Open
Description
I recently installed nvm on a new server that did not have the Thawte root certificate used by nodejs.org configured as a trusted root certificate in OpenSSL. The AddTrust root certificate used by iojs.org was configured as a trusted root cert. The result of this was that when I ran nvm ls-remote
it only displayed iojs versions with no other output. This was very confusing as there was no indication that the requests to nodejs.org were failing.
Metadata
Metadata
Assignees
Labels
Type
Projects
Milestone
Relationships
Development
No branches or pull requests
Activity
ljharb commentedon Feb 21, 2015
You're not the first person to have the problem but you did figure out the reason at least :-)
Duplicate of #667, #638, #653; related to #669.
If you have a suggestion of how I could supply a better error message in that case, I'd love to do it - however, it would need to work well with both
curl
andwget
. Thoughts?jasonbekolay commentedon Feb 21, 2015
I've got a WIP going: jasonbekolay@f7caa33
It's a pain to test though. Does it looks reasonable so far?
ljharb commentedon Feb 22, 2015
@jasonbekolay Thanks! I don't know much about using file descriptor 3, so I'd want to learn more about how it works and its portability before merging it. We'd also need to ensure that it works on all supported shells, of course.
The change looks good. I'm definitely not sure how to test it, though, unless we can find an SSL host to set the mirror to that will consistently trigger a similar SSL error regardless of the host's CA certificates.
jasonbekolay commentedon Feb 23, 2015
I think use of file descriptor 3 is fine, but I haven't used it enough in the past to know of any common pitfalls/conflicts that can arise. Off the top of my head, since nvm is run as a function rather than an independent shell script (ie no subshell), there might be a problem if a script that calls nvm also uses file descriptor 3 for another purpose. That could be mitigated by wrapping those few lines in a subshell.
Rather than using file descriptor 3, we could send wget's standard error to a temporary file and clean it up after. To do that I would use the
mktemp
command which I believe is available on most unix-like systems. If you would prefer that approach, I can make that change pretty quickly.I will test with the supported shells next chance I get.
ljharb commentedon Feb 23, 2015
I'd definitely prefer the subshell to a temp file, since
nvm
can operate in multiple shells simultaneously.