Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPS is the way #206

Closed
wants to merge 1 commit into from
Closed

HTTPS is the way #206

wants to merge 1 commit into from
+21 −8

Conversation

toddself
Copy link
Contributor

@toddself toddself commented Jun 26, 2017
edited
Loading

That .default thing caught me for a minute. Really wish there was better
interop between cjs and ecmascript modules... Not sure if the .default is
better on the require (so the API works as "expected" w/r/t to cjs) or if you
want devCert.default() when invoking it.

Plus the {installCertutil: true} option doesn't seem to work on my mac at the
very least, as chrome and firefox still give security warnings?

Lastly should we be only HTTPS or HTTP by default with HTTPS opt-in or HTTPS
by default or HTTP opt-in

I figure if we can get this working on multiple platforms without security
issues there's no reason not to do HTTPS-only?

This was referenced Jun 26, 2017
Closed
Closed
toddself
toddself commented Jun 26, 2017
View reviewed changes
bin.js
var certOpts = {
installCertutil: true
}
var certName = entry.replace(new RegExp(path.sep, 'g'), '-').slice(-64)
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The certname should be unique for each project (maybe per entry point?) -- but there's a 64 character limit on it due to ASN1:

↳ openssl req -config /Users/todd/.config/devcert/openssl.conf -subj "/CN=-Users-todd-src-showrunner-node_modules-@scriptollc-code-mirror-ot-standalone.js" -key /Users/todd/.config/devcert/-Users-todd-src-showrunner-node_modules-@scriptollc-code-mirror-ot-standalone.js.key -out /Users/todd/.config/devcert/-Users-todd-src-showrunner-node_modules-@scriptollc-code-mirror-ot-standalone.js.csr -new
problems making Certificate Request
4550:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/crypto/asn1/a_mbstr.c:154:maxsize=64

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we have to verify that we only ever pass in 64 characters. If you try to pass in with path separators, it fails as well since the cert name has the directory name attached, and that directory doesn't exist (which might be a bug in devcert).

@toddself
Copy link
Contributor Author

We might also want to wait for:
davewasmer/devcert#7
davewasmer/devcert#8

To land (if they do) since we can stop doing the data manipulation and let it occur upstream (which feels more proper).

@yoshuawuyts
Copy link
Member

Ohey, yeah alternatively we could just use https://github.com/Dexus/pem - it's what wzrd uses and means we don't have to deal with weird source code

@toddself
Copy link
Contributor Author

Closed in favor of #217

@toddself toddself closed this Jul 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@toddself @yoshuawuyts