error: SELF_SIGNED_CERT_IN_CHAIN downloading package manifest

[ajaykarpur]

What version of Bun is running?

1.0.11+f7f6233ea

What platform is your computer?

Darwin 22.6.0 arm64 arm

What steps can reproduce the bug?

I am on a corporate laptop that uses a company self-signed cert.

I ran the command: bun install -g aws-cdk and got the following output:

bun add v1.0.11 (f7f6233e)
  🔍 aws-cdk [6/6]
error: SELF_SIGNED_CERT_IN_CHAIN downloading package manifest aws-cdk
error: aws-cdk@ failed to resolve

I tried following Node's solution for this issue, and I set the following environment variable:

export NODE_EXTRA_CA_CERTS="path_to_my_cert.pem"

This didn't seem to work. I also tried BUN_EXTRA_CA_CERTS, but that didn't work either.

What is the expected behavior?

Ideally, it would be possible to set an environment variable that points to my CA file, in precisely the same way it works for Node. (Or some other user-friendly method that is clearly documented.)

What do you see instead?

No response

Additional information

No response

[ajaykarpur]

@Jarred-Sumner do you happen to know if handling self-signed certs is a missing feature in Bun, or if there is already a way to do this that I'm not aware of?

[cirospaciari]

@Jarred-Sumner do you happen to know if handling self-signed certs is a missing feature in Bun, or if there is already a way to do this that I'm not aware of?

We still do not support NODE_EXTRA_CA_CERTS but we support NODE_TLS_REJECT_UNAUTHORIZED=0

[JonCanning]

Is there a timeline for this? I've been migrating some services to Bun and this is a show stopper due to strict security requirements

[lirc571]

Just tried this on a fresh installation of Ubuntu. Bun recognizes certificates from the default certificate store (/etc/ssl/certs/ca-certificates.crt for Ubuntu). No need to set any environment variable or node/bun config.

[Jarred-Sumner]

Just tried this on a fresh installation of Ubuntu. Bun recognizes certificates from the default certificate store (/etc/ssl/certs/ca-certificates.crt for Ubuntu). No need to set any environment variable or node/bun config.

I don't think this is intentional tbh

[lirc572]

Just tried this on a fresh installation of Ubuntu. Bun recognizes certificates from the default certificate store (/etc/ssl/certs/ca-certificates.crt for Ubuntu). No need to set any environment variable or node/bun config.

I don't think this is intentional tbh

I think using the operating system's certificate store as the default is okay. At least this is what Golang is doing.

It is good to provide an option to update the setting (something like NODE_EXTRA_CA_CERTS).

[mustafamoe]

I just faced the same issue as well.

SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain

[pierre-mike-pge]

Same for me
On a corporate Macbook.

[zwarag]

I also have this issue on a corporate Macbook.

[chvvhbabu]

I've tried NODE_TLS_REJECT_UNAUTHORIZED, as a work around. Bun install succeeded without complaining SELF_SIGNED_CERT_IN_CHAIN, but that didn't download the package properly. This is strange!!!

Any idea when this would be supported or is there a work around?