Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

Issue validating certificates in proxy requests #131

Open
jenschude opened this issue Feb 24, 2017 · 3 comments
Open

Issue validating certificates in proxy requests #131

jenschude opened this issue Feb 24, 2017 · 3 comments
Labels
help wanted

Comments

@jenschude
Copy link

When trying to proxy requests against a https secured API endpoint I'm getting this error message.

node bin/osprey.js -f api.raml -a https://api.example.org -p 3000

Error: Hostname/IP doesn&#39;t match certificate&#39;s altnames: &quot;Host: localhost. is not in the cert&#39;s altnames: DNS:*.example.org, DNS:example.org&quot;<br> &nbsp; &nbsp;at Object.checkServerIdentity (tls.js:199:15)<br> &nbsp; &nbsp;at TLSSocket.&lt;anonymous&gt; (_tls_wrap.js:1066:29)<br> &nbsp; &nbsp;at emitNone (events.js:86:13)<br> &nbsp; &nbsp;at TLSSocket.emit (events.js:185:7)<br> &nbsp; &nbsp;at TLSSocket._finishInit (_tls_wrap.js:584:8)<br> &nbsp; &nbsp;at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38)

First I thought I might fix this issue by enabling CORS, but this didn't helped. Actually I had to set the environment variable NODE_TLS_REJECT_UNAUTHORIZED=0 in order to do so.

To avoid setting the environment variable it's possible to just set the host in the request header to the target address

function createProxy (middleware, addresses) {
  var fns = []

  var addrs = arrify(addresses).map(function (address) {
    var addr = url.format(address)

    return /^\w+:\/\//.test(addr) ? addr : 'http://' + addr
  })

  fns.push(middleware)

  fns.push(function proxyAddress (req, res, next) {
    var addr = addrs.shift()
    var opts = url.parse(url.resolve(addr, req.url))
    opts.headers.host = 'api.example.org' // just hardcoded this part for testing purposes

Then the request is directly accepted.
@jenschude jenschude mentioned this issue Feb 24, 2017
Closed
@Xotabu4
Copy link

Xotabu4 commented Aug 2, 2017

Any updates on this? I have same issue, but using proxy from command line

@jstoiko
Copy link
Contributor

jstoiko commented May 4, 2018

This looks like a legit error coming from NodeJS. TLS validates the certificates and since https://api.example.org doesn't resolve/exist, there is not certificate to validate. Have you tried passing a valid (https) URL to -a?

@jenschude
Copy link
Author

Yes. It‘s not about the invalid uri. As the error is saying it can‘t authenticate localhost.

Osprey is no full http proxy. It‘s more an API gateway. So when trying to route traffic through osprey I use the localhost:3000 as my target API uri. And osprey should proxy valid traffic to the uri provided in the -a flag.

But as osprey is not correcting the http headers the proxying does not work when trying to connect to real APIs using https

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Xotabu4 @jstoiko @jenschude