Skip to content

Upgrade attohttpc and use native root certificates#1375

Merged
chriskrycho merged 1 commit intovolta-cli:mainfrom
charlespierce:attohttpc_update
Nov 7, 2022
Merged

Upgrade attohttpc and use native root certificates#1375
chriskrycho merged 1 commit intovolta-cli:mainfrom
charlespierce:attohttpc_update

Conversation

@charlespierce
Copy link
Copy Markdown
Contributor

@charlespierce charlespierce commented Nov 6, 2022

Closes #1364

Info

  • Prior to version 0.24.0, when using the tls-rustls feature flag, attohttpc would use WebPKI root certificates instead of the native certificate store for the appropriate system.
  • As a result, when we switched in Volta 1.1.0 to use rustls instead of native-tls, we regressed in our certificate handling, causing issues with corporate proxies.
  • In version 0.24.0, attohttpc added the ability to use native root certificates with rustls via the rustls-native-certs crate.
  • This allows the root certificate finding to match that of the native-tls implementation.

Changes

  • Updated our imports of attohttpc to use version 0.24 and activate the tls-rustls-native-roots feature flag, to ensure that we are using the expected certificate stores for our network connections.

Tested

  • I don't have an easy way to test the native certificates themselves, however I did run the smoke tests locally to ensure that our connections continue to work in the public case.
  • Will likely need to confirm with the original issue reporter to verify that this change resolves the issue (once it's released).

@chriskrycho chriskrycho merged commit 693aefd into volta-cli:main Nov 7, 2022
@Purexo
Copy link
Copy Markdown

Purexo commented Nov 8, 2022

Hello, I just seen this PR. I will take time tomorrow to test it.

Because I originally done this one #1365

I can't wait to have native ssl store support in this tool, with this, I will migrate with my teams from nvm-windows to volta at the next release !

@Purexo
Copy link
Copy Markdown

Purexo commented Nov 9, 2022

Seems OK, after full uninstall volta (from windows params + remove appdata volta folder and program files volta folder) and

git pull upstream main
cargo wix --nocapture --package volta --output target\wix\volta-windows.msi

Then run the msi

my node / npm commands is working perfectly from volta proxy, with the installation of rights versions of node and npm from package.json volta key.

Yes i'm behind a MITM Proxy enterprise so the CA certs needs to be loaded from the native ssl store.

@charlespierce, can I ask when is plan the next release ?

@Purexo Purexo mentioned this pull request Nov 9, 2022
Closed
@Purexo Purexo mentioned this pull request Dec 2, 2022
Closed
This was referenced Jan 24, 2023
Closed
Closed
@charlespierce charlespierce deleted the attohttpc_update branch April 4, 2023 22:24
@techmatt101 techmatt101 mentioned this pull request Oct 10, 2023
Open
@snicker snicker mentioned this pull request Sep 17, 2024
Closed
@dryprogrammer
Copy link
Copy Markdown

dryprogrammer commented Sep 3, 2025

This breaks in macOS 12.7.6 with error: "Error cause: Io Error: The Trust Settings Record was corrupted." hooks.json mirror will not help.
Unfortunately, GPT recommends "Reset Default Keychains" catastrophically - to anyone seeing this, don't do that.
Solved by downgrading to volta version 1.1.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chriskrycho chriskrycho chriskrycho approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

volta not respecting system SSL/TLS certificate settings on macOS

4 participants

@charlespierce @Purexo @dryprogrammer @chriskrycho