SSL Inspection error:CERT_UNTRUSTED when adding meteor package

SSL Inspection error:CERT_UNTRUSTED when adding meteor package

在工作中,我们在一个 SSL 检查设备的后面,它会放弃与公司根 CA 的所有流量。有没有办法将此证书添加到 Meteor。

当不起诉 meteor 时,我们可以告诉 NPM 我们的 CA 证书在哪里:

npm config set cafile /path/to/cert.pem

有没有办法将证书添加到 Meteor 的受信任列表中?

这里是完整的错误:

$ meteor add twbs:bootstrap
Unable to update package catalog (are you offline?)

If you are using Meteor behind a proxy, set HTTP_PROXY and HTTPS_PROXY
environment variables or see this page for more details:
https://github.com/meteor/meteor/wiki/Using-Meteor-behind-a-proxy

 => Errors while adding packages:             

While downloading twbs:bootstrap@3.3.4...:
error: CERT_UNTRUSTED

Your package catalog may be out of date.      
Please connect to the internet and try again.

并且只是为了证明我已正确配置代理

$ printenv | grep -i proxy
http_proxy=http://gatekeeper-w.<my company>.org:80/
https_proxy=http://gatekeeper-w.<my company>.org:80/
HTTP_PROXY=http://gatekeeper-w.<my company>.org:80/
HTTPS_PROXY=http://gatekeeper-w.<my company>.org:80/

编辑。

我能够在 meteor cli 中打开详细日志记录:

$ meteor add twbs:bootstrap
Opening db file /home/techplex/.meteor/package-metadata/v2.0.1/packages.data.db
In remote catalog refresh
Unable to update package catalog (are you offline?)

If you are using Meteor behind a proxy, set HTTP_PROXY and HTTPS_PROXY environment variables or see this page for more details:  https://github.com/meteor/meteor/wiki/Using-Meteor-behind-a-proxy
Network error: wss://packages.meteor.com/websocket: CERT_UNTRUSTED
Error: Network error: wss://packages.meteor.com/websocket: CERT_UNTRUSTED
    at Object.Future.wait (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/dev_bundle/lib/node_modules/fibers/future.js:398:15)
    at new ServiceConnection (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/service-connection.js:85:17)
    at Object.exports.openServiceConnection (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/auth-client.js:12:10)
    at openPackageServerConnection (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/package-client.js:22:21)
    at _updateServerPackageData (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/package-client.js:151:14)
    at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/package-client.js:130:12
    at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:327:18
    at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
    at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:326:36
    at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
    at Object.enterJob (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:317:26)
    at Object.exports.updateServerPackageData (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/package-client.js:129:23)
    at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/catalog-remote.js:784:36
    at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:327:18
    at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
    at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:326:36
    at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
    at Object.enterJob (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:317:26)
    at [object Object]._.extend.refresh (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/catalog-remote.js:783:18)
    at Object.catalog.refreshOrWarn (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/catalog.js:48:22)
    at [object Object].catalog.Refresh.OnceAtStart.beforeCommand (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/catalog.js:21:16)
    at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/main.js:1359:32
    at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:327:18
    at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
    at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:326:36
    at [object Object]._.extend.withValue (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/fiber-helpers.js:115:14)
    at Object.enterJob (/home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/buildmessage.js:317:26)
    at /home/techplex/.meteor/packages/meteor-tool/.1.1.3.4sddkj++os.linux.x86_64+web.browser+web.cordova/mt-os.linux.x86_64/tools/main.js:1358:20
    - - - - -
    at packages/ddp/stream_client_nodejs.js:178:1
    at packages/ddp/stream_client_nodejs.js:168:1
    at runWithEnvironment (packages/meteor/dynamics_nodejs.js:108:1)

Failed to update package catalog, but will continue.
Local package version is up-to-date: autopublish@1.0.3
Local package version is up-to-date: autoupdate@1.2.1
Local package version is up-to-date: base64@1.0.3
Local package version is up-to-date: binary-heap@1.0.3
Local package version is up-to-date: blaze@2.1.2
Local package version is up-to-date: blaze-tools@1.0.3
Local package version is up-to-date: boilerplate-generator@1.0.3
Local package version is up-to-date: callback-hook@1.0.3
Local package version is up-to-date: check@1.0.5
Local package version is up-to-date: ddp@1.1.0
Local package version is up-to-date: deps@1.0.7
Local package version is up-to-date: ejson@1.0.6
Local package version is up-to-date: fastclick@1.0.3
Local package version is up-to-date: geojson-utils@1.0.3
Local package version is up-to-date: html-tools@1.0.4
Local package version is up-to-date: htmljs@1.0.4
Local package version is up-to-date: http@1.1.0
Local package version is up-to-date: id-map@1.0.3
Local package version is up-to-date: insecure@1.0.3
Local package version is up-to-date: jquery@1.11.3_2
Local package version is up-to-date: json@1.0.3
Local package version is up-to-date: launch-screen@1.0.2
Local package version is up-to-date: livedata@1.0.13
Local package version is up-to-date: logging@1.0.7
Local package version is up-to-date: meteor@1.1.6
Local package version is up-to-date: meteor-platform@1.2.2
Local package version is up-to-date: minifiers@1.1.5
Local package version is up-to-date: minimongo@1.0.8
Local package version is up-to-date: mobile-status-bar@1.0.3
Local package version is up-to-date: mongo@1.1.0
Local package version is up-to-date: observe-sequence@1.0.6
Local package version is up-to-date: ordered-dict@1.0.3
Local package version is up-to-date: random@1.0.3
Local package version is up-to-date: reactive-dict@1.1.0
Local package version is up-to-date: reactive-var@1.0.5
Local package version is up-to-date: reload@1.1.3
Local package version is up-to-date: retry@1.0.3
Local package version is up-to-date: routepolicy@1.0.5
Local package version is up-to-date: session@1.1.0
Local package version is up-to-date: spacebars@1.0.6
Local package version is up-to-date: spacebars-compiler@1.0.6
Local package version is up-to-date: templating@1.1.1
Local package version is up-to-date: tracker@1.0.7
Local package version is up-to-date: ui@1.0.6 
Local package version is up-to-date: underscore@1.0.3
Local package version is up-to-date: url@1.0.4
Local package version is up-to-date: webapp@1.2.0
Local package version is up-to-date: webapp-hashing@1.0.3
Downloading missing local versions of package twbs:bootstrap@3.3.4 : [ 'os.linux.x86_64' ]
Doing HTTP request:  GET https://warehouse.meteor.com/builds/es6a7rEJcykSMuMXC/1426521397384/JrJdwdpCXA/twbs:bootstrap-3.3.4-os+web.browser+web.cordova.tgz
 => Errors while adding packages:             

While downloading twbs:bootstrap@3.3.4...:
error: CERT_UNTRUSTED

Your package catalog may be out of date.      
Please connect to the internet and try again.

根据@Michael Mason 的建议,我能够为 Meteor 开发一个补丁,允许在 SSL Inspection 代理后面运行。

补丁增加了对 CAFILE 环境变量的支持,其工作方式与 NPM 接受额外根证书的方式非常相似。

只需将 export CAFILE=/path/to/root/cert.crt 添加到您的 .bashrc,然后注销并重新登录。

我希望这对其他人有帮助。

您可以在此处查看合并请求的完整内容: https://github.com/meteor/meteor/pull/5523