Information in this post is accurate as of 30/06/2020
This is my first post in quite a while, please feel free to let me know if I've made any mistakes or something doesn't read quite right :)
Introduction
After seeing quite a lot of posts / news about deno I thought I'd give it a try. I'm already quite familar with NodeJS / Typescript so I was excited about the built in Typescript support, but alas I was stumped right from the welcome example :sigh:
The Problem
I executed the example command deno run https://deno.land/std/examples/welcome.ts
hoping to see Welcome to Deno 🦕
but instead I was greated with this fine error:
error: error sending request for url (https://deno.land/std/examples/welcome.ts): error trying to connect: tcp connect error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. (os error 10060)
The Solution
After a few seconds of pondering I remembered I'm behind a corporate proxy, I dug around the Deno manual and found the page on proxies. Amazing I thought, Deno supports the HTTP_PROXY
and HTTPS_PROXY
environment variables just like NodeJS! So it set them, and executed the welcome command again.
The Problem part 2.
error: error sending request for url (https://deno.land/std/examples/welcome.ts): error trying to connect: invalid certificate: UnknownIssuer
huh, another error... Looks like there is a certifiacte in the chain that isn't signed by a known certificate authority (issuer)
The Solution part 2
After some googling and GitHub issue searching, I concluded the following:
- I'm behind a corporate proxy that snoops on HTTPS traffic using a custom certificate that is stored in Windows
- Deno doesn't read certificate authrotiies from the OS.
- Deno relies on rustls for TLS/SSL connections, which in turn relies on webpki which has its own certificate store.
- the
deno run
command accepts a--cert
flag, with a path to the certificate(s) in PEM format (E.Gdeno run --cert C:/corporateCerts.pem https://deno.land/std/examples/welcome.ts
(This flag isn't in the Deno manual (I'm looking to change that)).
After adding in the --cert
flag, and executing again, I got the welcome message Welcome to Deno 🦕
!
Hope you enjoyed the read :)
TL;DR
- Set
HTTP_PROXY
andHTTPS_PROXY
to your proxy address - if your corporate proxy snoops on HTTPS traffic you'll need to export the certificate it uses in PEM format and put it somewhere safe
- Use
deno run
with the--cert
flag set to the path to the exported PEM file (E.Gdeno run --cert C:/corporateCerts.pem https://deno.land/std/examples/welcome.ts
)
Top comments (0)