR! System Linux 5.10.0-13-amd64
gyp ERR! command "/usr/local/bin/node" "/root/node-gyp/node_modules/.bin/node-gyp" "configure"
gyp ERR! cwd /root/node-gyp
gyp ERR! node -v v16.14.2
gyp ERR! node-gyp -v v9.0.0
gyp ERR! not ok

From what I could gather:

  • calls make-fetch-happens without using strictSSL (source)
  • strictSSL defaults to false if not specified (source)
  • minipass-fetch's NODE_TLS_REJECT_UNAUTHORIZED handling is not triggered (source)

julien-f avatar May 11 '22 09:05 julien-f

I hit this in Node 16.14.0 and 16.16.0. However, 16.13 appears to work as expected.

tonjohn avatar Jul 13 '22 18:07 tonjohn

Appear to also be running into this. Seems to occur in corporate environments where they do deep packet inspection where they strip away the SSL to inspect the traffic and re-assemble it.

Will try back down to a previous version of node as the comment above suggestions.

C:\TFS\Test\node_modules\node-sass>node scripts/build.js
Building: C:\Program Files\nodejs\node.exe C:\TFS\Test\node_modules\node-sass\node_modules\node-gyp\bin\node-gyp.js rebuild --verbose --libsass_ext= --libsass_cflags= --libsass_ldflags= --libsass_library=
gyp info it worked if it ends with ok
gyp verb cli [
gyp verb cli   'C:\\Program Files\\nodejs\\node.exe',
gyp verb cli   'C:\\TFS\\Test\\node_modules\\node-sass\\node_modules\\node-gyp\\bin\\node-gyp.js',
gyp verb cli   'rebuild',
gyp verb cli   '--verbose',
gyp verb cli   '--libsass_ext=',
gyp verb cli   '--libsass_cflags=',
gyp verb cli   '--libsass_ldflags=',
gyp verb cli   '--libsass_library='
gyp verb cli ]
gyp info using [email protected]
gyp info using [email protected] | win32 | x64
gyp verb command rebuild []
gyp verb command clean []
gyp verb clean removing "build" directory
gyp verb command configure []
gyp verb find Python Python is not set from command line or npm configuration
gyp verb find Python Python is not set from environment variable PYTHON
gyp verb find Python checking if "python3" can be used
gyp verb find Python - executing "python3" to get executable path
gyp verb find Python - "python3" is not in PATH or produced an error
gyp verb find Python checking if "python" can be used
gyp verb find Python - executing "python" to get executable path
gyp verb find Python - executable path is "C:\Program Files\Python39\python.exe"
gyp verb find Python - executing "C:\Program Files\Python39\python.exe" to get version
gyp verb find Python - version is "3.9.11"
gyp info find Python using Python version 3.9.11 found at "C:\Program Files\Python39\python.exe"
gyp verb get node dir no --target version specified, falling back to host node version: 16.17.1
gyp verb command install [ '16.17.1' ]
gyp verb install input version string "16.17.1"
gyp verb install installing version: 16.17.1
gyp verb install --ensure was passed, so won't reinstall if already installed
gyp verb install version not already installed, continuing with install 16.17.1
gyp verb ensuring nodedir is created C:\Users\matto\AppData\Local\node-gyp\Cache\16.17.1
gyp verb created nodedir C:\Users\test\AppData\Local\node-gyp\Cache\16.17.1
gyp http GET https://nodejs.org/download/release/v16.17.1/node-v16.17.1-headers.tar.gz
gyp WARN install got an error, rolling back install
gyp verb command remove [ '16.17.1' ]
gyp verb remove using node-gyp dir: C:\Users\test\AppData\Local\node-gyp\Cache
gyp verb remove removing target version: 16.17.1
gyp verb remove removing development files for version: 16.17.1
gyp ERR! configure error
gyp ERR! stack Error: self signed certificate in certificate chain
gyp ERR! stack     at TLSSocket.onConnectSecure (node:_tls_wrap:1535:34)
gyp ERR! stack     at TLSSocket.emit (node:events:513:28)
gyp ERR! stack     at TLSSocket._finishInit (node:_tls_wrap:949:8)
gyp ERR! stack     at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:730:12)
gyp ERR! System Windows_NT 10.0.19044
gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\TFS\\Test\\node_modules\\node-sass\\node_modules\\node-gyp\\bin\\node-gyp.js" "rebuild" "--verbose" "--libsass_ext=" "--libsass_cflags=" "--libsass_ldflags=" "--libsass_library="
gyp ERR! cwd C:\TFS\Test\node_modules\node-sass
gyp ERR! node -v v16.17.1
gyp ERR! node-gyp -v v7.1.2
gyp ERR! not ok
Build failed with error code: 1

xantari avatar Sep 30 '22 20:09 xantari

Confirming this is an issue with Node 16.17.1, here, as well.

uberDoward avatar Oct 03 '22 20:10 uberDoward

Having this issue as well. Is there some kind of workaround to manually build it or a way to install it without building it?

korodarn avatar Nov 10 '22 06:11 korodarn

Confirming this issue is still around in node v19.6.1

Seriously!?

arontsang avatar Apr 17 '23 08:04 arontsang

https://github.com/nodejs/node-gyp/issues/695#issuecomment-1620860300

cclauss avatar Jul 05 '23 06:07 cclauss

node-gyp switched to make-fetch-happen, which does not support this this environment variable ...

jbgomond avatar Oct 24 '23 12:10 jbgomond

https://github.com/nodejs/node-gyp/pulls?q=is%3Apr+is%3Aopen+fetch

cclauss avatar Oct 24 '23 12:10 cclauss

Same issue. Setting NODE_EXTRA_CA_CERTS as per https://stackoverflow.com/questions/34608969/stack-error-self-signed-certificate-in-certificate-chain-when-trying-to-build resolved the issue for me on Node.js 20.x .

jasondalycanpk avatar Feb 16 '24 23:02 jasondalycanpk