berry: [Bug] 'unable to get local issuer certificate' - Config options for 'strict-ssl' and 'cafile' missing from Berry?

Describe the bug

Previously, there was an option to force SSL and set a CA file. Looking at the config options for Berry, this is no longer the case. We don’t use a proxy to access the internet, but rather a signed certificate that acts as a MiTM for our traffic. I’m getting my team to just start to work with Yarn and I’d like us to migrate to the latest version. However, without the ability to set these options like with npm and yarn v1, i get the ‘unable to get local issuer certificate’ error and so I’ve been forced to uninstall Berry and go back to Yarn v1.21.1.

To Reproduce

Not sure how to reproduce this outside of our internal network. These options are just missing from Berry.

Screenshots Running the npx @yarnpkg/doctor command from the migration guide gives me this: image

Environment if relevant (please complete the following information):

  • OS: Windows
  • Node version 12.6.0
  • Yarn version 2.0.0-rc.27

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 16
  • Comments: 34 (15 by maintainers)

Most upvoted comments

I just opened a PR at #1934 which should address this.

You can test it before it gets merged with yarn set version from sources --branch 1934

Add to .yarnrc.yml:

  • caFilePath: <path to CA .pem file) to supply a custom CA
  • or enableStrictSsl: false to disable cert errors.

Let’s discuss about binjumper in https://github.com/yarnpkg/berry/issues/1938 👍

Thanks @andreialecu for implementing this much requested feature! 🎉

We already support environment variables in the Yarnrc, so you should be able to just use $HOME (cf the doc for the exact syntax).

@jamador-usgs in general you could use NODE_TLS_REJECT_UNAUTHORIZED=0 in front of yarn command, for example NODE_TLS_REJECT_UNAUTHORIZED=0 yarn plugin import interactive-tools, or you could just export variable to Node’s ENV. I think it should work for the most of node-based cli packages