devcert issue with --http2
dvdzkwsk opened this issue · 4 comments
Hello again!
I was trying out the --http2 flag and ran into an issue related to missing files. It appears to be caused by devcert attempting to read some static configuration files from its package: devcert/openssl-configurations. Since devcert code is bundled and not included as a dependency, those files don't actually exist after a wmr install:
Unable to create HTTP2 server, falling back to HTTP1:
Error: Command failed: openssl req -new -x509 -config /<redacted>/node_modules/openssl-configurations/certificate-authority-self-signing.conf -key /tmp/tmp-9741tgOR4yN5ckNq.tmp -out /home/davezuko/.config/devcert/certificate-authority/certificate.cert -days 825
Can't open /<redacted>/node_modules/openssl-configurations/certificate-authority-self-signing.conf for reading, No such file or directory
140579634419008:error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:69:fopen('/<redacted>/node_modules/openssl-configurations/certificate-authority-self-signing.conf','r')
140579634419008:error:2006D080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:76:
I manually pulled those files into my node_modules to fix the issue. That worked. Then, to try to debug the root cause further, I created a fresh wmr project and surprisingly it didn't reoccur! After some digging, I discovered that this was because the code path that creates the Root CA is skipped if the CA already exists, masking the missing file issue on subsequent runs. I suspect this is why you may not have seen the issue on your end.
If you force this condition to true (e.g. in the wmr.cjs bundle) you should see the error.
Hi @davezuko - what OS was this on? devcert does different strategies per-OS, and we've mainly tested the mac and windows ones.
I should have included that, my apologies. So far I've reproduced it in:
- Windows 10 WSL2 w/ Ubuntu (my default environment)
- Windows 10 (native)
I have a Macbook that I can test as well. I'll report back once I give that a go.
The logs I showed above were from the Ubuntu run. Below are from a clean wmr install on Windows 10 outside of WSL:
C:\Users\David\Desktop\test>yarn start --http2
yarn run v1.22.4
warning package.json: No license field
$ wmr --http2
Removing old certificates from trust stores. You may be prompted to grant permission for this. It's safe to delete old devcert certificates.
Unable to create HTTP2 server, falling back to HTTP1:
Error: Command failed: openssl req -new -x509 -config C:\Users\David\Desktop\test\node_modules\openssl-configurations\certificate-authority-self-signing.conf -key C:\Users\David\AppData\Local\Temp\tmp-1900kuhVUKZL8nE2.tmp -out C:\Users\David\AppData\Local\devcert\certificate-authority\certificate.cert -days 825
Can't open C:\Users\David\Desktop\test\node_modules\openssl-configurations\certificate-authority-self-signing.conf for reading, No such file or directory
5348:error:02001003:system library:fopen:No such process:crypto\bio\bss_file.c:69:fopen('C:\Users\David\Desktop\test\node_modules\openssl-configurations\certificate-authority-self-signing.conf','r')
5348:error:2006D080:BIO routines:BIO_new_file:no such file:crypto\bio\bss_file.c:7
It looks like on Linux devcert only provides support of Debian (and maybe the distributions built off it?) too. davewasmer/devcert#51
So for me to get this working on Arch I had to patch in the correct paths as mentioned in that thread, go and make the correct directories (I did not have /usr/local/share/ca-certificates, but experience likely varies there), and then manually install devcert and copy its openssl-configurations/ into the node_modules directory. Like @davezuko mentioned, this is missing due to devcert being bundled rather than installed normally.
devcert having shortcomings on Linux distros other than Debian likely isn't necessarily a problem (when you venture out into others you generally do become responsible for this sort of thing), but WMR probably needs to drag in that openssl-configurations/ directory which has all the .conf files needed.
Can confirm, I got this exact same issue on Powershell and Git Bash.