-
-
Notifications
You must be signed in to change notification settings - Fork 777
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add GLEAM_CACERTS_PATH
env variable
#3939
base: main
Are you sure you want to change the base?
Conversation
33063f4
to
56b73d5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
It looks like these would be used for all HTTP requests rather than just for the Hex API. Is that what we want or would that be too restrictive if we wanted to make requests to other domains too?
How might we test this change?
fn get_certificate() -> Result<Certificate, Box<dyn std::error::Error>> { | ||
let certificate_path = std::env::var("GLEAM_CACERTS_PATH")?; | ||
let certificate_bytes = std::fs::read(&certificate_path)?; | ||
let certificate = Certificate::from_pem(&certificate_bytes)?; | ||
|
||
Ok(certificate) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the event that the certs paths has been set we want to error if the certs cannot be read or parsed, rather than silently discarded as they are here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this is usual behaviour.. It's quite common for runtimes like Python and Node to ignore missing certs as it is common behaviour to add the environment variable to your shell and not populate the certificate path until necessary.
Again, it seems standard to have the certificates apply to all HTTP requests. In fact, a partial application would be surprising and frustrating behaviour. |
Hey, any updates? |
I just tested this and node does not silently discard the error, it emits an ugly looking warning. Make it return an error if an error occurs, thank you. |
I am not sure what you mean. I am returning an error. Can you describe how you reproduced that warning? I am not getting an issue on my end. |
I set the variable and then ran npm install. We will be returning an error for invalid certs. |
Revival of #3459
Tagging @lpil as he was the previous reviewer.
Closes #3246