Skip to content

fix: bind-mount greyproxy CA cert for Node.js MITM support#50

Merged
tito merged 1 commit intoGreyhavenHQ:mainfrom
apre:fix-mitm-certificate
Mar 24, 2026
Merged

fix: bind-mount greyproxy CA cert for Node.js MITM support#50
tito merged 1 commit intoGreyhavenHQ:mainfrom
apre:fix-mitm-certificate

Conversation

@apre
Copy link
Copy Markdown
Contributor

@apre apre commented Mar 23, 2026

Summary

  • Bind-mounts the greyproxy CA certificate into the sandbox and sets NODE_EXTRA_CA_CERTS so Node.js processes trust the proxy CA
  • Fixes the greyproxy conversation tab not working on Linux Mint 22.2 (Zara), where Node.js ignores the OS CA bundle and rejects greyproxy's MITM certificate

Disclaimer

This change was entirely generated by Claude Code. I haven't fully reviewed or understood the implementation details — please review carefully.

Test plan

  • Verify greyproxy conversation tab works on Linux with the fix applied
  • Verify no regression on macOS
  • Run make test

🤖 Generated with Claude Code

@apre @claude
fix: bind-mount greyproxy CA cert and set NODE_EXTRA_CA_CERTS in sandbox
1d5f916 
Node.js uses its own compiled-in CA bundle and ignores the OS keychain,
causing TLS failures when greyproxy performs MITM interception. This
bind-mounts the greyproxy CA certificate into the sandbox and exports
NODE_EXTRA_CA_CERTS so Node.js apps trust the proxy CA.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@apre apre marked this pull request as ready for review March 23, 2026 12:16
@tito
Copy link
Copy Markdown
Contributor

tito commented Mar 24, 2026

Thank you for your contribution !

@tito tito merged commit b976e86 into GreyhavenHQ:main Mar 24, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@apre @tito