loading...
Cover image for Deno and the corporate proxy

Deno and the corporate proxy

jacobgc profile image Jacob Gee-Clarke ・2 min read

Information in this post is accurate as of 30/06/2020

This is my first post in quite a while, please feel free to let me know if I've made any mistakes or something doesn't read quite right :)

Introduction

After seeing quite a lot of posts / news about deno I thought I'd give it a try. I'm already quite familar with NodeJS / Typescript so I was excited about the built in Typescript support, but alas I was stumped right from the welcome example :sigh:

The Problem

I executed the example command deno run https://deno.land/std/examples/welcome.ts hoping to see Welcome to Deno 🦕 but instead I was greated with this fine error:

error: error sending request for url (https://deno.land/std/examples/welcome.ts): error trying to connect: tcp connect error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (os error 10060)

The Solution

After a few seconds of pondering I remembered I'm behind a corporate proxy, I dug around the Deno manual and found the page on proxies. Amazing I thought, Deno supports the HTTP_PROXY and HTTPS_PROXY environment variables just like NodeJS! So it set them, and executed the welcome command again.

The Problem part 2.

error: error sending request for url (https://deno.land/std/examples/welcome.ts): error trying to connect: invalid certificate: UnknownIssuer

Shocked / Slightly annoyed glance

huh, another error... Looks like there is a certifiacte in the chain that isn't signed by a known certificate authority (issuer)

The Solution part 2

After some googling and GitHub issue searching, I concluded the following:

  1. I'm behind a corporate proxy that snoops on HTTPS traffic using a custom certificate that is stored in Windows
  2. Deno doesn't read certificate authrotiies from the OS.
  3. Deno relies on rustls for TLS/SSL connections, which in turn relies on webpki which has its own certificate store.
  4. the deno run command accepts a --cert flag, with a path to the certificate(s) in PEM format (E.G deno run --cert C:/corporateCerts.pem https://deno.land/std/examples/welcome.ts(This flag isn't in the Deno manual (I'm looking to change that)).

After adding in the --cert flag, and executing again, I got the welcome message Welcome to Deno 🦕!

Hope you enjoyed the read :)

TL;DR

  1. Set HTTP_PROXY and HTTPS_PROXY to your proxy address
  2. if your corporate proxy snoops on HTTPS traffic you'll need to export the certificate it uses in PEM format and put it somewhere safe
  3. Use deno run with the --cert flag set to the path to the exported PEM file (E.G deno run --cert C:/corporateCerts.pem https://deno.land/std/examples/welcome.ts)

Posted on Jun 30 by:

jacobgc profile

Jacob Gee-Clarke

@jacobgc

Apprentice Software Engineer looking to expand my knowldege in new and emerging technology!

Discussion

markdown guide