-
Notifications
You must be signed in to change notification settings - Fork 10.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(gatsby): Add self-signed cert to node trust store (https) #18703
Conversation
@pieh The work over at Several things have changed from
I do have a couple of questions
|
CI checks are passing. Needed to update the jest tests, and the code fences in the doc. There's one still failing, but it doesn't seem related to this PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are currently conflicts. Can you check and resolve them?
ba388d6
to
679ce27
Compare
Okay, I've merged in the commits from the master branch, and resolved the conflicts. I think that should do it. I see |
679ce27
to
702320d
Compare
@pieh would it be possible to get some action on this PR? I know you guys are probably busy, but I keep having to come back to it and resolve conflicts, which is a pain sometimes. Not to mention, there's still problems because of the current state. New issue opened this morning: #20991. I just updated my branch, to bring it even with the master branch, and resolve all of the conflicts. I also ran through some manual tests, upgrading from the current Gatsby version to this updated version, and it all ran smoothly. I don't, however, have access to a Mac machine to test on, or my Linux machine at the moment. |
@Js-Brecht what would be the best way to test this PR? |
@wardpeet since devcert Is now v1, the best way to test it is to run |
When running the upgrade, the CA cert should get updated, both on disk and in your certificate trust store. After, it should be readable, and it should be picked up by Node |
I've ran it and it works but I'm mostly interested in the CA-file part. How do I test that code path? |
That's for when somebody is using their own custom certificate via If only You could use the certificates generated by devcert, if you wanted, or use a custom certificate set.
In subdirectories under that path:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding so much to the docs for this! I did an initial pass with some suggestions. I'd also ask that you use HTTPS with capital letters consistently, so if you could review for that as well that'd be great.
Co-Authored-By: Ward Peeters <[email protected]>
Co-Authored-By: Ward Peeters <[email protected]> Co-Authored-By: LB <[email protected]>
@laurieontech @wardpeet thanks for the comments! Left a couple of questions for clarification
Done! |
Co-Authored-By: LB <[email protected]>
…into devcert-upgrade
Looks great from a content perspective! I pulled it down and did some re-organization to make use of headings since there are so many different forks based on OS. If you want to take a look and confirm that I didn't obscure your meaning somehow that'd be great! But this should be good to go. |
Looks good to me. Thanks for that. Just waiting to get the last review completed 🙂 I did miss one "HTTPS" somehow, though 🤔. |
Hey @wardpeet, did you have a moment to come back to this? I think the only thing blocking this PR is that last review, which is pretty minor, and should be a really quick fix when the questions are answered. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you @Js-Brecht, Finally getting this in.
Sorry for the wait, thank you for the great write-up and bug fixing. Finally, https works great again on develop. Our users will be pleased 🙏
@wardpeet Thanks for helping me get this over the finish line! |
Description
This PR does a few things.
devcert
tov1.1.0
to fix https issues.The version is currently pointing to the release branch of mydevcert
fork, as a proof of conceptIf/whendevcert
gets patched and published, I will update the version spec to point to the new version--cert-file
and--key-file
are specified, it assumes it's self-signed, and tells node to trust it.--ca-file
. If the certificate is signed by a private ca, then include that ca's certificate using this flag in order for node to trust the cert/key pairdevcert
during the automatic setup, and tells node to trust it.Tracking related external PRs
Prerequisites
Related Issues
Fixes #16212
Fixes #14990