Blog Archives

Working around untrusted certificate errors in Express JS


A few very common fatal errors thrown by the request module for express while trying to access data from self-signed web servers are Error: DEPTH_ZERO_SELF_SIGNED_CERT and UNABLE_TO_VERIFY_LEAF_SIGNATURE

This is because of¬†https://github.com/nodejs/node-v0.x-archive/pull/4023 which mandates NodeJS to validate a server’s certificate by default, which needless to say is how things should be in a production environment.

However, more often than none we tend to use self-signed SSL certificates in our development environments or even within internal networks.

Thankfully for such brain-wracking moments, two particular flags come to our rescue. Enter strictSSL and rejectUnauthorized. The way I personally like to use these flags, is to set defaults within my development environments as follows to bypass SSL validation hence, saving the day! ūüôā

var request = require('request').defaults({
    strictSSL: false,
    rejectUnauthorized: false
 });

Please do note, that I do not recommend that you ever try this on your production systems without understanding the true implications of what disabling strictSSL and rejectUnauthorized means for you node server. By disabling these, you are essentially telling your server to skip validation of the requested server’s identity, which leaves your application in quite a vulnerable position.

Using Vim to generate HTML output of code


This is an interesting bit that I learnt about from an email in a mailing list by James Pryor.

To generate html output for code within a shell script you can use:

vim myscript.sh '+syntax on' '+ set nu' '+set background=light' +TOhtml '+w myscript.html' '+qall!'
If you don’t want numbers and need a dark background you can use:
vim myscript.sh '+syntax on' '+ set nonu' '+set background=dark' +TOhtml '+w myscript.html' '+qall!'
%d bloggers like this: