fix: remove basicConstraints extension from certificate

[akx]

This fixes TLS on Chromium Linux (see #2313).

Based on #2313 (comment) – thanks to @gigafied for the fix!

fixes #2313

• This is a bugfix
• This is a feature
• This is a code refactor
• This is a test update
• This is a docs update
• This is a metadata update

For Bugs and Features; did you add new tests?

No tests – I did give it a spin on Linux Chromium (via Docker and Xquartz, which is why it's shown with macOS window decoration here). As discussed in #2313, we now only get ERR_CERT_AUTHORITY_INVALID, which is skippable.

Motivation / Use-Case

Restores TLS functionality on Linux Chromium.

Breaking Changes

This should not break anything, though I don't have macOS Catalina (see #2274) to test with.

[jsf-clabot]

All committers have signed the CLA.

[codecov]

Codecov Report

Merging #2330 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master    #2330   +/-   ##
=======================================
  Coverage   93.95%   93.95%           
=======================================
  Files          34       34           
  Lines        1291     1291           
  Branches      368      368           
=======================================
  Hits         1213     1213           
  Misses         77       77           
  Partials        1        1

Impacted Files	Coverage Δ
lib/utils/createCertificate.js	100% <ø> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8f89c01...d8161b9. Read the comment docs.

[alexander-akait]

I am afraid it is can break https in other browsers, we should test this on chrome/firefox/safari, anyway thanks for PR

[akx]

I am afraid it is can break https in other browsers, we should test this on chrome/firefox/safari, anyway thanks for PR

Sorry! I forgot to mention I did test it on Chrome on macOS too, and it works:

Let me just fire up (heh) Firefox real quick... yep, it works 😄

Mojave Safari is also fine with it:

[alexander-akait]

@akx thanks for PR, i will look on this in near future and do more tests 👍

[alexander-akait]

@akx good test 👍

Works fine with chrome and firefox on linux

Somebody can test this on windows?

/cc @Loonride @hiroppy

[hiroppy]

@evilebottnawi do you know the reason? I have only Mac...

[alexander-akait]

@hiroppy can you try to remove extKeyUsage (maybe we should do revert) and check it

[alexander-akait]

To be honestly i afraid removing basicConstraints because it can break certificates for old browsers

[hiroppy]

I think it might be better to change the targeted branch from master to next.

[alexander-akait]

@hiroppy right now https is broken for chrome on linux, it should be not next, it is bug and we need fix it

[hiroppy]

I'm not sure this change's inpact. Anyway someone can check this change on Windows?

[alexander-akait]

@hiroppy i think we should open issue in chrome bug tracker, because some options works on macos chrome but doesn't on linux chrome and versa vice, for me it is very strange behavior and we need more information from developers why it is happens