NodeJS bundled SSL root CA cert for AddTrust expired 30th May 2020 (breaks VSTS agent for us) #2993
Comments
|
This has been fixed (subject to proving I guess) up-stream at NodeJS. They also have provided details on building NodeJS with an externally provided CA root. |
|
Temporary and quite insecure fix: |
|
This issue has had no activity in 180 days. Please comment if it is not actually stale |
|
@anatolybolshakov Could you please get someone to pull look into this and determine whether the upstream Node fix has backported to the version of Node 10 that is currently rolling out with agent 2.179.0? |
@mjroghelia I don't think so:
But I can confirm that things are working for us with Agent v2.153.2 so... ¯\_(ツ)_/¯ |
|
Hi @LucaBlackDragon yes, you're right - it doesn't seem to be backported to v10.23.0 (according to the discussion also) |
|
This issue has had no activity in 180 days. Please comment if it is not actually stale |
I'm raising this issue to make you aware of an issue I've raised with NodeJS - as it affects Azure DevOps heavily (for us, and I expect other users too).
Since the 30th May 2020 we've had several VSTS/DevOps agent plugins break - usually reporting errors to do with SSL certificates having expired.
If I understand correctly, the Azure DevOps agent installs a bundled NodeJS runtime - which is heavily used by both the agent itself and all installed plugins (like, notably in our case, the SonarQube plugin - which I've raised an issue on too).
NodeJS appears to be shipping an expired CA root certificate for AddTrust based SSL certificates - causing all our build pipelines to start failing (due to our reliance on connectivity with services secured by such SSL certs).
Hoping this can be fixed quickly by upstream NodeJS - and then pushed by Microsoft with an updated DevOps agent?
The text was updated successfully, but these errors were encountered: