Self Signed SSL error

[arch1v1st]

On Windows 10, after installing the latest OpenSSL v3, npm run start:https resulted in this error:

node:events:505
      throw er; // Unhandled 'error' event
      ^

Error: RSA PRIVATE KEY not found from openssl output:
---stdout---
-----BEGIN PRIVATE KEY-----
...

Basically the output text from OpenSSL seems to have changed, hence the self signed cert cannot be parsed. A quick hackish fix for this is a one line change to node_modules/pem/lib/pem.js, line 77:

FROM:
openssl.exec(params, 'RSA PRIVATE KEY', function (sslErr, key) {

TO:
openssl.exec(params, 'PRIVATE KEY', function (sslErr, key) {

After that, it starts right up and is useable on my VR Headset now that it has SSL in place for WebXR.
Hopefully this saves someone else some time too! :)

• v1.3
• Windows 10
• OpenSSL v3.05 (Lite) installed from https://slproweb.com/products/Win32OpenSSL.html

[dmarcos]

weird. FWIW It's working for me on macOS (11.4). I haven't installed OpenSSL manually. Using whatever comes with the system.

I don't remember having to install anything on Windows. What made you install OpenSSL v3.05 (Lite)?

[vincentfretin]

I don't know if it can be of any help, I had a similar issue in networked-aframe/naf-janus-adapter#27
with the ssh-keygen command not producing the correct "RSA PRIVATE KEY" on Ubuntu 20.04 (openssh-client 1:8.2p1-4ubuntu0.5) compared to Ubuntu 18.04 (openssh-client 1:7.6p1-4ubuntu0.7) where it was working properly.
To fix it I had to specify the -m pem param to force producing the "RSA PRIVATE KEY" kind instead of the "OPENSSH PRIVATE KEY" kind generated by default in newer ssh-keygen included in the openssh-client package.

[vincentfretin]

pem is a dependency of budo, the live server aframe use with npm run start:https. pem is spawning the openssl command to generate the certificate. You need to see which params it uses to generate the certificate, maybe there is a parameter missing to correctly generate the "RSA PRIVATE KEY" kind.

pem 1.15.0 has a "Support OPENSSL v3.0.0 & more" entry in the changelog
https://github.com/Dexus/pem/blob/master/HISTORY.md

If you remove your package-lock.json node_modules and npm install, or run npm upgrade, to get the latest pem version, does it fix your issue?

[vincentfretin]

The issue is tracked in Dexus/pem#316
it seems that "openssl genrsa ..." is behaving differently on openssl 3.0 which is the default also on Ubuntu 22.04.

[dmarcos]

@vincentfretin Thanks so much for the info. At what level we should fix this? pem?

[vincentfretin]

Yes pem, or remove pem dependency by removing budo and all browserify dependencies replacing it by newer alternatives like webpack or vite. ;-) I don't have an issue on Ubuntu 22.04 with webpack auto-generated certificate to have a https dev server. I have lots of experience with webpack, FYI I completely updated networked-aframe build, tests stack and dev server to latest webpack and karma/chai/sinon, I removed all trace of browserify. If you are interested, I can work on it and create a PR for aframe.

[dmarcos]

Thanks, no plans to replace build system for now. We can perhaps figure out a more surgical solution

[dmarcos]

I see there's a fix for pem but has not made it into a release.

An option would be fork pem apply the fix and override the dependency (just learnt about override)

{
  "overrides": {
    "pem": "url/to/github/fork"
  }
}