request: Error: DEPTH_ZERO_SELF_SIGNED_CERT

I’m using self-signed test certificates in my apache2 server and when I call request I get the following error:

Error: DEPTH_ZERO_SELF_SIGNED_CERT

I’m using the following code below to test it. Notice that I’m also using needle and it works with the rejectUnauthorized=true option. I could not find an equivalent on request (I’ve tried strictSSL=false but I guess that’s the default). I couldn’t find any other samples related do the problem either.

var request = require('request'),
    needle = require('needle');

request('https://127.0.0.1', function (error, response, body) {
  if (!error && response.statusCode == 200) {
    console.log("REQUEST:"+body);
  } else {
    console.error("REQUEST: "+error)
  }
});

needle.get('https://127.0.0.1',{rejectUnauthorized:false},function (error, response, body) {
  if (!error && response.statusCode == 200) {
    console.log("NEEDLE:"+body);
  }
});

About this issue

Original URL
State: closed
Created 11 years ago
Comments: 51 (12 by maintainers)

Commits related to this issue

set strictSSL false default to use couchdb self-signed cert, ref mikeal/request#418 — committed to cutting-room-floor/backbone-couch by mikemorris 10 years ago
Hopefully fixing v0.8.26 on travis. see https://github.com/mikeal/request/issues/418 — committed to mqttjs/MQTT.js by mcollina 10 years ago
Fix for 'DEPTH_ZERO_SELF_SIGNED_CERT' issue, see: https://github.com/mikeal/request/issues/418 — committed to Strongbow-review/fh-fhc by deleted user 11 years ago
Ticket 4088 Upgrade fh-fhc to node 0.10x: Fix for 'DEPTH_ZERO_SELF_SIGNED_CERT' issue, see: https://github.com/mikeal/request/issues/418 — committed to Strongbow-review/fh-fhc by deleted user 11 years ago

Most upvoted comments

rejectUnauthorized: false did not work for me. Instead, adding the following removed the error:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0" // Avoids DEPTH_ZERO_SELF_SIGNED_CERT error for self-signed certs

+65

dankohn on Apr 29, 2013

rejectUnauthorized: false

+13

niftylettuce on Apr 26, 2013

The code you need is:

request({ url : 'https://127.0.0.1', rejectUnhauthorized : false }, function...

Edit: I removed the lame comment that I made, cause, that’s just lame of me…

+11

weisjohn on Sep 24, 2013

add this and it should solve it:

https.globalAgent.options.rejectUnauthorized = false;

mateomarin on Jan 20, 2017

Hey guys,

Thanks to everyone who works on the library. I was trying to use self-signed cert for some testing and get the same error. I’ve included details below. Let me know if you need anything else. I’ve tried all combinations of using strictSSL and rejectUnauthorized but it doesn’t seem to work.

Node version: 0.10.10 OS: Windows 7 x64 OpenSSL: Win32 1.0.1e Cert generated using: openssl genrsa –out priv.pem 1024 openssl req -x509 -new -key priv.pem -days 3650 -out cert.crt

Code for creating server

var https = require('https');
var express = require('express');
var app = express();
var credentials = {
    key: fs.readFileSync(__dirname + '/priv.pem', 'utf8'),
    cert: fs.readFileSync(__dirname + '/cert.crt', 'utf8')
};
var server = https.createServer(credentials, app);
server.listen(3000);

Using request like so:

var request = require('request');
request.defaults({
    strictSSL: false, // allow us to use our self-signed cert for testing
    rejectUnauthorized: false
});
request('https://localhost:3000', function(err) {
    console.error(err); // outputs the zero_depth error
});

jksdua on Aug 21, 2013

process.env.NODE_TLS_REJECT_UNAUTHORIZED = “0”;

Works for restler as well.

jhfoo on Jan 30, 2014

Same problem here. Using node v0.10.1 and latest request version.

alindsay55661 on Mar 22, 2013

For those who wish to understand a principle.

https://nodejs.org/dist/v0.12.9/docs/api/tls.html#tls_tls_connect_options_callback

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "1";
var tls = require('tls');
var fs = require('fs');
var constants = require('constants');
var util = require('util');

var options = {
    host: 'localhost',
    strictSSL: true,
    ca: [fs.readFileSync('trusted1.pem'), fs.readFileSync('trusted2.pem') ],
    rejectUnauthorized: true, // Trust to listed certificates only. Don't trust even google's certificates.
    secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_SSLv2 | constants.SSL_OP_NO_TLSv1 | constants.SSL_OP_NO_TLSv1_1,
    secureProtocol: 'SSLv23_method',
    ciphers: 'ECDHE-RSA-AES128-SHA256'
};

var socket = tls.connect(3001, options, function() {
    console.log('client connected',
        socket.authorized ? 'authorized' : 'unauthorized',
        socket.encrypted ? 'encrypted' : 'unencrypted',
        '\nCipher: ' + util.inspect(socket.getCipher()),
        '\nCert Info: \n' + util.inspect(socket.getPeerCertificate(true)));
    //process.stdin.pipe(socket);
    //process.stdin.resume();
});

Dzenly on Jan 20, 2016