We're trying to use Node.js (and Mocha) as a testing framework to test API calls against an internal server over https. We're using the following node modules: Mocha, Restify, and Should to perform these tests.
When we run mocha testFileName.js, the major error we get back is:
[2013-06-19 14:16:28.105] [ERROR] console - FAIL: Received error! [Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE]
Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
at SecurePair.<anonymous> (tls.js:1283:32)
at SecurePair.EventEmitter.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:896:10)
at CleartextStream.read [as _read] (tls.js:430:15)
at CleartextStream.Readable.read (_stream_readable.js:320:10)
at EncryptedStream.write [as _write] (tls.js:344:25)
at doWrite (_stream_writable.js:219:10)
at writeOrBuffer (_stream_writable.js:209:5)
at EncryptedStream.Writable.write (_stream_writable.js:180:11)
at write (_stream_readable.js:573:24)
at flow (_stream_readable.js:582:7)
at Socket.pipeOnReadable (_stream_readable.js:614:5)
at Socket.EventEmitter.emit (events.js:92:17)
at emitReadable_ (_stream_readable.js:408:10)
at emitReadable (_stream_readable.js:404:5)
at readableAddChunk (_stream_readable.js:165:9)
at Socket.Readable.push (_stream_readable.js:127:10)
at TCP.onread (net.js:511:21)
After searching google and stackexchange it would seem that we have a certificate problem. From there we installed internal CA 'public' cert, as well as the instance specific certifications that our app is using (there are multiple redirects to get through), to
/usr/local/etc/openssl/certs, legacy: /System/Library/Keychains/X509Anchors, /Library/Keychains/System.keychain, as well as in Keychain through the gui to our login and System keychains. However, we're still not getting anywhere.
Before installing the certs in these places, we couldn't 'curl' our site without certificate errors on command-line; however, with them installed now we get no errors, but node still explodes.
We've tried multiple versions of Node, OpenSSL, as well as varying installation methods including downloading the package vs. using homebrew.
Computer Information:
- Mac OS X 10.8.4 (Also tried with 10.8.3)
- Node v0.8.18 (Also tried with: Node v0.10.11, v0.10.12)
- OpenSSL v1.0.1e (Also tried with 0.9.8)
Brainstorming Questions:
Does Node.js use its own (bundled) version of OpenSSL instead of what's installed on the local machine? If that's the case, where is it looking for certificates? Could the TLS.js be telling Node to look elsewhere for certs? Is there a pragmatic approach to overwriting the the certificates used; it appears there might be options we can use like this:
var options = {
ca: fs.readFileSync("[path to our CA cert file]"),
requestCert: true,
rejectUnauthorized: true
};
var req = https.request(options, function(res) {
...
});
But this generates our same error.